From 1144c0cea7118c6df0354edbf1fe4c0038e8ba5d Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Wed, 14 Aug 2024 09:52:18 -0700 Subject: [PATCH] [OAS][DOCS] Temporarily omit security APIs from docs (#190467) --- oas_docs/README.md | 9 +- oas_docs/makefile | 13 +- oas_docs/output/kibana.serverless.yaml | 28127 +++---------- oas_docs/output/kibana.yaml | 32661 ++++------------ oas_docs/overlays/kibana.overlays.yaml | 8 +- oas_docs/scripts/merge_ess_oas.js | 6 - oas_docs/scripts/merge_ess_oas_staging.js | 39 + oas_docs/scripts/merge_serverless_oas.js | 8 +- .../scripts/merge_serverless_oas_staging.js | 39 + 9 files changed, 12979 insertions(+), 47931 deletions(-) create mode 100644 oas_docs/scripts/merge_ess_oas_staging.js create mode 100644 oas_docs/scripts/merge_serverless_oas_staging.js diff --git a/oas_docs/README.md b/oas_docs/README.md index 2e11c838241a93..f5317ed0848936 100644 --- a/oas_docs/README.md +++ b/oas_docs/README.md @@ -1,8 +1,9 @@ The `bundle.json` and `bundle.serverless.json` files are generated automatically. See `node scripts/capture_oas_snapshot --help` for more info. -The `output/kibana.serverless.yaml` file is a temporary OpenAPI document created by joining some manually-maintained files. -To create it and lint it, run `make api-docs` or `make api-docs-serverless` and `make api-docs-lint` or `make api-docs-lint-serverless`. +The `output/kibana.serverless.yaml` and `output/kibana.yaml` files join some manually-maintained files with the automatically generated files. +To add integrate more files into this bundle, edit the appropriate `oas_docs/scripts/merge*.js` files. +To generate the bundled files, run `make api-docs` (or `make api-docs-serverless` and `make api-docs-stateful`). +To lint them, run `make api-docs-lint` (or `make api-docs-lint-serverless` and `make api-lint-stateful`). -The `output/kibana.yaml` file is a temporary OpenAPI document created by joining some manually-maintained files. -To create it and lint it, run `make api-docs` or `make api-docs-stateful` and `make api-docs-lint` or `make api-docs-lint-stateful`. \ No newline at end of file +To apply some overlays that perform some post-processing and append some content, run `make api-docs-overlay`. \ No newline at end of file diff --git a/oas_docs/makefile b/oas_docs/makefile index 6e300734cdd17b..673e46c546a80c 100644 --- a/oas_docs/makefile +++ b/oas_docs/makefile @@ -18,19 +18,18 @@ api-docs: ## Generate Serverless and ESS Kibana OpenAPI bundles with kbn-openapi @node scripts/merge_serverless_oas.js @node scripts/merge_ess_oas.js -.PHONY: api-docs-redocly -api-docs-redocly: ## Generate kibana.serverless.yaml and kibana.yaml with Redocly CLI - @npx @redocly/cli join "kibana.info.serverless.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml" "../packages/core/saved-objects/docs/openapi/bundled_serverless.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.serverless.json" -o "output/kibana.serverless.yaml" --prefix-components-with-info-prop title - @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title +.PHONY: api-docs-staging +api-docs-staging: ## Generate Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler + @node scripts/merge_serverless_oas_staging.js + @node scripts/merge_ess_oas_staging.js .PHONY: api-docs-stateful api-docs-stateful: ## Generate only kibana.yaml - @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title -# Temporarily omit "../x-pack/plugins/fleet/common/openapi/bundled.yaml" due to internals tag and tag sorting + @node scripts/merge_ess_oas.js .PHONY: api-docs-serverless api-docs-serverless: ## Generate only kibana.serverless.yaml - @npx @redocly/cli join "kibana.info.serverless.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml" "../packages/core/saved-objects/docs/openapi/bundled_serverless.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.serverless.json" -o "output/kibana.serverless.yaml" --prefix-components-with-info-prop title + @node scripts/merge_serverless_oas.js .PHONY: api-docs-lint api-docs-lint: ## Run spectral API docs linter diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 0626823f8739ad..e516603dfe2406 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -3,18 +3,26 @@ info: contact: name: Kibana Team description: > - The Kibana REST APIs enable you to manage resources such as connectors, data - views, and saved objects. + **Technical preview** - The API calls are stateless. + This functionality is in technical preview and may be changed or removed in + a future release. - Each request that you make happens in isolation from other calls and must - include all of the necessary information for Kibana to fulfill the + Elastic will work to fix any issues, but features in technical preview are + not subject to the support SLA of official GA features. - request. - API requests return JSON output, which is a format that is machine-readable - and works well for automation. + The Kibana REST APIs for Elastic serverless enable you to manage resources + + such as connectors, data views, and saved objects. The API calls are + + stateless. Each request that you make happens in isolation from other calls + + and must include all of the necessary information for Kibana to fulfill the + + request. API requests return JSON output, which is a format that is + + machine-readable and works well for automation. To interact with Kibana APIs, use the following operations: @@ -22,8 +30,6 @@ info: - GET: Fetches the information. - - PATCH: Applies partial modifications to the existing information. - - POST: Adds new information. - PUT: Updates the existing information. @@ -32,9 +38,8 @@ info: You can prepend any Kibana API endpoint with `kbn:` and run the request in - **Dev Tools → Console**. - For example: + **Dev Tools → Console**. For example: ``` @@ -42,20 +47,30 @@ info: GET kbn:/api/data_views ``` - - - For more information about the console, refer to [Run API - requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html). license: name: Elastic License 2.0 url: 'https://www.elastic.co/licensing/elastic-license' - title: Kibana APIs + title: Kibana Serverless APIs version: 1.0.2 servers: + - url: 'http://{kibana_host}:{port}' + variables: + kibana_host: + default: localhost + port: + default: '5601' + - url: 'http://localhost:5622' + - url: 'https://{kibanaUrl}' + variables: + kibanaUrl: + default: 'localhost:5601' - url: 'https://{kibana_url}' variables: kibana_url: default: 'localhost:5601' + - url: / + - description: local + url: 'http://localhost:5601' paths: /api/actions/connector: post: @@ -479,255 +494,6 @@ paths: summary: Search for annotations tags: - APM annotations - /api/asset_criticality: - delete: - operationId: DeleteAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField - - description: If 'wait_for' the request will wait for the index refresh. - in: query - name: refresh - required: false - schema: - enum: - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - description: >- - If the record was deleted. If false the record did not - exist. - type: boolean - record: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - required: - - deleted - description: Successful response - '400': - description: Invalid request - summary: Delete Criticality Record - tags: - - Security Solution Entity Analytics API - get: - operationId: GetAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - '404': - description: Criticality record not found - summary: Get Criticality Record - tags: - - Security Solution Entity Analytics API - post: - operationId: CreateAssetCriticalityRecord - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. - enum: - - wait_for - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - summary: Create Criticality Record - tags: - - Security Solution Entity Analytics API - /api/asset_criticality/bulk: - post: - operationId: BulkUpsertAssetCriticalityRecords - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 - type: object - properties: - records: - items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord - maxItems: 1000 - minItems: 1 - type: array - required: - - records - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem - type: array - stats: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats - required: - - errors - - stats - description: Bulk upload successful - '413': - description: File too large - summary: >- - Bulk upsert asset criticality data, creating or updating records as - needed - tags: - - Security Solution Entity Analytics API - /api/asset_criticality/list: - post: - operationId: FindAssetCriticalityRecords - parameters: - - description: The field to sort by. - in: query - name: sort_field - required: false - schema: - enum: - - id_value - - id_field - - criticality_level - - \@timestamp - type: string - - description: The order to sort by. - in: query - name: sort_direction - required: false - schema: - enum: - - asc - - desc - type: string - - description: The page number to return. - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of records to return per page. - in: query - name: per_page - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: The kuery to filter by. - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Bulk upload successful - summary: 'List asset criticality data, filtering and sorting as needed' - tags: - - Security Solution Entity Analytics API /api/data_views: get: operationId: getAllDataViewsDefault @@ -1252,23134 +1018,6398 @@ paths: summary: Preview a saved object reference swap tags: - data views - /api/detection_engine/privileges: + /api/ml/saved_objects/sync: get: description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - - space and index privileges, which determine if the user can create an - - index for the Elastic Security alerts generated by - - detection engine rules. - operationId: ReadPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Returns user privileges for the Kibana space - tags: - - Security Solution Detections API - - Privileges API - /api/detection_engine/rules: - delete: - description: Delete a detection rule using the `rule_id` or `id` field. - operationId: DeleteRule - parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Delete a detection rule - tags: - - Security Solution Detections API - - Rules API - get: - description: Retrieve a detection rule using the `rule_id` or `id` field. - operationId: ReadRule + Synchronizes Kibana saved objects for machine learning jobs and trained + models. This API runs automatically when you start Kibana and + periodically thereafter. + operationId: mlSync parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Retrieve a detection rule - tags: - - Security Solution Detections API - - Rules API - patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. - operationId: PatchRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePatchProps - required: true - responses: - '200': + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Patch a detection rule + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync machine learning saved objects tags: - - Security Solution Detections API - - Rules API + - ml + /api/saved_objects/_export: post: - description: Create a new detection rule. - operationId: CreateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Create a detection rule - tags: - - Security Solution Detections API - - Rules API - put: description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + - > info + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. - > You cannot modify the `id` or `rule_id` values. - operationId: UpdateRule + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleUpdateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + examples: + exportSavedObjectsRequest: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Update a detection rule - tags: - - Security Solution Detections API - - Rules API - /api/detection_engine/rules/_bulk_action: - post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. - operationId: PerformRulesBulkAction - parameters: - - description: Enables dry run mode for the request call. - in: query - name: dry_run - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDeleteRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDisableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEnableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkManualRuleRun - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditRules - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportActionResponse - description: OK - summary: Apply a bulk action to detection rules - tags: - - Security Solution Detections API - - Bulk API - /api/detection_engine/rules/_export: - post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - - - Actions - - - Exception lists - - > info - - > You cannot export prebuilt rules. - operationId: ExportRules - parameters: - - description: Determines whether a summary of the exported rules is returned. - in: query - name: exclude_export_details - required: false - schema: - default: false - type: boolean - - description: File name for saving the exported rules. - in: query - name: file_name - required: false - schema: - default: export.ndjson - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + #/components/examples/Serverless_saved_objects_export_objects_request schema: - nullable: true type: object properties: - objects: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. items: type: object - properties: - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - required: - - rule_id type: array - required: - - objects - required: false + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_response schema: - description: An `.ndjson` file containing the returned rules. - format: binary - type: string + additionalProperties: true + type: object description: Indicates a successful call. - summary: Export detection rules - tags: - - Security Solution Detections API - - Import/Export API - /api/detection_engine/rules/_find: - get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. - operationId: FindRules - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_FindRulesSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Rules per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - summary: List all detection rules + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Export saved objects tags: - - Security Solution Detections API - - Rules API - /api/detection_engine/rules/_import: + - saved objects + /api/saved_objects/_import: post: description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. - - The `Content-Type: multipart/form-data` HTTP header. - - A link to the `.ndjson` file containing the rules. - operationId: ImportRules + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault parameters: - - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. in: query - name: overwrite_exceptions + name: createNewCopies required: false schema: - default: false type: boolean - - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. in: query - name: overwrite_action_connectors + name: overwrite required: false schema: - default: false type: boolean - - description: Generates a new list ID for each imported exception list. + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. in: query - name: as_new_list + name: compatibilityMode required: false schema: - default: false type: boolean requestBody: content: multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_request schema: type: object properties: file: - description: The `.ndjson` file containing the rules. - format: binary - type: string + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_response schema: - additionalProperties: false type: object properties: - action_connectors_errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema - type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_WarningSchema - type: array errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema - type: array - exceptions_errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + type: object type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. type: boolean - success_count: - minimum: 0 + successCount: + description: Indicates the number of successfully imported records. type: integer - required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array description: Indicates a successful call. - summary: Import detection rules - tags: - - Security Solution Detections API - - Import/Export API - '/api/detection_engine/rules/{id}/exceptions': - post: - operationId: CreateRuleExceptionListItems - parameters: - - description: Detection rule's identifier - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_RuleId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps - type: array - required: - - items - description: Rule exception list items - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - type: array - description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + /api/status: + get: + operationId: /api/status#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates rule exception list items + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status tags: - - Security Solution Exceptions API - /api/detection_engine/rules/preview: - post: - operationId: RulePreview - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - discriminator: - propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied - required: true + - system + '/s/{spaceId}/api/observability/slos': + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: 'The page to use for pagination, must be greater or equal than 1' + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - isAborted: - type: boolean - logs: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewLogs - type: array - previewId: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - required: - - logs - description: Successful response + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Preview rule alerts generated on specified time range - tags: - - Security Solution Detections API - - Rule preview API - /api/detection_engine/signals/assignees: - post: - description: | - Assign users to detection alerts, and unassign them from alerts. - > info - > You cannot add and remove the same assignee in the same request. - operationId: SetAlertAssignees - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - assignees: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertAssignees - description: Details about the assignees to assign and unassign. - ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds - description: List of alerts ids to assign and unassign passed assignees. - required: - - assignees - - ids - required: true - responses: - '200': - description: Indicates a successful call. - '400': - description: Invalid request. - summary: Assign and unassign users from detection alerts + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs tags: - - Security Solution Detections API - /api/detection_engine/signals/search: + - slo post: - description: Find and/or aggregate detection alerts that match the given query. - operationId: SearchAlerts + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: Elasticsearch query and aggregation request - type: object - properties: - _source: - oneOf: - - type: boolean - - type: string - - items: - type: string - type: array - aggs: - additionalProperties: true - type: object - fields: - items: - type: string - type: array - query: - additionalProperties: true - type: object - runtime_mappings: - additionalProperties: true - type: object - size: - minimum: 0 - type: integer - sort: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSort - track_total_hits: - type: boolean - description: Search and/or aggregation query + $ref: '#/components/schemas/SLOs_create_slo_request' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - description: Elasticsearch search response - type: object - description: Successful response + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Find and/or aggregate detection alerts + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + servers: + - url: 'https://localhost:5601' + summary: Create an SLO tags: - - Security Solution Detections API - - Alerts API - /api/detection_engine/signals/status: + - slo + '/s/{spaceId}/api/observability/slos/_delete_instances': post: - description: Set the status of one or more detection alerts. - operationId: SetAlertsStatus + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' required: true responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response + '204': + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Set a detection alert status + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + servers: + - url: 'https://localhost:5601' + summary: Batch delete rollup and summary data tags: - - Security Solution Detections API - - Alerts API - /api/detection_engine/signals/tags: - post: - description: | - And tags to detection alerts, and remove them from alerts. - > info - > You cannot add and remove the same alert tag in the same request. - operationId: SetAlertTags - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertTags - required: - - ids - - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied - required: true + - slo + '/s/{spaceId}/api/observability/slos/{sloId}': + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response + '204': + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Add and remove detection alert tags - tags: - - Security Solution Detections API - - Alerts API - /api/detection_engine/tags: - get: - description: List all unique tags from all detection rules. - operationId: ReadTags - responses: - '200': + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - description: Indicates a successful call - summary: List all detection rule tags + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO tags: - - Security Solution Detections API - - Tags API - /api/endpoint_list: - post: - description: Creates an endpoint list or does nothing if the list already exists - operationId: CreateEndpointList + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointList - description: Successful response + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '500': + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Creates an endpoint list - /api/endpoint_list/items: - delete: - operationId: DeleteEndpointListItem + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - description: Successful response + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Deletes an endpoint list item - get: - operationId: ReadEndpointListItem + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/_reset': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: - '200': + '204': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - type: array - description: Successful response + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Reads an endpoint list item + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/disable': post: - operationId: CreateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray - item_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - description: Successful response + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '409': + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item already exists - '500': + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/enable': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Creates an endpoint list item - put: - operationId: UpdateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Updates an endpoint list item - /api/endpoint_list/items/_find: - get: - operationId: FindEndpointListItems - parameters: - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Finds endpoint list items - /api/endpoint/action: - get: - description: Get a list of action requests and their responses - operationId: EndpointGetActionsList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Actions List schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/action_log/{agent_id}': - get: - deprecated: true - description: Get action requests log - operationId: EndpointGetActionLog - parameters: - - in: path - name: agent_id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionLogRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get action requests log schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/action_status: - get: - description: Get action status - operationId: EndpointGetActionsStatus - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agent_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse - description: OK - summary: Get Actions status schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/action/{action_id}': - get: - description: Get action details - operationId: EndpointGetActionsDetails - parameters: - - in: path - name: action_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Action details schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}/download`': - get: - description: Download a file from an endpoint - operationId: EndpointFileDownload - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: File Download schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}`': - get: - description: Get file info - operationId: EndpointFileInfo - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: File Info schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/execute: - post: - description: Execute a given command on an endpoint - operationId: EndpointExecuteAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Execute Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/get_file: - post: - description: Get a file from an endpoint - operationId: EndpointGetFileAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get File Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/isolate: - post: - description: Isolate an endpoint - operationId: EndpointIsolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Isolate Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/kill_process: - post: - description: Kill a running process on an endpoint - operationId: EndpointKillProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_KillOrSuspendActionSchema - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Kill process Action + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO tags: - - Security Solution Endpoint Management API - /api/endpoint/action/running_procs: - post: - description: Get list of running processes on an endpoint - operationId: EndpointGetProcessesAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Running Processes Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/scan: - post: - description: Scan a file or directory - operationId: EndpointScanAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ScanRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Scan Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/state: - get: - operationId: EndpointGetActionsState - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse - description: OK - summary: Get Action State schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/suspend_process: - post: - description: Suspend a running process on an endpoint - operationId: EndpointSuspendProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_KillOrSuspendActionSchema - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Suspend process Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/unisolate: - post: - description: Release an endpoint - operationId: EndpointUnisolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Unisolate Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/upload: - post: - description: Upload a file to an endpoint - operationId: EndpointUploadAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UploadRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Upload Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/metadata: - get: - operationId: GetEndpointMetadataList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ListRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Metadata List schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/metadata/{id}': - get: - operationId: GetEndpointMetadata - parameters: - - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Metadata schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/metadata/transforms: - get: - operationId: GetEndpointMetadataTransform - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Metadata Transform schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/policy_response: - get: - operationId: GetPolicyResponse - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agentId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Policy Response schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/policy/summaries: - get: - deprecated: true - operationId: GetAgentPolicySummary - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - package_name: - type: string - policy_id: - nullable: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Agent Policy Summary schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/protection_updates_note/{package_policy_id}': - get: - operationId: GetProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Get Protection Updates Note schema - tags: - - Security Solution Endpoint Management API - post: - operationId: CreateUpdateProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - note: - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Create Update Protection Updates Note schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/suggestions/{suggestion_type}': - post: - operationId: GetEndpointSuggestions - parameters: - - in: path - name: suggestion_type - required: true - schema: - enum: - - eventFilters - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - field: - type: string - fieldMeta: {} - filters: {} - query: - type: string - required: - - parameters - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get suggestions - tags: - - Security Solution Endpoint Management API - /api/exception_lists: - delete: - operationId: DeleteExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Deletes an exception list - tags: - - Security Solution Exceptions API - get: - operationId: ReadExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Retrieves an exception list using its `id` or `list_id` field - tags: - - Security Solution Exceptions API - post: - operationId: CreateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion - default: 1 - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates an exception list - tags: - - Security Solution Exceptions API - put: - operationId: UpdateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Updates an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/_duplicate: - post: - operationId: DuplicateExceptionList - parameters: - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list to duplicate not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Duplicates an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/_export: - post: - description: Exports an exception list and its associated items to an .ndjson file - operationId: ExportExceptionList - parameters: - - description: Exception list's identifier - in: query - name: id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: >- - A `.ndjson` file containing specified exception list and its - items - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Exports an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/_find: - get: - operationId: FindExceptionLists - parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: - - - - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - type: array - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of exception lists to return per page - in: query - name: per_page - required: false - schema: - minimum: 1 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - type: string - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Finds exception lists - tags: - - Security Solution Exceptions API - /api/exception_lists/_import: - post: - description: Imports an exception list and associated items - operationId: ImportExceptionList - parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false - schema: - default: false - type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - - list and its items are overwritten. - in: query - name: as_new_list - required: false - schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Imports an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/items: - delete: - operationId: DeleteExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Deletes an exception list item - tags: - - Security Solution Exceptions API - get: - operationId: ReadExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Gets an exception list item - tags: - - Security Solution Exceptions API - post: - operationId: CreateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType - required: - - list_id - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates an exception list item - tags: - - Security Solution Exceptions API - put: - operationId: UpdateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Updates an exception list item - tags: - - Security Solution Exceptions API - /api/exception_lists/items/_find: - get: - operationId: FindExceptionListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - type: array - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - default: [] - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListItemsFilter - type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - type: array - - in: query - name: search - required: false - schema: - type: string - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Finds exception list items - tags: - - Security Solution Exceptions API - /api/exception_lists/summary: - get: - operationId: ReadExceptionListSummary - parameters: - - description: Exception list's identifier generated upon creation - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Exception list's human readable identifier - in: query - name: list_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - - description: Search filter clause - in: query - name: filter - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Retrieves an exception list summary - tags: - - Security Solution Exceptions API - /api/exceptions/shared: - post: - operationId: CreateSharedExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - required: - - name - - description - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates a shared exception list - tags: - - Security Solution Exceptions API - /api/lists: - delete: - operationId: DeleteList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - in: query - name: deleteReferences - required: false - schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Deletes a list - tags: - - Security Solution Lists API - get: - operationId: ReadList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Retrieves a list using its id field - tags: - - Security Solution Lists API - patch: - operationId: PatchList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata - name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Patches a list - tags: - - Security Solution Lists API - post: - operationId: CreateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata - name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Creates a list - tags: - - Security Solution Lists API - put: - operationId: UpdateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata - name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - - name - - description - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Updates a list - tags: - - Security Solution Lists API - /api/lists/_find: - get: - operationId: FindLists - parameters: - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListsCursor - data: - items: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Finds lists - tags: - - Security Solution Lists API - /api/lists/index: - delete: - operationId: DeleteListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List data stream not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Deletes list data streams - tags: - - Security Solution Lists API - get: - operationId: ReadListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List data stream(s) not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Get list data stream existence status - tags: - - Security Solution Lists API - post: - operationId: CreateListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Creates necessary list data streams - tags: - - Security Solution Lists API - /api/lists/items: - delete: - operationId: DeleteListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Deletes a list item - tags: - - Security Solution Lists API - get: - operationId: ReadListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Gets a list item - tags: - - Security Solution Lists API - patch: - operationId: PatchListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue - required: - - id - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Patches a list item - tags: - - Security Solution Lists API - post: - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue - required: - - list_id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Creates a list item - tags: - - Security Solution Lists API - put: - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata - value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue - required: - - id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Updates a list item - tags: - - Security Solution Lists API - /api/lists/items/_export: - post: - description: Exports list item values from the specified list - operationId: ExportListItems - parameters: - - description: List's id to export - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Exports list items - tags: - - Security Solution Lists API - /api/lists/items/_find: - get: - operationId: FindListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsFilter - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Finds list items - tags: - - Security Solution Lists API - /api/lists/items/_import: - post: - description: > - Imports a list of items from a `.txt` or `.csv` file. The maximum file - size is 9 million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems - parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - - in: query - name: serializer - required: false - schema: - type: string - - in: query - name: deserializer - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - enum: - - 'true' - - 'false' - - wait_for - type: string - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Imports list items - tags: - - Security Solution Lists API - /api/lists/privileges: - get: - operationId: ReadListPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemPrivileges - lists: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListPrivileges - required: - - lists - - listItems - - is_authenticated - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Gets list privileges - tags: - - Security Solution Lists API - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync machine learning saved objects - tags: - - ml - /api/note: - delete: - operationId: DeleteNote - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds - description: The id of the note to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - description: Indicates the note was successfully deleted. - summary: Deletes a note from a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - get: - description: Gets notes - operationId: GetNotes - parameters: - - in: query - name: documentIds - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DocumentIds' - - in: query - name: page - schema: - nullable: true - type: number - - in: query - name: perPage - schema: - nullable: true - type: number - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: sortField - schema: - nullable: true - type: string - - in: query - name: sortOrder - schema: - nullable: true - type: string - - in: query - name: filter - schema: - nullable: true - type: string - responses: - '200': - description: Indicates the requested notes were returned. - summary: Get all notes for a given document. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - patch: - operationId: PersistNoteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true - type: string - note: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - noteId: - nullable: true - type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true - type: string - required: - - note - description: The note to persist or update along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistNote: - type: object - properties: - code: - type: number - message: - type: string - note: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Note - required: - - code - - message - - note - required: - - persistNote - required: - - data - description: Indicates the note was successfully created. - summary: Persists a note to a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/osquery/live_queries: - get: - operationId: OsqueryFindLiveQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Find live queries - tags: - - Security Solution Osquery API - post: - operationId: OsqueryCreateLiveQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateLiveQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Solution Osquery API - '/api/osquery/live_queries/{id}': - get: - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - - in: query - name: query - schema: - additionalProperties: true - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details - tags: - - Security Solution Osquery API - '/api/osquery/live_queries/{id}/results/{actionId}': - get: - operationId: OsqueryGetLiveQueryResults - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - - in: path - name: actionId - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Solution Osquery API - /api/osquery/packs: - get: - operationId: OsqueryFindPacks - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindPacksRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Find packs - tags: - - Security Solution Osquery API - post: - operationId: OsqueryCreatePacks - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreatePacksRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a packs - tags: - - Security Solution Osquery API - '/api/osquery/packs/{id}': - delete: - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete packs - tags: - - Security Solution Osquery API - get: - operationId: OsqueryGetPacksDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs details - tags: - - Security Solution Osquery API - put: - operationId: OsqueryUpdatePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdatePacksRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update packs - tags: - - Security Solution Osquery API - /api/osquery/saved_queries: - get: - operationId: OsqueryFindSavedQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Find saved queries - tags: - - Security Solution Osquery API - post: - operationId: OsqueryCreateSavedQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Solution Osquery API - '/api/osquery/saved_queries/{id}': - delete: - operationId: OsqueryDeleteSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete saved query - tags: - - Security Solution Osquery API - get: - operationId: OsqueryGetSavedQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Solution Osquery API - put: - operationId: OsqueryUpdateSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update saved query - tags: - - Security Solution Osquery API - /api/pinned_event: - patch: - operationId: PersistPinnedEventRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to persist or update along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent - - type: object - properties: - code: - type: number - message: - type: string - required: - - persistPinnedEventOnTimeline - required: - - data - description: Indicate the event was successfully pinned in the timeline. - summary: Persists a pinned event to a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - The bulk action is applied to all anonymization fields that match the - filter or to the list of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Applies a bulk action to multiple anonymization fields - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: - get: - description: Finds anonymization fields that match the given query. - operationId: FindAnonymizationFields - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Finds anonymization fields that match the given query. - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Creates a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Creates a model response for the given chat conversation. - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a conversation - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Finds conversations that match the given query. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Finds conversations that match the given query. - tags: - - Security AI Assistant API - - Conversations API - '/api/security_ai_assistant/current_user/conversations/{id}': - delete: - description: Deletes a single conversation using the `id` field. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Deletes a single conversation using the `id` field. - tags: - - Security AI Assistant API - - Conversation API - get: - description: Read a single conversation - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Read a single conversation - tags: - - Security AI Assistant API - - Conversations API - put: - description: Update a single conversation - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Update a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - The bulk action is applied to all prompts that match the filter or to - the list of prompts by their IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Applies a bulk action to multiple prompts - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: - get: - description: Finds prompts that match the given query. - operationId: FindPrompts - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Finds prompts that match the given query. - tags: - - Security AI Assistant API - - Prompts API - /api/status: - get: - operationId: /api/status#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /api/timeline: - delete: - operationId: DeleteTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - savedObjectIds: - items: - type: string - type: array - searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines - items: - type: string - type: array - required: - - savedObjectIds - description: The ids of the timelines or timeline templates to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline - required: - - data - description: Indicates the timeline was successfully deleted. - summary: Deletes one or more timelines or timeline templates. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - get: - operationId: GetTimeline - parameters: - - description: The ID of the template timeline to retrieve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to retrieve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - nullable: true - required: - - getOneTimeline - required: - - data - description: Indicates that the (template) timeline was found and returned. - summary: >- - Get an existing saved timeline or timeline template. This API is used to - retrieve an existing saved timeline or timeline template. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - patch: - description: >- - Updates an existing timeline. This API is used to update the title, - description, date range, pinned events, pinned queries, and/or pinned - saved queries of an existing timeline. - operationId: PatchTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline - timelineId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - timelineId - - version - - timeline - description: The timeline updates along with the timeline ID and version. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - timeline - required: - - persistTimeline - required: - - data - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates that the user does not have the required access to create - a draft timeline. - summary: Updates an existing timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - post: - operationId: CreateTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - status: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineStatus - nullable: true - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline - timelineId: - nullable: true - type: string - timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType - nullable: true - version: - nullable: true - type: string - required: - - timeline - description: >- - The required timeline fields used to create a new timeline along with - optional fields that will be created if not provided. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - persistTimeline - required: - - data - description: Indicates the timeline was successfully created. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that there was an error in the timeline creation. - summary: Creates a new timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_draft: - get: - operationId: GetDraftTimelines - parameters: - - in: query - name: timelineType - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - timeline - required: - - persistTimeline - required: - - data - description: Indicates that the draft timeline was successfully retrieved. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - If a draft timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft timeline. - '409': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - This should never happen, but if a draft timeline was not found and - we attempted to create one, it indicates that there is already a - draft timeline with the given timelineId. - summary: >- - Retrieves the draft timeline for the current user. If the user does not - have a draft timeline, an empty timeline is returned. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - post: - description: > - Retrieves a clean draft timeline. If a draft timeline does not exist, it - is created and returned. - operationId: CleanDraftTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType - required: - - timelineType - description: >- - The type of timeline to create. Valid values are `default` and - `template`. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - timeline - required: - - persistTimeline - required: - - data - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft timeline. - '409': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that there is already a draft timeline with the given - timelineId. - summary: Retrieves a draft timeline or timeline template. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_export: - post: - operationId: ExportTimelines - parameters: - - description: The name of the file to export - in: query - name: file_name - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array - description: The ids of the timelines to export - required: true - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: NDJSON of the exported timelines - type: string - description: Indicates the timelines were successfully exported - '400': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that the export size limit was exceeded - summary: Exports timelines as an NDJSON file - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_favorite: - patch: - operationId: PersistFavoriteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType - description: The required fields used to favorite a (template) timeline. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistFavorite: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResponse - required: - - persistFavorite - required: - - data - description: Indicates the favorite status was successfully updated. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. - summary: Persists a given users favorite status of a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_import: - post: - operationId: ImportTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Readable - - type: object - properties: - hapi: - type: object - properties: - filename: - type: string - headers: - type: object - isImmutable: - enum: - - 'true' - - 'false' - type: string - required: - - filename - - headers - required: - - hapi - description: The timelines to import as a readable stream. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult - required: - - data - description: Indicates the import of timelines was successful. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: >- - Indicates the import of timelines was unsuccessful because of an - invalid file extension. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - statusCode: - type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: Indicates the import of timelines was unsuccessful. - summary: Imports timelines. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_prepackaged: - post: - operationId: InstallPrepackedTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline - type: array - timelinesToInstall: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines - nullable: true - type: array - timelinesToUpdate: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines - description: The timelines to install or update. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult - required: - - data - description: Indicates the installation of prepackaged timelines was successful. - '500': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the installation of prepackaged timelines was - unsuccessful. - summary: Installs prepackaged timelines. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/resolve: - get: - operationId: ResolveTimeline - parameters: - - description: The ID of the template timeline to resolve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to resolve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - nullable: true - required: - - getOneTimeline - required: - - data - description: The (template) timeline has been found - '400': - description: The request is missing parameters - '404': - description: The (template) timeline was not found - summary: Get an existing saved timeline or timeline template. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timelines: - get: - operationId: GetTimelines - parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. - in: query - name: only_user_favorite - schema: - enum: - - 'true' - - 'false' - nullable: true - type: string - - in: query - name: timeline_type - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' - nullable: true - - in: query - name: sort_field - schema: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SortFieldTimeline - - in: query - name: sort_order - schema: - enum: - - asc - - desc - type: string - - in: query - name: page_size - schema: - nullable: true - type: string - - in: query - name: page_index - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: status - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineStatus' - nullable: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - customTemplateTimelineCount: - type: number - defaultTimelineCount: - type: number - elasticTemplateTimelineCount: - type: number - favoriteCount: - type: number - templateTimelineCount: - type: number - timelines: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - type: array - totalCount: - type: number - required: - - timelines - - totalCount - - defaultTimelineCount - - templateTimelineCount - - favoriteCount - - elasticTemplateTimelineCount - - customTemplateTimelineCount - required: - - data - description: Indicates that the (template) timelines were found and returned. - '400': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Bad request. The user supplied invalid data. - summary: >- - This API is used to retrieve a list of existing saved timelines or - timeline templates. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - '/s/{spaceId}/api/observability/slos': - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: 'The page to use for pagination, must be greater or equal than 1' - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs - tags: - - slo - post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - summary: Create an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/_delete_instances': - post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - summary: Batch delete rollup and summary data - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}': - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO - tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/_reset': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/disable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/enable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO - tags: - - slo -components: - examples: - Connectors_create_email_connector_request: - summary: Create an email connector. - value: - config: - from: tester@example.com - hasAuth: true - host: 'https://example.com' - port: 1025 - secure: false - service: other - connector_type_id: .email - name: email-connector-1 - secrets: - password: password - user: username - Connectors_create_email_connector_response: - summary: A new email connector. - value: - config: - clientId: null - from: tester@example.com - hasAuth: true - host: 'https://example.com' - oauthTokenUrl: null - port: 1025 - secure: false - service: other - tenantId: null - connector_type_id: .email - id: 90a82c60-478f-11ee-a343-f98a117c727f - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: email-connector-1 - Connectors_create_index_connector_request: - summary: Create an index connector. - value: - config: - index: test-index - connector_type_id: .index - name: my-connector - Connectors_create_index_connector_response: - summary: A new index connector. - value: - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-connector - Connectors_create_webhook_connector_request: - summary: Create a webhook connector with SSL authentication. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - method: post - url: 'https://example.com' - connector_type_id: .webhook - name: my-webhook-connector - secrets: - crt: QmFnIEF0dH... - key: LS0tLS1CRUdJ... - password: my-passphrase - Connectors_create_webhook_connector_response: - summary: A new webhook connector. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - hasAuth: true - headers: null - method: post - url: 'https://example.com' - verificationMode: full - connector_type_id: .webhook - id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-webhook-connector - Connectors_create_xmatters_connector_request: - summary: Create an xMatters connector with URL authentication. - value: - config: - usesBasic: false - connector_type_id: .xmatters - name: my-xmatters-connector - secrets: - secretsUrl: 'https://example.com?apiKey=xxxxx' - Connectors_create_xmatters_connector_response: - summary: A new xMatters connector. - value: - config: - configUrl: null - usesBasic: false - connector_type_id: .xmatters - id: 4d2d8da0-4d1f-11ee-9367-577408be4681 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-xmatters-connector - Connectors_get_connector_response: - summary: Get connector details. - value: - config: {} - connector_type_id: .server-log - id: df770e30-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my_server_log_connector - Connectors_get_connector_types_generativeai_response: - summary: A list of connector types for the `generativeAI` feature. - value: - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gen-ai - is_system_action_type: false - minimum_license_required: enterprise - name: OpenAI - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .bedrock - is_system_action_type: false - minimum_license_required: enterprise - name: AWS Bedrock - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gemini - is_system_action_type: false - minimum_license_required: enterprise - name: Google Gemini - supported_feature_ids: - - generativeAIForSecurity - Connectors_get_connectors_response: - summary: A list of connectors - value: - - connector_type_id: .email - id: preconfigured-email-connector - is_deprecated: false - is_preconfigured: true - is_system_action: false - name: my-preconfigured-email-notification - referenced_by_count: 0 - - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: e07d0c80-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-index-connector - referenced_by_count: 2 - Connectors_update_index_connector_request: - summary: Update an index connector. - value: - config: - index: updated-index - name: updated-connector - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: 'emit(doc[''shape_name''].value)' - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: 'emit(doc["foo"].value)' - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: '$0,0.00' - products.base_unit_price: - id: number - params: - pattern: '$0,0.00' - products.min_price: - id: number - params: - pattern: '$0,0.00' - products.price: - id: number - params: - pattern: '$0,0.00' - products.taxful_price: - id: number - params: - pattern: '$0,0.00' - products.taxless_price: - id: number - params: - pattern: '$0,0.00' - taxful_total_price: - id: number - params: - pattern: '$0,0.[00]' - taxless_total_price: - id: number - params: - pattern: '$0,0.00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category - type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name - type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name - type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name - type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer - type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer - type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name - type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: '$0,0.[00]' - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: 'emit(doc["bar"].value)' - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Serverless_saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Serverless_saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Serverless_saved_objects_import_objects_request: - value: - file: file.ndjson - Serverless_saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - parameters: - Connectors_connector_id: - description: An identifier for the connector. - in: path - name: connectorId - required: true - schema: - example: df770e30-8b8b-11ed-a780-3b746c987a81 - type: string - Connectors_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Serverless_saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - responses: - Connectors_401: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unauthorized response - type: object - description: Authorization information is missing or invalid. - Connectors_404: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not - found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - title: Not found response - type: object - description: Object is not found. - schemas: - Connectors_config_properties_bedrock: - description: Defines properties for connectors when type is `.bedrock`. - properties: - apiUrl: - description: The Amazon Bedrock request URL. - type: string - defaultModel: - default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' - description: > - The generative artificial intelligence model for Amazon Bedrock to - use. Current support is for the Anthropic Claude models. - type: string - required: - - apiUrl - title: Connector request properties for an Amazon Bedrock connector - type: object - Connectors_config_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - createCommentJson: - description: > - A JSON payload sent to the create comment URL to create a case - comment. You can use variables to add Kibana Cases data to the - payload. The required variable is `case.comment`. Due to Mustache - template variables (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated once the Mustache variables have - been placed when the REST method runs. Manually ensure that the JSON - is valid, disregarding the Mustache variables, so the later - validation will pass. - example: '{"body": {{{case.comment}}}}' - type: string - createCommentMethod: - default: put - description: > - The REST API HTTP request method to create a case comment in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createCommentUrl: - description: > - The REST API URL to create a case comment by ID in the third-party - system. You can use a variable to add the external system ID to the - URL. If you are using the `xpack.actions.allowedHosts setting`, add - the hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.id}}}/comment' - type: string - createIncidentJson: - description: > - A JSON payload sent to the create case URL to create a case. You can - use variables to add case data to the payload. Required variables - are `case.title` and `case.description`. Due to Mustache template - variables (which is the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid to avoid future validation errors; disregard Mustache - variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - createIncidentMethod: - default: post - description: > - The REST API HTTP request method to create a case in the third-party - system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createIncidentResponseKey: - description: >- - The JSON key in the create external case response that contains the - case ID. - type: string - createIncidentUrl: - description: > - The REST API URL to create a case in the third-party system. If you - are using the `xpack.actions.allowedHosts` setting, add the hostname - to the allowed hosts. - type: string - getIncidentResponseExternalTitleKey: - description: >- - The JSON key in get external case response that contains the case - title. - type: string - getIncidentUrl: - description: > - The REST API URL to get the case by ID from the third-party system. - If you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. You can use a variable to add the - external system ID to the URL. Due to Mustache template variables - (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid, disregarding the Mustache variables, so the later validation - will pass. - example: 'https://example.com/issue/{{{external.system.id}}}' - type: string - hasAuth: - default: true - description: >- - If true, a username and password for login type authentication must - be provided. - type: boolean - headers: - description: > - A set of key-value pairs sent as headers with the request URLs for - the create case, update case, get case, and create comment methods. - type: string - updateIncidentJson: - description: > - The JSON payload sent to the update case URL to update the case. You - can use variables to add Kibana Cases data to the payload. Required - variables are `case.title` and `case.description`. Due to Mustache - template variables (which is the text enclosed in triple braces, for - example, `{{{case.title}}}`), the JSON is not validated when you - create the connector. The JSON is validated after the Mustache - variables have been placed when REST method runs. Manually ensure - that the JSON is valid to avoid future validation errors; disregard - Mustache variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - updateIncidentMethod: - default: put - description: > - The REST API HTTP request method to update the case in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - updateIncidentUrl: - description: > - The REST API URL to update the case by ID in the third-party system. - You can use a variable to add the external system ID to the URL. If - you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.ID}}}' - type: string - viewIncidentUrl: - description: > - The URL to view the case in the external system. You can use - variables to add the external system ID or external system title to - the URL. - example: >- - https://testing-jira.atlassian.net/browse/{{{external.system.title}}} - type: string - required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - title: Connector request properties for Webhook - Case Management connector - Connectors_config_properties_d3security: - description: Defines properties for connectors when type is `.d3security`. - properties: - url: - description: > - The D3 Security API request URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a D3 Security connector - type: object - Connectors_config_properties_email: - description: Defines properties for connectors when type is `.email`. - type: object - properties: - clientId: - description: > - The client identifier, which is a part of OAuth 2.0 client - credentials authentication, in GUID format. If `service` is - `exchange_server`, this property is required. - nullable: true - type: string - from: - description: > - The from address for all emails sent by the connector. It must be - specified in `user@host-name` format. - type: string - hasAuth: - default: true - description: > - Specifies whether a user and password are required inside the - secrets configuration. - type: boolean - host: - description: > - The host name of the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: string - oauthTokenUrl: - nullable: true - type: string - port: - description: > - The port to connect to on the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: > - Specifies whether the connection to the service provider will use - TLS. If the `service` is `elastic_cloud` (for Elastic Cloud - notifications) or one of Nodemailer's well-known email service - providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. - enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - type: string - tenantId: - description: > - The tenant identifier, which is part of OAuth 2.0 client credentials - authentication, in GUID format. If `service` is `exchange_server`, - this property is required. - nullable: true - type: string - required: - - from - title: Connector request properties for an email connector - Connectors_config_properties_gemini: - description: Defines properties for connectors when type is `.gemini`. - properties: - apiUrl: - description: The Google Gemini request URL. - type: string - defaultModel: - default: gemini-1.5-pro-001 - description: >- - The generative artificial intelligence model for Google Gemini to - use. - type: string - gcpProjectID: - description: The Google ProjectID that has Vertex AI endpoint enabled. - type: string - gcpRegion: - description: The GCP region where the Vertex AI endpoint enabled. - type: string - required: - - apiUrl - - gcpRegion - - gcpProjectID - title: Connector request properties for an Google Gemini connector - type: object - Connectors_config_properties_genai: - description: Defines properties for connectors when type is `.gen-ai`. - discriminator: - mapping: - Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' - OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' - propertyName: apiProvider - oneOf: - - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' - - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' - title: Connector request properties for an OpenAI connector - Connectors_config_properties_genai_azure: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `Azure OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - Azure OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - required: - - apiProvider - - apiUrl - title: >- - Connector request properties for an OpenAI connector that uses Azure - OpenAI - type: object - Connectors_config_properties_genai_openai: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - defaultModel: - description: The default model to use for requests. - type: string - required: - - apiProvider - - apiUrl - title: Connector request properties for an OpenAI connector - type: object - Connectors_config_properties_index: - description: Defines properties for connectors when type is `.index`. - type: object - properties: - executionTimeField: - default: null - description: A field that indicates when the document was indexed. - nullable: true - type: string - index: - description: The Elasticsearch index to be written to. - type: string - refresh: - default: false - description: > - The refresh policy for the write request, which affects when changes - are made visible to search. Refer to the refresh setting for - Elasticsearch document APIs. - type: boolean - required: - - index - title: Connector request properties for an index connector - Connectors_config_properties_jira: - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - apiUrl: - description: The Jira instance URL. - type: string - projectKey: - description: The Jira project key. - type: string - required: - - apiUrl - - projectKey - title: Connector request properties for a Jira connector - Connectors_config_properties_opsgenie: - description: Defines properties for connectors when type is `.opsgenie`. - type: object - properties: - apiUrl: - description: > - The Opsgenie URL. For example, `https://api.opsgenie.com` or - `https://api.eu.opsgenie.com`. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - apiUrl - title: Connector request properties for an Opsgenie connector - Connectors_config_properties_pagerduty: - description: Defines properties for connectors when type is `.pagerduty`. - properties: - apiUrl: - description: The PagerDuty event URL. - example: 'https://events.pagerduty.com/v2/enqueue' - nullable: true - type: string - title: Connector request properties for a PagerDuty connector - type: object - Connectors_config_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - apiUrl: - description: The IBM Resilient instance URL. - type: string - orgId: - description: The IBM Resilient organization ID. - type: string - required: - - apiUrl - - orgId - title: Connector request properties for a IBM Resilient connector - Connectors_config_properties_sentinelone: - description: Defines properties for connectors when type is `.sentinelone`. - type: object - properties: - url: - description: > - The SentinelOne tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a SentinelOne connector - Connectors_config_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - usesTableApi: - default: true - description: > - Determines whether the connector uses the Table API or the Import - Set API. This property is supported only for ServiceNow ITSM and - ServiceNow SecOps connectors. NOTE: If this property is set to - `false`, the Elastic application should be installed in ServiceNow. - type: boolean - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_servicenow_itom: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_slack_api: - description: Defines properties for connectors when type is `.slack_api`. - properties: - allowedChannels: - description: A list of valid Slack channels. - items: - maxItems: 25 - type: object - properties: - id: - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - type: string - name: - description: The Slack channel name. - minLength: 1 - type: string - required: - - id - - name - type: array - title: Connector request properties for a Slack connector - type: object - Connectors_config_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - apiUrl: - description: The Swimlane instance URL. - type: string - appId: - description: The Swimlane application ID. - type: string - connectorType: - description: >- - The type of connector. Valid values are `all`, `alerts`, and - `cases`. - enum: - - all - - alerts - - cases - type: string - mappings: - description: The field mapping. - properties: - alertIdConfig: - description: Mapping for the alert ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Alert identifier mapping - type: object - caseIdConfig: - description: Mapping for the case ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case identifier mapping - type: object - caseNameConfig: - description: Mapping for the case name. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case name mapping - type: object - commentsConfig: - description: Mapping for the case comments. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case comment mapping - type: object - descriptionConfig: - description: Mapping for the case description. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case description mapping - type: object - ruleNameConfig: - description: Mapping for the name of the alert's rule. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Rule name mapping - type: object - severityConfig: - description: Mapping for the severity. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Severity mapping - type: object - title: Connector mappings properties for a Swimlane connector - type: object - required: - - apiUrl - - appId - - connectorType - title: Connector request properties for a Swimlane connector - Connectors_config_properties_tines: - description: Defines properties for connectors when type is `.tines`. - properties: - url: - description: > - The Tines tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, make sure this hostname is - added to the allowed hosts. - type: string - required: - - url - title: Connector request properties for a Tines connector - type: object - Connectors_config_properties_torq: - description: Defines properties for connectors when type is `.torq`. - properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. - type: string - required: - - webhookIntegrationUrl - title: Connector request properties for a Torq connector - type: object - Connectors_config_properties_webhook: - description: Defines properties for connectors when type is `.webhook`. - properties: - authType: - description: | - The type of authentication to use: basic, SSL, or none. - enum: - - webhook-authentication-basic - - webhook-authentication-ssl - nullable: true - type: string - ca: - description: > - A base64 encoded version of the certificate authority file that the - connector can trust to sign and validate certificates. This option - is available for all authentication types. - type: string - certType: - description: > - If the `authType` is `webhook-authentication-ssl`, specifies whether - the certificate authentication data is in a CRT and key file format - or a PFX file format. - enum: - - ssl-crt-key - - ssl-pfx - type: string - hasAuth: - description: > - If `true`, a user name and password must be provided for login type - authentication. - type: boolean - headers: - description: A set of key-value pairs sent as headers with the request. - nullable: true - type: object - method: - default: post - description: | - The HTTP request method, either `post` or `put`. - enum: - - post - - put - type: string - url: - description: > - The request URL. If you are using the `xpack.actions.allowedHosts` - setting, add the hostname to the allowed hosts. - type: string - verificationMode: - default: full - description: > - Controls the verification of certificates. Use `full` to validate - that the certificate has an issue date within the `not_before` and - `not_after` dates, chains to a trusted certificate authority (CA), - and has a hostname or IP address that matches the names within the - certificate. Use `certificate` to validate the certificate and - verify that it is signed by a trusted authority; this option does - not check the certificate hostname. Use `none` to skip certificate - validation. - enum: - - certificate - - full - - none - type: string - title: Connector request properties for a Webhook connector - type: object - Connectors_config_properties_xmatters: - description: Defines properties for connectors when type is `.xmatters`. - properties: - configUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters. It is - applicable only when `usesBasic` is `true`. - nullable: true - type: string - usesBasic: - default: true - description: >- - Specifies whether the connector uses HTTP basic authentication - (`true`) or URL authentication (`false`). - type: boolean - title: Connector request properties for an xMatters connector - type: object - Connectors_connector_response_properties: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - .cases-webhook: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - .d3security: >- - #/components/schemas/Connectors_connector_response_properties_d3security - .email: '#/components/schemas/Connectors_connector_response_properties_email' - .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' - .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' - .index: '#/components/schemas/Connectors_connector_response_properties_index' - .jira: '#/components/schemas/Connectors_connector_response_properties_jira' - .opsgenie: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - .pagerduty: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - .resilient: >- - #/components/schemas/Connectors_connector_response_properties_resilient - .sentinelone: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - .server-log: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - .servicenow: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - .servicenow-itom: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - .slack: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - .slack_api: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - .swimlane: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - .teams: '#/components/schemas/Connectors_connector_response_properties_teams' - .tines: '#/components/schemas/Connectors_connector_response_properties_tines' - .torq: '#/components/schemas/Connectors_connector_response_properties_torq' - .webhook: >- - #/components/schemas/Connectors_connector_response_properties_webhook - .xmatters: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - propertyName: connector_type_id - oneOf: - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_d3security - - $ref: '#/components/schemas/Connectors_connector_response_properties_email' - - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' - - $ref: '#/components/schemas/Connectors_connector_response_properties_index' - - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_resilient - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' - - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' - - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - title: Connector response properties - Connectors_connector_response_properties_bedrock: - title: Connector response properties for an Amazon Bedrock connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - required: - - config - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_cases_webhook: - title: Connector request properties for a Webhook - Case Management connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_d3security: - title: Connector response properties for a D3 Security connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_email: - title: Connector response properties for an email connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_gemini: - title: Connector response properties for a Google Gemini connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_genai: - title: Connector response properties for an OpenAI connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_index: - title: Connector response properties for an index connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_jira: - title: Connector response properties for a Jira connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_opsgenie: - title: Connector response properties for an Opsgenie connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_pagerduty: - title: Connector response properties for a PagerDuty connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_resilient: - title: Connector response properties for a IBM Resilient connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_sentinelone: - title: Connector response properties for a SentinelOne connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_serverlog: - title: Connector response properties for a server log connector - type: object - properties: - config: - nullable: true - type: object - connector_type_id: - description: The type of connector. - enum: - - .server-log - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow: - title: Connector response properties for a ServiceNow ITSM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_itom: - title: Connector response properties for a ServiceNow ITOM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_sir: - title: Connector response properties for a ServiceNow SecOps connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_api: - title: Connector response properties for a Slack connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_webhook: - title: Connector response properties for a Slack connector - type: object - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_swimlane: - title: Connector response properties for a Swimlane connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_teams: - title: Connector response properties for a Microsoft Teams connector - type: object - properties: - config: - type: object - connector_type_id: - description: The type of connector. - enum: - - .teams - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_tines: - title: Connector response properties for a Tines connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_torq: - title: Connector response properties for a Torq connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_webhook: - title: Connector response properties for a Webhook connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_xmatters: - title: Connector response properties for an xMatters connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_types: - description: >- - The type of connector. For example, `.email`, `.index`, `.jira`, - `.opsgenie`, or `.server-log`. - enum: - - .bedrock - - .gemini - - .cases-webhook - - .d3security - - .email - - .gen-ai - - .index - - .jira - - .opsgenie - - .pagerduty - - .resilient - - .sentinelone - - .servicenow - - .servicenow-itom - - .servicenow-sir - - .server-log - - .slack - - .slack_api - - .swimlane - - .teams - - .tines - - .torq - - .webhook - - .xmatters - example: .server-log - title: Connector types - type: string - Connectors_create_connector_request: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' - .cases-webhook: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' - .email: '#/components/schemas/Connectors_create_connector_request_email' - .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' - .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' - .index: '#/components/schemas/Connectors_create_connector_request_index' - .jira: '#/components/schemas/Connectors_create_connector_request_jira' - .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' - .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' - .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' - .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' - .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' - .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' - .servicenow-itom: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - .slack: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' - .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' - .teams: '#/components/schemas/Connectors_create_connector_request_teams' - .tines: '#/components/schemas/Connectors_create_connector_request_tines' - .torq: '#/components/schemas/Connectors_create_connector_request_torq' - .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' - .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' - propertyName: connector_type_id - oneOf: - - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_create_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_create_connector_request_index' - - $ref: '#/components/schemas/Connectors_create_connector_request_jira' - - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_create_connector_request_teams' - - $ref: '#/components/schemas/Connectors_create_connector_request_tines' - - $ref: '#/components/schemas/Connectors_create_connector_request_torq' - - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' - title: Create connector request body properties - Connectors_create_connector_request_bedrock: - description: >- - The Amazon Bedrock connector uses axios to send a POST request to Amazon - Bedrock. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - example: .bedrock - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - connector_type_id - - name - - secrets - title: Create Amazon Bedrock connector request - type: object - Connectors_create_connector_request_cases_webhook: - description: > - The Webhook - Case Management connector uses axios to send POST, PUT, - and GET requests to a case management RESTful API web service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - connector_type_id - - name - title: Create Webhook - Case Managment connector request - type: object - Connectors_create_connector_request_d3security: - description: > - The connector uses axios to send a POST request to a D3 Security - endpoint. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - example: .d3security - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - connector_type_id - - name - - secrets - title: Create D3 Security connector request - type: object - Connectors_create_connector_request_email: - description: > - The email connector uses the SMTP protocol to send mail messages, using - an integration of Nodemailer. An exception is Microsoft Exchange, which - uses HTTP protocol for sending emails, Send mail. Email message text is - sent as both plain text and html text. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - example: .email - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - connector_type_id - - name - - secrets - title: Create email connector request - type: object - Connectors_create_connector_request_gemini: - description: >- - The Google Gemini connector uses axios to send a POST request to Google - Gemini. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - example: .gemini - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - connector_type_id - - name - - secrets - title: Create Google Gemini connector request - type: object - Connectors_create_connector_request_genai: - description: > - The OpenAI connector uses axios to send a POST request to either OpenAI - or Azure OpenAPI. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - example: .gen-ai - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_genai' - required: - - config - - connector_type_id - - name - - secrets - title: Create OpenAI connector request - type: object - Connectors_create_connector_request_index: - description: The index connector indexes a document into Elasticsearch. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - example: .index - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - config - - connector_type_id - - name - title: Create index connector request - type: object - Connectors_create_connector_request_jira: - description: The Jira connector uses the REST API v2 to create Jira issues. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - example: .jira - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - connector_type_id - - name - - secrets - title: Create Jira connector request - type: object - Connectors_create_connector_request_opsgenie: - description: The Opsgenie connector uses the Opsgenie alert API. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - example: .opsgenie - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - connector_type_id - - name - - secrets - title: Create Opsgenie connector request - type: object - Connectors_create_connector_request_pagerduty: - description: > - The PagerDuty connector uses the v2 Events API to trigger, acknowledge, - and resolve PagerDuty alerts. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - example: .pagerduty - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - connector_type_id - - name - - secrets - title: Create PagerDuty connector request - type: object - Connectors_create_connector_request_resilient: - description: >- - The IBM Resilient connector uses the RESILIENT REST v2 to create IBM - Resilient incidents. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - connector_type_id - - name - - secrets - title: Create IBM Resilient connector request - type: object - Connectors_create_connector_request_sentinelone: - description: > - The SentinelOne connector communicates with SentinelOne Management - Console via REST API. This functionality is in technical preview and may - be changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Create SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - example: .sentinelone - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - connector_type_id - - name - - secrets - x-technical-preview: true - Connectors_create_connector_request_serverlog: - description: This connector writes an entry to the Kibana server log. - properties: - connector_type_id: - description: The type of connector. - enum: - - .server-log - example: .server-log - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - connector_type_id - - name - title: Create server log connector request - type: object - Connectors_create_connector_request_servicenow: - description: > - The ServiceNow ITSM connector uses the import set API to create - ServiceNow incidents. You can use the connector for rule actions and - cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - example: .servicenow - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITSM connector request - type: object - Connectors_create_connector_request_servicenow_itom: - description: > - The ServiceNow ITOM connector uses the event API to create ServiceNow - events. You can use the connector for rule actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - example: .servicenow-itom - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITOM connector request - type: object - Connectors_create_connector_request_servicenow_sir: - description: > - The ServiceNow SecOps connector uses the import set API to create - ServiceNow security incidents. You can use the connector for rule - actions and cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow SecOps connector request - type: object - Connectors_create_connector_request_slack_api: - description: The Slack connector uses an API method to send Slack messages. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - example: .slack_api - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_slack_webhook: - description: The Slack connector uses Slack Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - example: .slack - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_swimlane: - description: >- - The Swimlane connector uses the Swimlane REST API to create Swimlane - records. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - connector_type_id - - name - - secrets - title: Create Swimlane connector request - type: object - Connectors_create_connector_request_teams: - description: The Microsoft Teams connector uses Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .teams - example: .teams - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - connector_type_id - - name - - secrets - title: Create Microsoft Teams connector request - type: object - Connectors_create_connector_request_tines: - description: > - The Tines connector uses Tines Webhook actions to send events via POST - request. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - example: .tines - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - connector_type_id - - name - - secrets - title: Create Tines connector request - type: object - Connectors_create_connector_request_torq: - description: > - The Torq connector uses a Torq webhook to trigger workflows with Kibana - actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - example: .torq - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - connector_type_id - - name - - secrets - title: Create Torq connector request - type: object - Connectors_create_connector_request_webhook: - description: > - The Webhook connector uses axios to send a POST or PUT request to a web - service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - example: .webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - connector_type_id - - name - - secrets - title: Create Webhook connector request - type: object - Connectors_create_connector_request_xmatters: - description: > - The xMatters connector uses the xMatters Workflow for Elastic to send - actionable alerts to on-call xMatters resources. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - example: .xmatters - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - required: - - config - - connector_type_id - - name - - secrets - title: Create xMatters connector request - type: object - Connectors_features: - description: | - The feature that uses the connector. - enum: - - alerting - - cases - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - siem - - uptime - type: string - Connectors_is_deprecated: - description: Indicates whether the connector type is deprecated. - example: false - type: boolean - Connectors_is_missing_secrets: - description: >- - Indicates whether secrets are missing for the connector. Secrets - configuration properties vary depending on the connector type. - example: false - type: boolean - Connectors_is_preconfigured: - description: > - Indicates whether it is a preconfigured connector. If true, the `config` - and `is_missing_secrets` properties are omitted from the response. - example: false - type: boolean - Connectors_is_system_action: - description: Indicates whether the connector is used for system actions. - example: false - type: boolean - Connectors_referenced_by_count: - description: > - Indicates the number of saved objects that reference the connector. If - `is_preconfigured` is true, this value is not calculated. This property - is returned only by the get all connectors API. - example: 2 - type: integer - Connectors_secrets_properties_bedrock: - description: Defines secrets for connectors when type is `.bedrock`. - properties: - accessKey: - description: The AWS access key for authentication. - type: string - secret: - description: The AWS secret for authentication. - type: string - required: - - accessKey - - secret - title: Connector secrets properties for an Amazon Bedrock connector - type: object - Connectors_secrets_properties_cases_webhook: - title: Connector secrets properties for Webhook - Case Management connector - type: object - properties: - password: - description: >- - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - user: - description: >- - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - Connectors_secrets_properties_d3security: - description: Defines secrets for connectors when type is `.d3security`. - type: object - properties: - token: - description: The D3 Security token. - type: string - required: - - token - title: Connector secrets properties for a D3 Security connector - Connectors_secrets_properties_email: - description: Defines secrets for connectors when type is `.email`. - properties: - clientSecret: - description: > - The Microsoft Exchange Client secret for OAuth 2.0 client - credentials authentication. It must be URL-encoded. If `service` is - `exchange_server`, this property is required. - type: string - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - title: Connector secrets properties for an email connector - type: object - Connectors_secrets_properties_gemini: - description: Defines secrets for connectors when type is `.gemini`. - properties: - credentialsJSON: - description: >- - The service account credentials JSON file. The service account - should have Vertex AI user IAM role assigned to it. - type: string - required: - - credentialsJSON - title: Connector secrets properties for a Google Gemini connector - type: object - Connectors_secrets_properties_genai: - description: Defines secrets for connectors when type is `.gen-ai`. - properties: - apiKey: - description: The OpenAI API key. - type: string - title: Connector secrets properties for an OpenAI connector - type: object - Connectors_secrets_properties_jira: - description: Defines secrets for connectors when type is `.jira`. - type: object - properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. - type: string - email: - description: The account email for HTTP Basic authentication. - type: string - required: - - apiToken - - email - title: Connector secrets properties for a Jira connector - Connectors_secrets_properties_opsgenie: - description: Defines secrets for connectors when type is `.opsgenie`. - type: object - properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. - type: string - required: - - apiKey - title: Connector secrets properties for an Opsgenie connector - Connectors_secrets_properties_pagerduty: - description: Defines secrets for connectors when type is `.pagerduty`. - properties: - routingKey: - description: > - A 32 character PagerDuty Integration Key for an integration on a - service. - type: string - required: - - routingKey - title: Connector secrets properties for a PagerDuty connector - type: object - Connectors_secrets_properties_resilient: - description: Defines secrets for connectors when type is `.resilient`. - type: object - properties: - apiKeyId: - description: The authentication key ID for HTTP Basic authentication. - type: string - apiKeySecret: - description: The authentication key secret for HTTP Basic authentication. - type: string - required: - - apiKeyId - - apiKeySecret - title: Connector secrets properties for IBM Resilient connector - Connectors_secrets_properties_sentinelone: - description: Defines secrets for connectors when type is `.sentinelone`. - properties: - token: - description: The A SentinelOne API token. - type: string - required: - - token - title: Connector secrets properties for a SentinelOne connector - type: object - Connectors_secrets_properties_servicenow: - description: >- - Defines secrets for connectors when type is `.servicenow`, - `.servicenow-sir`, or `.servicenow-itom`. - properties: - clientSecret: - description: >- - The client secret assigned to your OAuth application. This property - is required when `isOAuth` is `true`. - type: string - password: - description: >- - The password for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - privateKey: - description: >- - The RSA private key that you created for use in ServiceNow. This - property is required when `isOAuth` is `true`. - type: string - privateKeyPassword: - description: >- - The password for the RSA private key. This property is required when - `isOAuth` is `true` and you set a password on your private key. - type: string - username: - description: >- - The username for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - title: >- - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors - type: object - Connectors_secrets_properties_slack_api: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - token: - description: Slack bot user OAuth token. - type: string - required: - - token - title: Connector secrets properties for a Web API Slack connector - Connectors_secrets_properties_slack_webhook: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - webhookUrl: - description: Slack webhook url. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Webhook Slack connector - Connectors_secrets_properties_swimlane: - description: Defines secrets for connectors when type is `.swimlane`. - properties: - apiToken: - description: Swimlane API authentication token. - type: string - title: Connector secrets properties for a Swimlane connector - type: object - Connectors_secrets_properties_teams: - description: Defines secrets for connectors when type is `.teams`. - properties: - webhookUrl: - description: > - The URL of the incoming webhook. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Microsoft Teams connector - type: object - Connectors_secrets_properties_tines: - description: Defines secrets for connectors when type is `.tines`. - properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. - type: string - required: - - email - - token - title: Connector secrets properties for a Tines connector - type: object - Connectors_secrets_properties_torq: - description: Defines secrets for connectors when type is `.torq`. - properties: - token: - description: The secret of the webhook authentication header. - type: string - required: - - token - title: Connector secrets properties for a Torq connector - type: object - Connectors_secrets_properties_webhook: - description: Defines secrets for connectors when type is `.webhook`. - properties: - crt: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT - file. - type: string - key: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the KEY file. - type: string - password: - description: > - The password for HTTP basic authentication or the passphrase for the - SSL certificate files. If `hasAuth` is set to `true` and `authType` - is `webhook-authentication-basic`, this property is required. - type: string - pfx: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. - type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - title: Connector secrets properties for a Webhook connector - type: object - Connectors_secrets_properties_xmatters: - description: Defines secrets for connectors when type is `.xmatters`. - properties: - password: - description: > - A user name for HTTP basic authentication. It is applicable only - when `usesBasic` is `true`. - type: string - secretsUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters with the - API key included in the URL. It is applicable only when `usesBasic` - is `false`. - type: string - user: - description: > - A password for HTTP basic authentication. It is applicable only when - `usesBasic` is `true`. - type: string - title: Connector secrets properties for an xMatters connector - type: object - Connectors_update_connector_request: - description: The properties vary depending on the connector type. - oneOf: - - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_update_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_update_connector_request_index' - - $ref: '#/components/schemas/Connectors_update_connector_request_jira' - - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_servicenow_itom - - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_update_connector_request_teams' - - $ref: '#/components/schemas/Connectors_update_connector_request_tines' - - $ref: '#/components/schemas/Connectors_update_connector_request_torq' - - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' - title: Update connector request body properties - Connectors_update_connector_request_bedrock: - title: Update Amazon Bedrock connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - name - Connectors_update_connector_request_cases_webhook: - title: Update Webhook - Case Managment connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - name - Connectors_update_connector_request_d3security: - title: Update D3 Security connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - name - - secrets - Connectors_update_connector_request_email: - title: Update email connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - name - Connectors_update_connector_request_gemini: - title: Update Google Gemini connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - name - Connectors_update_connector_request_index: - title: Update index connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - name: - description: The display name for the connector. - type: string - required: - - config - - name - Connectors_update_connector_request_jira: - title: Update Jira connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - name - - secrets - Connectors_update_connector_request_opsgenie: - title: Update Opsgenie connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - name - - secrets - Connectors_update_connector_request_pagerduty: - title: Update PagerDuty connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - name - - secrets - Connectors_update_connector_request_resilient: - title: Update IBM Resilient connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - name - - secrets - Connectors_update_connector_request_sentinelone: - title: Update SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - name - - secrets - Connectors_update_connector_request_serverlog: - title: Update server log connector request - type: object - properties: - name: - description: The display name for the connector. - type: string - required: - - name - Connectors_update_connector_request_servicenow: - title: Update ServiceNow ITSM connector or ServiceNow SecOps request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request - type: object - properties: + - slo +components: + examples: + Connectors_create_email_connector_request: + summary: Create an email connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - name: - description: The display name for the connector. - type: string + from: tester@example.com + hasAuth: true + host: 'https://example.com' + port: 1025 + secure: false + service: other + connector_type_id: .email + name: email-connector-1 secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_slack_api: - title: Update Slack connector request - type: object - properties: + password: password + user: username + Connectors_create_email_connector_response: + summary: A new email connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - name - - secrets - Connectors_update_connector_request_slack_webhook: - title: Update Slack connector request - type: object - properties: - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - name - - secrets - Connectors_update_connector_request_swimlane: - title: Update Swimlane connector request - type: object - properties: + clientId: null + from: tester@example.com + hasAuth: true + host: 'https://example.com' + oauthTokenUrl: null + port: 1025 + secure: false + service: other + tenantId: null + connector_type_id: .email + id: 90a82c60-478f-11ee-a343-f98a117c727f + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: email-connector-1 + Connectors_create_index_connector_request: + summary: Create an index connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - name - - secrets - Connectors_update_connector_request_teams: - title: Update Microsoft Teams connector request - type: object - properties: - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - name - - secrets - Connectors_update_connector_request_tines: - title: Update Tines connector request - type: object - properties: + index: test-index + connector_type_id: .index + name: my-connector + Connectors_create_index_connector_response: + summary: A new index connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - name - - secrets - Connectors_update_connector_request_torq: - title: Update Torq connector request - type: object - properties: + executionTimeField: null + index: test-index + refresh: false + connector_type_id: .index + id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-connector + Connectors_create_webhook_connector_request: + summary: Create a webhook connector with SSL authentication. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - name: - description: The display name for the connector. - type: string + authType: webhook-authentication-ssl + certType: ssl-crt-key + method: post + url: 'https://example.com' + connector_type_id: .webhook + name: my-webhook-connector secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - name - - secrets - Connectors_update_connector_request_webhook: - title: Update Webhook connector request - type: object - properties: + crt: QmFnIEF0dH... + key: LS0tLS1CRUdJ... + password: my-passphrase + Connectors_create_webhook_connector_response: + summary: A new webhook connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - name - - secrets - Connectors_update_connector_request_xmatters: - title: Update xMatters connector request - type: object - properties: + authType: webhook-authentication-ssl + certType: ssl-crt-key + hasAuth: true + headers: null + method: post + url: 'https://example.com' + verificationMode: full + connector_type_id: .webhook + id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-webhook-connector + Connectors_create_xmatters_connector_request: + summary: Create an xMatters connector with URL authentication. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - name: - description: The display name for the connector. - type: string + usesBasic: false + connector_type_id: .xmatters + name: my-xmatters-connector secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - required: - - config - - name - - secrets - Data_views_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: - type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: + secretsUrl: 'https://example.com?apiKey=xxxxx' + Connectors_create_xmatters_connector_response: + summary: A new xMatters connector. + value: + config: + configUrl: null + usesBasic: false + connector_type_id: .xmatters + id: 4d2d8da0-4d1f-11ee-9367-577408be4681 + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-xmatters-connector + Connectors_get_connector_response: + summary: Get connector details. + value: + config: {} + connector_type_id: .server-log + id: df770e30-8b8b-11ed-a780-3b746c987a81 + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my_server_log_connector + Connectors_get_connector_types_generativeai_response: + summary: A list of connector types for the `generativeAI` feature. + value: + - enabled: true + enabled_in_config: true + enabled_in_license: true + id: .gen-ai + is_system_action_type: false + minimum_license_required: enterprise + name: OpenAI + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - enabled: true + enabled_in_config: true + enabled_in_license: true + id: .bedrock + is_system_action_type: false + minimum_license_required: enterprise + name: AWS Bedrock + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - enabled: true + enabled_in_config: true + enabled_in_license: true + id: .gemini + is_system_action_type: false + minimum_license_required: enterprise + name: Google Gemini + supported_feature_ids: + - generativeAIForSecurity + Connectors_get_connectors_response: + summary: A list of connectors + value: + - connector_type_id: .email + id: preconfigured-email-connector + is_deprecated: false + is_preconfigured: true + is_system_action: false + name: my-preconfigured-email-notification + referenced_by_count: 0 + - config: + executionTimeField: null + index: test-index + refresh: false + connector_type_id: .index + id: e07d0c80-8b8b-11ed-a780-3b746c987a81 + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-index-connector + referenced_by_count: 2 + Connectors_update_index_connector_request: + summary: Update an index connector. + value: + config: + index: updated-index + name: updated-connector + Data_views_create_data_view_request: + summary: Create a data view with runtime fields. + value: + data_view: + name: My Logstash data view + runtimeFieldMap: + runtime_shape_name: + script: + source: 'emit(doc[''shape_name''].value)' + type: keyword + title: logstash-* + Data_views_create_runtime_field_request: + summary: Create a runtime field. + value: + name: runtimeFoo + runtimeField: + script: + source: 'emit(doc["foo"].value)' + type: long + Data_views_get_data_view_response: + summary: >- + The get data view API returns a JSON object that contains information + about the data view. + value: + data_view: + allowNoIndex: false + fieldAttrs: + products.manufacturer: + count: 1 + products.price: + count: 1 + products.product_name: + count: 1 + total_quantity: + count: 1 + fieldFormats: + products.base_price: + id: number + params: + pattern: '$0,0.00' + products.base_unit_price: + id: number + params: + pattern: '$0,0.00' + products.min_price: + id: number + params: + pattern: '$0,0.00' + products.price: + id: number + params: + pattern: '$0,0.00' + products.taxful_price: + id: number + params: + pattern: '$0,0.00' + products.taxless_price: + id: number + params: + pattern: '$0,0.00' + taxful_total_price: + id: number + params: + pattern: '$0,0.[00]' + taxless_total_price: + id: number + params: + pattern: '$0,0.00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category + type: string + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_full_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_full_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_full_name + type: string + customer_gender: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_gender + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_last_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_last_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_last_name + type: string + customer_phone: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_phone + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: day_of_week + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week_i: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + email: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: email + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + event.dataset: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: event.dataset + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.city_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.city_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.continent_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.continent_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.country_iso_code: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.country_iso_code + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.region_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: manufacturer + type: string + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: order_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products._id.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products._id + type: string + products.base_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category + type: string + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: products.created_on + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + products.discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.discount_percentage: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_percentage + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.manufacturer: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.manufacturer + type: string + products.min_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.min_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.price: + aggregatable: true + count: 1 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_id: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + isMapped: true + name: products.product_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_name: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.product_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.product_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.product_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.product_name + type: string + products.quantity: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: products.quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.tax_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.tax_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxful_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.taxful_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxless_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.taxless_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.unit_discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.unit_discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + taxful_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.[00]' + isMapped: true + name: taxful_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + taxless_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: taxless_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_quantity: + aggregatable: true + count: 1 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_unique_products: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_unique_products + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + type: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: + summary: >- + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + value: + data_view: + allowNoIndex: false + fieldAttrs: {} + fieldFormats: + AvgTicketPrice: + id: number + params: + pattern: '$0,0.[00]' + hour_of_day: + id: number + params: + pattern: '00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: The data view name. + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: '$0,0.[00]' + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: The data view name. + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. - type: object - properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: - type: object - properties: - source: - description: Script for the runtime field. + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - description: Mapping type of the runtime field. - type: string - required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object - properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. - type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. - type: string - toId: - description: New saved object reference value to replace the old value. - type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: 'The timestamp field name, which you use for time-based data views.' - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: 'When set to `rollup`, identifies the rollup data views.' - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request - type: object - properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean - required: - - data_view - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. - type: object - properties: - status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall - required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. - type: object - properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: FlightDelayMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelayType: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightDelayType + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. - type: string - version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. + FlightNum: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightNum + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeHour: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightTimeHour + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeMin: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: FlightTimeMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + hour_of_day: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + params: + pattern: '00' + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Origin: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Origin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional + OriginAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. + OriginCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. + OriginCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date - required: - - name - - uuid - - version - - status - - metrics - Machine_learning_APIs_mlSync200Response: - properties: - datafeedsAdded: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. - type: object - datafeedsRemoved: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. - type: object - savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated - savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted - title: Successful sync API response - type: object - Machine_learning_APIs_mlSync4xxResponse: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful sync API response - type: object - Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for anomaly detection jobs - type: object - Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for datafeeds - type: object - Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for data frame analytics jobs - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: 'If saved objects are missing for trained models, they are created.' - type: object - title: Sync API response for created saved objects - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. - type: object - title: Sync API response for deleted saved objects - type: object - Machine_learning_APIs_mlSyncResponseSuccess: - description: The success or failure of the synchronization. - type: boolean - Machine_learning_APIs_mlSyncResponseTrainedModels: + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: 'emit(doc["bar"].value)' + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Serverless_saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Serverless_saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Serverless_saved_objects_import_objects_request: + value: + file: file.ndjson + Serverless_saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + parameters: + Connectors_connector_id: + description: An identifier for the connector. + in: path + name: connectorId + required: true + schema: + example: df770e30-8b8b-11ed-a780-3b746c987a81 + type: string + Connectors_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Machine_learning_APIs_simulateParam: description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for trained models - type: object - Security_AI_Assistant_API_AnonymizationFieldCreateProps: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - field: - type: string - required: - - field - Security_AI_Assistant_API_AnonymizationFieldDetailsInError: - type: object + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Serverless_saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Connectors_401: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + properties: + error: + enum: + - Unauthorized + example: Unauthorized + type: string + message: + type: string + statusCode: + enum: + - 401 + example: 401 + type: integer + title: Unauthorized response + type: object + description: Authorization information is missing or invalid. + Connectors_404: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not + found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + title: Not found response + type: object + description: Object is not found. + schemas: + Connectors_config_properties_bedrock: + description: Defines properties for connectors when type is `.bedrock`. properties: - id: + apiUrl: + description: The Amazon Bedrock request URL. type: string - name: + defaultModel: + default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' + description: > + The generative artificial intelligence model for Amazon Bedrock to + use. Current support is for the Anthropic Claude models. type: string required: - - id - Security_AI_Assistant_API_AnonymizationFieldResponse: + - apiUrl + title: Connector request properties for an Amazon Bedrock connector + type: object + Connectors_config_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. type: object properties: - allowed: - type: boolean - anonymized: - type: boolean - createdAt: + createCommentJson: + description: > + A JSON payload sent to the create comment URL to create a case + comment. You can use variables to add Kibana Cases data to the + payload. The required variable is `case.comment`. Due to Mustache + template variables (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated once the Mustache variables have + been placed when the REST method runs. Manually ensure that the JSON + is valid, disregarding the Mustache variables, so the later + validation will pass. + example: '{"body": {{{case.comment}}}}' type: string - createdBy: + createCommentMethod: + default: put + description: > + The REST API HTTP request method to create a case comment in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - field: + createCommentUrl: + description: > + The REST API URL to create a case comment by ID in the third-party + system. You can use a variable to add the external system ID to the + URL. If you are using the `xpack.actions.allowedHosts setting`, add + the hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.id}}}/comment' type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - namespace: - description: Kibana space + createIncidentJson: + description: > + A JSON payload sent to the create case URL to create a case. You can + use variables to add case data to the payload. Required variables + are `case.title` and `case.description`. Due to Mustache template + variables (which is the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid to avoid future validation errors; disregard Mustache + variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} type: string - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: + createIncidentMethod: + default: post + description: > + The REST API HTTP request method to create a case in the third-party + system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - updatedBy: + createIncidentResponseKey: + description: >- + The JSON key in the create external case response that contains the + case ID. type: string - required: - - id - - field - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason: - enum: - - ANONYMIZATION_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult: - type: object - properties: - id: + createIncidentUrl: + description: > + The REST API URL to create a case in the third-party system. If you + are using the `xpack.actions.allowedHosts` setting, add the hostname + to the allowed hosts. type: string - name: + getIncidentResponseExternalTitleKey: + description: >- + The JSON key in get external case response that contains the case + title. type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason - required: - - id - - skip_reason - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse: - type: object - properties: - anonymization_fields_count: - type: integer - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: + getIncidentUrl: + description: > + The REST API URL to get the case by ID from the third-party system. + If you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. You can use a variable to add the + external system ID to the URL. Due to Mustache template variables + (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid, disregarding the Mustache variables, so the later validation + will pass. + example: 'https://example.com/issue/{{{external.system.id}}}' type: string - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults: - type: object - properties: - created: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult - type: array - updated: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_AnonymizationFieldUpdateProps: - type: object - properties: - allowed: - type: boolean - anonymized: + hasAuth: + default: true + description: >- + If true, a username and password for login type authentication must + be provided. type: boolean - id: + headers: + description: > + A set of key-value pairs sent as headers with the request URLs for + the create case, update case, get case, and create comment methods. type: string - required: - - id - Security_AI_Assistant_API_ApiConfig: - type: object - properties: - actionTypeId: - description: action type id + updateIncidentJson: + description: > + The JSON payload sent to the update case URL to update the case. You + can use variables to add Kibana Cases data to the payload. Required + variables are `case.title` and `case.description`. Due to Mustache + template variables (which is the text enclosed in triple braces, for + example, `{{{case.title}}}`), the JSON is not validated when you + create the connector. The JSON is validated after the Mustache + variables have been placed when REST method runs. Manually ensure + that the JSON is valid to avoid future validation errors; disregard + Mustache variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} type: string - connectorId: - description: connector id + updateIncidentMethod: + default: put + description: > + The REST API HTTP request method to update the case in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - defaultSystemPromptId: - description: defaultSystemPromptId + updateIncidentUrl: + description: > + The REST API URL to update the case by ID in the third-party system. + You can use a variable to add the external system ID to the URL. If + you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.ID}}}' type: string - model: - description: model + viewIncidentUrl: + description: > + The URL to view the case in the external system. You can use + variables to add the external system ID or external system title to + the URL. + example: >- + https://testing-jira.atlassian.net/browse/{{{external.system.title}}} type: string - provider: - $ref: '#/components/schemas/Security_AI_Assistant_API_Provider' - description: Provider required: - - connectorId - - actionTypeId - Security_AI_Assistant_API_BulkCrudActionSummary: - type: object + - createIncidentJson + - createIncidentResponseKey + - createIncidentUrl + - getIncidentResponseExternalTitleKey + - getIncidentUrl + - updateIncidentJson + - updateIncidentUrl + - viewIncidentUrl + title: Connector request properties for Webhook - Case Management connector + Connectors_config_properties_d3security: + description: Defines properties for connectors when type is `.d3security`. properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer + url: + description: > + The D3 Security API request URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string required: - - failed - - skipped - - succeeded - - total - Security_AI_Assistant_API_ChatCompleteProps: + - url + title: Connector request properties for a D3 Security connector + type: object + Connectors_config_properties_email: + description: Defines properties for connectors when type is `.email`. type: object properties: - connectorId: - type: string - conversationId: - type: string - isStream: - type: boolean - langSmithApiKey: - type: string - langSmithProject: + clientId: + description: > + The client identifier, which is a part of OAuth 2.0 client + credentials authentication, in GUID format. If `service` is + `exchange_server`, this property is required. + nullable: true type: string - messages: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessage' - type: array - model: + from: + description: > + The from address for all emails sent by the connector. It must be + specified in `user@host-name` format. type: string - persist: + hasAuth: + default: true + description: > + Specifies whether a user and password are required inside the + secrets configuration. type: boolean - promptId: - type: string - responseLanguage: + host: + description: > + The host name of the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. type: string - required: - - messages - - persist - - connectorId - Security_AI_Assistant_API_ChatMessage: - description: AI assistant message. - type: object - properties: - content: - description: Message content. + oauthTokenUrl: + nullable: true type: string - data: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageData' - description: ECS object to attach to the context of the message. - fields_to_anonymize: - items: - type: string - type: array - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessageRole' - description: Message role. - required: - - role - Security_AI_Assistant_API_ChatMessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_ConversationCategory: - description: The conversation category. - enum: - - assistant - - insights - type: string - Security_AI_Assistant_API_ConversationConfidence: - description: The conversation confidence. - enum: - - low - - medium - - high - type: string - Security_AI_Assistant_API_ConversationCreateProps: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. + port: + description: > + The port to connect to on the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: integer + secure: + description: > + Specifies whether the connection to the service provider will use + TLS. If the `service` is `elastic_cloud` (for Elastic Cloud + notifications) or one of Nodemailer's well-known email service + providers, this property is ignored. type: boolean - id: - description: The conversation id. + service: + description: | + The name of the email service. + enum: + - elastic_cloud + - exchange_server + - gmail + - other + - outlook365 + - ses type: string - isDefault: - description: Is default conversation. - type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - title: - description: The conversation title. + tenantId: + description: > + The tenant identifier, which is part of OAuth 2.0 client credentials + authentication, in GUID format. If `service` is `exchange_server`, + this property is required. + nullable: true type: string required: - - title - Security_AI_Assistant_API_ConversationResponse: - type: object + - from + title: Connector request properties for an email connector + Connectors_config_properties_gemini: + description: Defines properties for connectors when type is `.gemini`. properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - createdAt: - description: The last time conversation was updated. + apiUrl: + description: The Google Gemini request URL. type: string - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - description: Is default conversation. - type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - namespace: - description: Kibana space + defaultModel: + default: gemini-1.5-pro-001 + description: >- + The generative artificial intelligence model for Google Gemini to + use. type: string - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - title: - description: The conversation title. + gcpProjectID: + description: The Google ProjectID that has Vertex AI endpoint enabled. type: string - updatedAt: - description: The last time conversation was updated. + gcpRegion: + description: The GCP region where the Vertex AI endpoint enabled. type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array required: - - id - - title - - createdAt - - users - - namespace - - category - Security_AI_Assistant_API_ConversationSummary: + - apiUrl + - gcpRegion + - gcpProjectID + title: Connector request properties for an Google Gemini connector type: object + Connectors_config_properties_genai: + description: Defines properties for connectors when type is `.gen-ai`. + discriminator: + mapping: + Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' + OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' + propertyName: apiProvider + oneOf: + - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' + - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' + title: Connector request properties for an OpenAI connector + Connectors_config_properties_genai_azure: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `Azure OpenAI'. properties: - confidence: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationConfidence - description: >- - How confident you are about this being a correct and useful - learning. - content: - description: Summary text of the conversation over time. + apiProvider: + description: The OpenAI API provider. + enum: + - Azure OpenAI type: string - public: - description: Define if summary is marked as publicly available. - type: boolean - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp summary was updated. - Security_AI_Assistant_API_ConversationUpdateProps: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - title: - description: The conversation title. + apiUrl: + description: The OpenAI API endpoint. type: string required: - - id - Security_AI_Assistant_API_FindAnonymizationFieldsSortField: - enum: - - created_at - - anonymized - - allowed - - field - - updated_at - type: string - Security_AI_Assistant_API_FindConversationsSortField: - enum: - - created_at - - is_default - - title - - updated_at - type: string - Security_AI_Assistant_API_FindPromptsSortField: - enum: - - created_at - - is_default - - name - - updated_at - type: string - Security_AI_Assistant_API_Message: - description: AI assistant conversation message. + - apiProvider + - apiUrl + title: >- + Connector request properties for an OpenAI connector that uses Azure + OpenAI type: object + Connectors_config_properties_genai_openai: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `OpenAI'. properties: - content: - description: Message content. + apiProvider: + description: The OpenAI API provider. + enum: + - OpenAI type: string - isError: - description: Is error message. - type: boolean - reader: - $ref: '#/components/schemas/Security_AI_Assistant_API_Reader' - description: Message content. - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageRole' - description: Message role. - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp message was sent or received. - traceData: - $ref: '#/components/schemas/Security_AI_Assistant_API_TraceData' - description: trace Data - required: - - timestamp - - content - - role - Security_AI_Assistant_API_MessageData: - additionalProperties: true - type: object - Security_AI_Assistant_API_MessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_AI_Assistant_API_NormalizedAnonymizationFieldError: - type: object - properties: - anonymization_fields: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError - type: array - err_code: + apiUrl: + description: The OpenAI API endpoint. type: string - message: + defaultModel: + description: The default model to use for requests. type: string - status_code: - type: integer required: - - message - - status_code - - anonymization_fields - Security_AI_Assistant_API_NormalizedPromptError: + - apiProvider + - apiUrl + title: Connector request properties for an OpenAI connector + type: object + Connectors_config_properties_index: + description: Defines properties for connectors when type is `.index`. type: object properties: - err_code: + executionTimeField: + default: null + description: A field that indicates when the document was indexed. + nullable: true type: string - message: + index: + description: The Elasticsearch index to be written to. type: string - prompts: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError - type: array - status_code: - type: integer + refresh: + default: false + description: > + The refresh policy for the write request, which affects when changes + are made visible to search. Refer to the refresh setting for + Elasticsearch document APIs. + type: boolean required: - - message - - status_code - - prompts - Security_AI_Assistant_API_PromptCreateProps: + - index + title: Connector request properties for an index connector + Connectors_config_properties_jira: + description: Defines properties for connectors when type is `.jira`. type: object properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: + apiUrl: + description: The Jira instance URL. type: string - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - name: + projectKey: + description: The Jira project key. type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' required: - - name - - content - - promptType - Security_AI_Assistant_API_PromptDetailsInError: + - apiUrl + - projectKey + title: Connector request properties for a Jira connector + Connectors_config_properties_opsgenie: + description: Defines properties for connectors when type is `.opsgenie`. type: object properties: - id: - type: string - name: + apiUrl: + description: > + The Opsgenie URL. For example, `https://api.opsgenie.com` or + `https://api.eu.opsgenie.com`. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string required: - - id - Security_AI_Assistant_API_PromptResponse: - type: object + - apiUrl + title: Connector request properties for an Opsgenie connector + Connectors_config_properties_pagerduty: + description: Defines properties for connectors when type is `.pagerduty`. properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - createdAt: - type: string - createdBy: - type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - name: - type: string - namespace: - description: Kibana space - type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: - type: string - updatedBy: + apiUrl: + description: The PagerDuty event URL. + example: 'https://events.pagerduty.com/v2/enqueue' + nullable: true type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id - - name - - promptType - - content - Security_AI_Assistant_API_PromptsBulkActionSkipReason: - enum: - - PROMPT_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_PromptsBulkActionSkipResult: + title: Connector request properties for a PagerDuty connector + type: object + Connectors_config_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. type: object properties: - id: + apiUrl: + description: The IBM Resilient instance URL. type: string - name: + orgId: + description: The IBM Resilient organization ID. type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason required: - - id - - skip_reason - Security_AI_Assistant_API_PromptsBulkCrudActionResponse: + - apiUrl + - orgId + title: Connector request properties for a IBM Resilient connector + Connectors_config_properties_sentinelone: + description: Defines properties for connectors when type is `.sentinelone`. type: object properties: - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: + url: + description: > + The SentinelOne tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - prompts_count: - type: integer - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_AI_Assistant_API_PromptsBulkCrudActionResults: - type: object - properties: - created: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult - type: array - updated: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_PromptType: - description: Prompt type - enum: - - system - - quick - type: string - Security_AI_Assistant_API_PromptUpdateProps: + - url + title: Connector request properties for a SentinelOne connector + Connectors_config_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. type: object properties: - categories: - items: - type: string - type: array - color: + apiUrl: + description: The ServiceNow instance URL. type: string - consumer: + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. type: string - content: + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. type: string - id: + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. type: string - isDefault: - type: boolean - isNewConversationDefault: + usesTableApi: + default: true + description: > + Determines whether the connector uses the Table API or the Import + Set API. This property is supported only for ServiceNow ITSM and + ServiceNow SecOps connectors. NOTE: If this property is set to + `false`, the Elastic application should be installed in ServiceNow. type: boolean required: - - id - Security_AI_Assistant_API_Provider: - description: Provider - enum: - - OpenAI - - Azure OpenAI - type: string - Security_AI_Assistant_API_Reader: - additionalProperties: true - type: object - Security_AI_Assistant_API_Replacements: - additionalProperties: - type: string - description: Replacements object used to anonymize/deanomymize messsages - type: object - Security_AI_Assistant_API_SortOrder: - enum: - - asc - - desc - type: string - Security_AI_Assistant_API_TraceData: - description: trace Data + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_servicenow_itom: + description: Defines properties for connectors when type is `.servicenow`. type: object properties: - traceId: - description: 'Could be any string, not necessarily a UUID' + apiUrl: + description: The ServiceNow instance URL. type: string - transactionId: - description: 'Could be any string, not necessarily a UUID' + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. type: string - Security_AI_Assistant_API_User: - description: 'Could be any string, not necessarily a UUID' - type: object - properties: - id: - description: User id + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. type: string - name: - description: User name + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. type: string - Security_Solution_Detections_API_AlertAssignees: - type: object - properties: - add: - description: A list of users ids to assign. - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: array - remove: - description: A list of users ids to unassign. - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: array required: - - add - - remove - Security_Solution_Detections_API_AlertIds: - description: A list of alerts ids. - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - minItems: 1 - type: array - Security_Solution_Detections_API_AlertsIndex: - deprecated: true - description: (deprecated) Has no effect. - type: string - Security_Solution_Detections_API_AlertsIndexNamespace: - description: Has no effect. - type: string - Security_Solution_Detections_API_AlertsSort: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations - - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations - type: array - Security_Solution_Detections_API_AlertsSortCombinations: - anyOf: - - type: string - - additionalProperties: true - type: object - Security_Solution_Detections_API_AlertStatus: - enum: - - open - - closed - - acknowledged - - in-progress - type: string - Security_Solution_Detections_API_AlertSuppression: - type: object - properties: - duration: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration - group_by: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionGroupBy - missing_fields_strategy: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy - required: - - group_by - Security_Solution_Detections_API_AlertSuppressionDuration: - type: object + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_slack_api: + description: Defines properties for connectors when type is `.slack_api`. properties: - unit: - enum: - - s - - m - - h - type: string - value: - minimum: 1 - type: integer - required: - - value - - unit - Security_Solution_Detections_API_AlertSuppressionGroupBy: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy: - description: >- - Describes how alerts will be generated for documents with missing - suppress by fields: - - doNotSuppress - per each document a separate alert will be created - - suppress - only alert will be created per suppress by bucket - enum: - - doNotSuppress - - suppress - type: string - Security_Solution_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_AlertTags: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTag' - type: array - Security_Solution_Detections_API_AnomalyThreshold: - description: Anomaly threshold - minimum: 0 - type: integer - Security_Solution_Detections_API_BuildingBlockType: - description: >- - Determines if the rule acts as a building block. By default, - building-block alerts are not displayed in the UI. These rules are used - as a foundation for other rules that do generate alerts. Its value must - be default. - type: string - Security_Solution_Detections_API_BulkActionEditPayload: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTags - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTimeline - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadRuleActions - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadSchedule - Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns: + allowedChannels: + description: A list of valid Slack channels. + items: + maxItems: 25 + type: object + properties: + id: + description: The Slack channel ID. + example: C123ABC456 + minLength: 1 + type: string + name: + description: The Slack channel name. + minLength: 1 + type: string + required: + - id + - name + type: array + title: Connector request properties for a Slack connector type: object - properties: - overwrite_data_views: - type: boolean - type: - enum: - - add_index_patterns - - delete_index_patterns - - set_index_patterns - type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields: + Connectors_config_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. type: object properties: - type: - enum: - - add_investigation_fields - - delete_investigation_fields - - set_investigation_fields + apiUrl: + description: The Swimlane instance URL. type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadRuleActions: - type: object - properties: - type: - enum: - - add_rule_actions - - set_rule_actions + appId: + description: The Swimlane application ID. type: string - value: - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleAction - type: array - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThrottleForBulkActions - required: - - actions - required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadSchedule: - type: object - properties: - type: + connectorType: + description: >- + The type of connector. Valid values are `all`, `alerts`, and + `cases`. enum: - - set_schedule + - all + - alerts + - cases type: string - value: - type: object + mappings: + description: The field mapping. properties: - interval: - description: >- - Interval in which the rule runs. For example, `"1h"` means the - rule runs every hour. - example: 1h - pattern: '^[1-9]\d*[smh]$' - type: string - lookback: - description: Lookback time for the rule - example: 1h - pattern: '^[1-9]\d*[smh]$' - type: string - required: - - interval - - lookback - required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadTags: - type: object - properties: - type: - enum: - - add_tags - - delete_tags - - set_tags - type: string - value: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleTagArray' - required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadTimeline: - type: object - properties: - type: - enum: - - set_timeline - type: string - value: + alertIdConfig: + description: Mapping for the alert ID. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Alert identifier mapping + type: object + caseIdConfig: + description: Mapping for the case ID. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case identifier mapping + type: object + caseNameConfig: + description: Mapping for the case name. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case name mapping + type: object + commentsConfig: + description: Mapping for the case comments. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case comment mapping + type: object + descriptionConfig: + description: Mapping for the case description. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case description mapping + type: object + ruleNameConfig: + description: Mapping for the name of the alert's rule. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Rule name mapping + type: object + severityConfig: + description: Mapping for the severity. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Severity mapping + type: object + title: Connector mappings properties for a Swimlane connector type: object - properties: - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - required: - - timeline_id - - timeline_title - required: - - type - - value - Security_Solution_Detections_API_BulkActionsDryRunErrCode: - enum: - - IMMUTABLE - - MACHINE_LEARNING_AUTH - - MACHINE_LEARNING_INDEX_PATTERN - - ESQL_INDEX_PATTERN - - MANUAL_RULE_RUN_FEATURE - - MANUAL_RULE_RUN_DISABLED_RULE - type: string - Security_Solution_Detections_API_BulkActionSkipResult: - type: object - properties: - id: - type: string - name: - type: string - skip_reason: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditSkipReason required: - - id - - skip_reason - Security_Solution_Detections_API_BulkDeleteRules: - type: object + - apiUrl + - appId + - connectorType + title: Connector request properties for a Swimlane connector + Connectors_config_properties_tines: + description: Defines properties for connectors when type is `.tines`. properties: - action: - enum: - - delete - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + url: + description: > + The Tines tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, make sure this hostname is + added to the allowed hosts. type: string required: - - action - Security_Solution_Detections_API_BulkDisableRules: + - url + title: Connector request properties for a Tines connector type: object + Connectors_config_properties_torq: + description: Defines properties for connectors when type is `.torq`. properties: - action: - enum: - - disable - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + webhookIntegrationUrl: + description: The endpoint URL of the Elastic Security integration in Torq. type: string required: - - action - Security_Solution_Detections_API_BulkDuplicateRules: + - webhookIntegrationUrl + title: Connector request properties for a Torq connector type: object + Connectors_config_properties_webhook: + description: Defines properties for connectors when type is `.webhook`. properties: - action: + authType: + description: | + The type of authentication to use: basic, SSL, or none. enum: - - duplicate + - webhook-authentication-basic + - webhook-authentication-ssl + nullable: true type: string - duplicate: - type: object - properties: - include_exceptions: - description: Whether to copy exceptions from the original rule - type: boolean - include_expired_exceptions: - description: Whether to copy expired exceptions from the original rule - type: boolean - required: - - include_exceptions - - include_expired_exceptions - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + ca: + description: > + A base64 encoded version of the certificate authority file that the + connector can trust to sign and validate certificates. This option + is available for all authentication types. type: string - required: - - action - Security_Solution_Detections_API_BulkEditActionResponse: - type: object - properties: - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleError - type: array - results: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResults - summary: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionSummary - required: - - results - - summary - message: + certType: + description: > + If the `authType` is `webhook-authentication-ssl`, specifies whether + the certificate authentication data is in a CRT and key file format + or a PFX file format. + enum: + - ssl-crt-key + - ssl-pfx type: string - rules_count: - type: integer - status_code: - type: integer - success: + hasAuth: + description: > + If `true`, a user name and password must be provided for login type + authentication. type: boolean - required: - - attributes - Security_Solution_Detections_API_BulkEditActionResults: - type: object - properties: - created: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - type: array - deleted: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionSkipResult - type: array - updated: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - type: array - required: - - updated - - created - - deleted - - skipped - Security_Solution_Detections_API_BulkEditActionSummary: - type: object - properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer - required: - - failed - - skipped - - succeeded - - total - Security_Solution_Detections_API_BulkEditRules: - type: object - properties: - action: + headers: + description: A set of key-value pairs sent as headers with the request. + nullable: true + type: object + method: + default: post + description: | + The HTTP request method, either `post` or `put`. enum: - - edit + - post + - put type: string - edit: - description: Array of objects containing the edit operations - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayload - minItems: 1 - type: array - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + url: + description: > + The request URL. If you are using the `xpack.actions.allowedHosts` + setting, add the hostname to the allowed hosts. type: string - required: - - action - - edit - Security_Solution_Detections_API_BulkEditSkipReason: - enum: - - RULE_NOT_MODIFIED - type: string - Security_Solution_Detections_API_BulkEnableRules: - type: object - properties: - action: + verificationMode: + default: full + description: > + Controls the verification of certificates. Use `full` to validate + that the certificate has an issue date within the `not_before` and + `not_after` dates, chains to a trusted certificate authority (CA), + and has a hostname or IP address that matches the names within the + certificate. Use `certificate` to validate the certificate and + verify that it is signed by a trusted authority; this option does + not check the certificate hostname. Use `none` to skip certificate + validation. enum: - - enable - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + - certificate + - full + - none type: string - required: - - action - Security_Solution_Detections_API_BulkExportActionResponse: - type: string - Security_Solution_Detections_API_BulkExportRules: + title: Connector request properties for a Webhook connector type: object + Connectors_config_properties_xmatters: + description: Defines properties for connectors when type is `.xmatters`. properties: - action: - enum: - - export - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + configUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters. It is + applicable only when `usesBasic` is `true`. + nullable: true type: string - required: - - action - Security_Solution_Detections_API_BulkManualRuleRun: + usesBasic: + default: true + description: >- + Specifies whether the connector uses HTTP basic authentication + (`true`) or URL authentication (`false`). + type: boolean + title: Connector request properties for an xMatters connector type: object - properties: - action: - enum: - - run - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - run: - type: object - properties: - end_date: - description: End date of the manual rule run - type: string - start_date: - description: Start date of the manual rule run - type: string - required: - - start_date - required: - - action - - run - Security_Solution_Detections_API_ConcurrentSearches: - minimum: 1 - type: integer - Security_Solution_Detections_API_DataViewId: - type: string - Security_Solution_Detections_API_DefaultParams: + Connectors_connector_response_properties: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + .cases-webhook: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + .d3security: >- + #/components/schemas/Connectors_connector_response_properties_d3security + .email: '#/components/schemas/Connectors_connector_response_properties_email' + .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' + .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' + .index: '#/components/schemas/Connectors_connector_response_properties_index' + .jira: '#/components/schemas/Connectors_connector_response_properties_jira' + .opsgenie: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + .pagerduty: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + .resilient: >- + #/components/schemas/Connectors_connector_response_properties_resilient + .sentinelone: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + .server-log: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + .servicenow: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + .servicenow-itom: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + .slack: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + .slack_api: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + .swimlane: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + .teams: '#/components/schemas/Connectors_connector_response_properties_teams' + .tines: '#/components/schemas/Connectors_connector_response_properties_tines' + .torq: '#/components/schemas/Connectors_connector_response_properties_torq' + .webhook: >- + #/components/schemas/Connectors_connector_response_properties_webhook + .xmatters: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + propertyName: connector_type_id + oneOf: + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_d3security + - $ref: '#/components/schemas/Connectors_connector_response_properties_email' + - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' + - $ref: '#/components/schemas/Connectors_connector_response_properties_index' + - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_resilient + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' + - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' + - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + title: Connector response properties + Connectors_connector_response_properties_bedrock: + title: Connector response properties for an Amazon Bedrock connector type: object properties: - command: + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. enum: - - isolate + - .bedrock + type: string + id: + description: The identifier for the connector. type: string - comment: + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string required: - - command - Security_Solution_Detections_API_EcsMapping: - additionalProperties: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array - type: object - Security_Solution_Detections_API_EndpointResponseAction: + - config + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_cases_webhook: + title: Connector request properties for a Webhook - Case Management connector type: object properties: - action_type_id: + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. enum: - - .endpoint + - .cases-webhook type: string - params: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_DefaultParams - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ProcessesParams + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action_type_id - - params - Security_Solution_Detections_API_EqlOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - event_category_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EventCategoryOverride - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - tiebreaker_field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TiebreakerField - timestamp_field: - $ref: '#/components/schemas/Security_Solution_Detections_API_TimestampField' - Security_Solution_Detections_API_EqlQueryLanguage: - enum: - - eql - type: string - Security_Solution_Detections_API_EqlRequiredFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_d3security: + title: Connector response properties for a D3 Security connector type: object properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage - description: Query language to use - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. enum: - - eql + - .d3security type: string - required: - - type - - query - - language - Security_Solution_Detections_API_EqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleResponseFields - Security_Solution_Detections_API_EqlRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_EqlRulePatchFields: - allOf: - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage - description: Query language to use - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type - enum: - - eql - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchFields - Security_Solution_Detections_API_EqlRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_ErrorSchema: - additionalProperties: false - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message id: + description: The identifier for the connector. type: string - item_id: - minLength: 1 - type: string - list_id: - minLength: 1 + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - error - Security_Solution_Detections_API_EsqlQueryLanguage: - enum: - - esql - type: string - Security_Solution_Detections_API_EsqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleResponseFields - Security_Solution_Detections_API_EsqlRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EsqlRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - Security_Solution_Detections_API_EsqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: ESQL query to execute - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - type: - description: Rule type - enum: - - esql - type: string - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - Security_Solution_Detections_API_EsqlRuleRequiredFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_email: + title: Connector response properties for an email connector type: object properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: ESQL query to execute - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. enum: - - esql + - .email + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - language - - query - Security_Solution_Detections_API_EsqlRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EventCategoryOverride: - type: string - Security_Solution_Detections_API_ExceptionListType: - description: The exception type - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Solution_Detections_API_ExternalRuleSource: - description: >- - Type of rule source for externally sourced rules, i.e. rules that have - an external source, such as the Elastic Prebuilt rules repo. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_gemini: + title: Connector response properties for a Google Gemini connector type: object properties: - is_customized: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsExternalRuleCustomized - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. enum: - - external + - .gemini + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - is_customized - Security_Solution_Detections_API_FindRulesSortField: - enum: - - created_at - - createdAt - - enabled - - execution_summary.last_execution.date - - execution_summary.last_execution.metrics.execution_gap_duration_s - - execution_summary.last_execution.metrics.total_indexing_duration_ms - - execution_summary.last_execution.metrics.total_search_duration_ms - - execution_summary.last_execution.status + - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - risk_score - - riskScore - - severity - - updated_at - - updatedAt - type: string - Security_Solution_Detections_API_HistoryWindowStart: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_IndexPatternArray: - items: - type: string - type: array - Security_Solution_Detections_API_InternalRuleSource: - description: >- - Type of rule source for internally sourced rules, i.e. created within - the Kibana apps. + Connectors_connector_response_properties_genai: + title: Connector response properties for an OpenAI connector type: object properties: - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. enum: - - internal + - .gen-ai + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - Security_Solution_Detections_API_InvestigationFields: - description: > - Schema for fields relating to investigation fields. These are user - defined fields we use to highlight - - in various features in the UI such as alert details flyout and - exceptions auto-population from alert. - - Added in PR #163235 - - Right now we only have a single field but anticipate adding more related - fields to store various - - configuration states such as `override` - where a user might say if they - want only these fields to - - display, or if they want these fields + the fields we select. When - expanding this field, it may look - - something like: - - ```typescript - - const investigationFields = z.object({ - field_names: NonEmptyArray(NonEmptyString), - override: z.boolean().optional(), - }); - - ``` + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_index: + title: Connector response properties for an index connector type: object properties: - field_names: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - minItems: 1 - type: array + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. + enum: + - .index + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - field_names - Security_Solution_Detections_API_InvestigationGuide: - description: Notes to help investigate alerts produced by the rule. - type: string - Security_Solution_Detections_API_IsExternalRuleCustomized: - description: >- - Determines whether an external/prebuilt rule has been customized by the - user (i.e. any of its fields have been modified and diverged from the - base value). - type: boolean - Security_Solution_Detections_API_IsRuleEnabled: - description: Determines whether the rule is enabled. - type: boolean - Security_Solution_Detections_API_IsRuleImmutable: - deprecated: true - description: >- - This field determines whether the rule is a prebuilt Elastic rule. It - will be replaced with the `rule_source` field. - type: boolean - Security_Solution_Detections_API_ItemsPerSearch: - minimum: 1 - type: integer - Security_Solution_Detections_API_KqlQueryLanguage: - enum: - - kuery - - lucene - type: string - Security_Solution_Detections_API_MachineLearningJobId: - description: Machine learning job ID - oneOf: - - type: string - - items: - type: string - minItems: 1 - type: array - Security_Solution_Detections_API_MachineLearningRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleResponseFields - Security_Solution_Detections_API_MachineLearningRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MachineLearningRuleOptionalFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_jira: + title: Connector response properties for a Jira connector type: object properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - Security_Solution_Detections_API_MachineLearningRulePatchFields: - allOf: - - type: object - properties: - anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold - machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId - type: - description: Rule type - enum: - - machine_learning - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchFields - Security_Solution_Detections_API_MachineLearningRuleRequiredFields: + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. + enum: + - .jira + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_opsgenie: + title: Connector response properties for an Opsgenie connector type: object properties: - anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold - machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. enum: - - machine_learning + - .opsgenie type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - machine_learning_job_id - - anomaly_threshold - Security_Solution_Detections_API_MachineLearningRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MaxSignals: - minimum: 1 - type: integer - Security_Solution_Detections_API_NewTermsFields: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Solution_Detections_API_NewTermsRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleResponseFields - Security_Solution_Detections_API_NewTermsRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NewTermsRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_NewTermsRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - Security_Solution_Detections_API_NewTermsRulePatchFields: - allOf: - - type: object - properties: - history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart - new_terms_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsFields - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchFields - Security_Solution_Detections_API_NewTermsRuleRequiredFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_pagerduty: + title: Connector response properties for a PagerDuty connector type: object properties: - history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart - new_terms_fields: - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. enum: - - new_terms + - .pagerduty + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - query - - new_terms_fields - - history_window_start - Security_Solution_Detections_API_NewTermsRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_NewTermsRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Detections_API_NormalizedRuleAction: - additionalProperties: false + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_resilient: + title: Connector response properties for a IBM Resilient connector type: object properties: - alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter - frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency - group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. + enum: + - .resilient + type: string id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' - params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id - id - - params - Security_Solution_Detections_API_NormalizedRuleError: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_sentinelone: + title: Connector response properties for a SentinelOne connector type: object properties: - err_code: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionsDryRunErrCode - message: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. + enum: + - .sentinelone type: string - rules: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDetailsInError - type: array - status_code: - type: integer + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - message - - status_code - - rules - Security_Solution_Detections_API_OsqueryParams: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_serverlog: + title: Connector response properties for a server log connector type: object properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' - pack_id: - type: string - queries: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryQuery' - type: array - query: - type: string - saved_query_id: + config: + nullable: true + type: object + connector_type_id: + description: The type of connector. + enum: + - .server-log type: string - timeout: - type: number - Security_Solution_Detections_API_OsqueryQuery: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' id: - description: Query ID - type: string - platform: - type: string - query: - description: Query to run + description: The identifier for the connector. type: string - removed: - type: boolean - snapshot: - type: boolean - version: - description: Query version + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id - id - - query - Security_Solution_Detections_API_OsqueryResponseAction: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow: + title: Connector response properties for a ServiceNow ITSM connector type: object properties: - action_type_id: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. enum: - - .osquery + - .servicenow type: string - params: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryParams' - required: - - action_type_id - - params - Security_Solution_Detections_API_PlatformErrorResponse: - type: object - properties: - error: + id: + description: The identifier for the connector. type: string - message: + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - statusCode: - type: integer + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - statusCode - - error - - message - Security_Solution_Detections_API_ProcessesParams: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_itom: + title: Connector response properties for a ServiceNow ITOM connector type: object properties: - command: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. enum: - - kill-process - - suspend-process + - .servicenow-itom type: string - comment: + id: + description: The identifier for the connector. type: string - config: - type: object - properties: - field: - description: Field to use instead of process.pid - type: string - overwrite: - default: true - description: Whether to overwrite field with process.pid - type: boolean - required: - - field + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - command - - config - Security_Solution_Detections_API_QueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleResponseFields - Security_Solution_Detections_API_QueryRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_QueryRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - Security_Solution_Detections_API_QueryRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - response_actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction - type: array - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_QueryRulePatchFields: - allOf: - - type: object - properties: - type: - description: Rule type - enum: - - query - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchFields - Security_Solution_Detections_API_QueryRuleRequiredFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_sir: + title: Connector response properties for a ServiceNow SecOps connector type: object properties: - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. enum: - - query + - .servicenow-sir + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - Security_Solution_Detections_API_QueryRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - required: - - query - - language - Security_Solution_Detections_API_QueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_RelatedIntegration: - description: > - Related integration is a potential dependency of a rule. It's assumed - that if the user installs - - one of the related integrations of a rule, the rule might start to work - properly because it will - - have source events (generated by this integration) potentially matching - the rule's query. - - - NOTE: Proper work is not guaranteed, because a related integration, if - installed, can be - - configured differently or generate data that is not necessarily relevant - for this rule. - - - Related integration is a combination of a Fleet package and (optionally) - one of the - - package's "integrations" that this package contains. It is represented - by 3 properties: - - - - `package`: name of the package (required, unique id) - - - `version`: version of the package (required, semver-compatible) - - - `integration`: name of the integration of this package (optional, id - within the package) - - - There are Fleet packages like `windows` that contain only one - integration; in this case, - - `integration` should be unspecified. There are also packages like `aws` - and `azure` that contain - - several integrations; in this case, `integration` should be specified. - - - @example - - const x: RelatedIntegration = { - package: 'windows', - version: '1.5.x', - }; - - - @example - - const x: RelatedIntegration = { - package: 'azure', - version: '~1.1.6', - integration: 'activitylogs', - }; + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_api: + title: Connector response properties for a Slack connector type: object properties: - integration: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - package: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - version: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. + enum: + - .slack_api + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - package - - version - Security_Solution_Detections_API_RelatedIntegrationArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegration - type: array - Security_Solution_Detections_API_RequiredField: - description: > - Describes an Elasticsearch field that is needed for the rule to - function. - - - Almost all types of Security rules check source event documents for a - match to some kind of - - query or filter. If a document has certain field with certain values, - then it's a match and - - the rule will generate an alert. - - - Required field is an event field that must be present in the source - indices of a given rule. - - - @example - - const standardEcsField: RequiredField = { - name: 'event.action', - type: 'keyword', - ecs: true, - }; - - - @example - - const nonEcsField: RequiredField = { - name: 'winlog.event_data.AttributeLDAPDisplayName', - type: 'keyword', - ecs: false, - }; + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_webhook: + title: Connector response properties for a Slack connector type: object properties: - ecs: - description: Whether the field is an ECS field - type: boolean + connector_type_id: + description: The type of connector. + enum: + - .slack + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Type of the Elasticsearch field + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - type - - ecs - Security_Solution_Detections_API_RequiredFieldArray: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RequiredField' - type: array - Security_Solution_Detections_API_RequiredFieldInput: - description: >- - Input parameters to create a RequiredField. Does not include the `ecs` - field, because `ecs` is calculated on the backend based on the field - name and type. + Connectors_connector_response_properties_swimlane: + title: Connector response properties for a Swimlane connector type: object properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: + description: The type of connector. + enum: + - .swimlane + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Type of an Elasticsearch field + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - type - Security_Solution_Detections_API_ResponseAction: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_OsqueryResponseAction - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EndpointResponseAction - Security_Solution_Detections_API_ResponseFields: + Connectors_connector_response_properties_teams: + title: Connector response properties for a Microsoft Teams connector type: object properties: - created_at: - format: date-time - type: string - created_by: + config: + type: object + connector_type_id: + description: The type of connector. + enum: + - .teams type: string - execution_summary: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionSummary id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' - immutable: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleImmutable - required_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldArray - revision: - minimum: 0 - type: integer - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_source: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleSource' - updated_at: - format: date-time + description: The identifier for the connector. type: string - updated_by: + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id - id - - rule_id - - immutable - - updated_at - - updated_by - - created_at - - created_by - - revision - - related_integrations - - required_fields - Security_Solution_Detections_API_RiskScore: - description: Risk score (0 to 100) - maximum: 100 - minimum: 0 - type: integer - Security_Solution_Detections_API_RiskScoreMapping: - description: >- - Overrides generated alerts' risk_score with a value from the source - event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - value: - type: string - required: - - field - - operator - - value - type: array - Security_Solution_Detections_API_RuleAction: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_tines: + title: Connector response properties for a Tines connector type: object properties: - action_type_id: - description: The action type used for sending notifications. + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + description: The type of connector. + enum: + - .tines type: string - alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter - frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency - group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' - params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams - uuid: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action_type_id + - connector_type_id - id - - params - Security_Solution_Detections_API_RuleActionAlertsFilter: - additionalProperties: true - type: object - Security_Solution_Detections_API_RuleActionFrequency: - description: >- - The action frequency defines when the action runs (for example, only on - rule execution or at specific time intervals). + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_torq: + title: Connector response properties for a Torq connector type: object properties: - notifyWhen: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionNotifyWhen - summary: - description: >- - Action summary indicates whether we will send a summary notification - about all the generate alerts or notification per individual alert - type: boolean - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - nullable: true - required: - - summary - - notifyWhen - - throttle - Security_Solution_Detections_API_RuleActionGroup: - description: >- - Optionally groups actions by use cases. Use `default` for alert - notifications. - type: string - Security_Solution_Detections_API_RuleActionId: - description: The connector ID. - type: string - Security_Solution_Detections_API_RuleActionNotifyWhen: - description: >- - The condition for throttling the notification: `onActionGroupChange`, - `onActiveAlert`, or `onThrottleInterval` - enum: - - onActiveAlert - - onThrottleInterval - - onActionGroupChange - type: string - Security_Solution_Detections_API_RuleActionParams: - additionalProperties: true - description: >- - Object containing the allowed connector fields, which varies according - to the connector type. - type: object - Security_Solution_Detections_API_RuleActionThrottle: - description: Defines how often rule actions are taken. - oneOf: - - enum: - - no_actions - - rule + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: + description: The type of connector. + enum: + - .torq type: string - - description: 'Time interval in seconds, minutes, hours, or days.' - example: 1h - pattern: '^[1-9]\d*[smhd]$' + id: + description: The identifier for the connector. type: string - Security_Solution_Detections_API_RuleAuthorArray: - items: - type: string - type: array - Security_Solution_Detections_API_RuleCreateProps: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps - discriminator: - propertyName: type - Security_Solution_Detections_API_RuleDescription: - minLength: 1 - type: string - Security_Solution_Detections_API_RuleDetailsInError: + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_webhook: + title: Connector response properties for a Webhook connector type: object properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + description: The type of connector. + enum: + - .webhook + type: string id: + description: The identifier for the connector. type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id - id - Security_Solution_Detections_API_RuleExceptionList: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_xmatters: + title: Connector response properties for an xMatters connector type: object properties: - id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: ID of the exception container - list_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: List ID of the exception container - namespace_type: - description: Determines the exceptions validity in rule's Kibana space + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: + description: The type of connector. enum: - - agnostic - - single + - .xmatters type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExceptionListType + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id - id - - list_id - - type - - namespace_type - Security_Solution_Detections_API_RuleExecutionMetrics: - type: object - properties: - execution_gap_duration_s: - description: Duration in seconds of execution gap - minimum: 0 - type: integer - total_enrichment_duration_ms: - description: >- - Total time spent enriching documents during current rule execution - cycle - minimum: 0 - type: integer - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during current rule execution - cycle - minimum: 0 - type: integer - total_search_duration_ms: - description: >- - Total time spent performing ES searches as measured by Kibana; - includes network latency and time spent serializing/deserializing - request/response - minimum: 0 - type: integer - Security_Solution_Detections_API_RuleExecutionStatus: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_types: description: >- - Custom execution status of Security rules that is different from the - status used in the Alerting Framework. We merge our custom status with - the Framework's status to determine the resulting status of a rule. - - - going to run - @deprecated Replaced by the 'running' status but left - for backwards compatibility with rule execution events already written - to Event Log in the prior versions of Kibana. Don't use when writing - rule status changes. - - - running - Rule execution started but not reached any intermediate or - final status. - - - partial failure - Rule can partially fail for various reasons either - in the middle of an execution (in this case we update its status right - away) or in the end of it. So currently this status can be both - intermediate and final at the same time. A typical reason for a partial - failure: not all the indices that the rule searches over actually exist. - - - failed - Rule failed to execute due to unhandled exception or a reason - defined in the business logic of its executor function. - - - succeeded - Rule executed successfully without any issues. Note: this - status is just an indication of a rule's "health". The rule might or - might not generate any alerts despite of it. + The type of connector. For example, `.email`, `.index`, `.jira`, + `.opsgenie`, or `.server-log`. enum: - - going to run - - running - - partial failure - - failed - - succeeded - type: string - Security_Solution_Detections_API_RuleExecutionStatusOrder: - type: integer - Security_Solution_Detections_API_RuleExecutionSummary: - type: object - properties: - last_execution: - type: object - properties: - date: - description: Date of the last execution - format: date-time - type: string - message: - type: string - metrics: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionMetrics - status: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatus - description: Status of the last execution - status_order: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatusOrder - required: - - date - - status - - status_order - - message - - metrics - required: - - last_execution - Security_Solution_Detections_API_RuleFalsePositiveArray: - items: - type: string - type: array - Security_Solution_Detections_API_RuleFilterArray: - items: {} - type: array - Security_Solution_Detections_API_RuleInterval: - description: >- - Frequency of rule execution, using a date math range. For example, "1h" - means the rule runs every hour. Defaults to 5m (5 minutes). - type: string - Security_Solution_Detections_API_RuleIntervalFrom: - description: >- - Time from which data is analyzed each time the rule runs, using a date - math range. For example, now-4200s means the rule analyzes data from 70 - minutes before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). - format: date-math - type: string - Security_Solution_Detections_API_RuleIntervalTo: - type: string - Security_Solution_Detections_API_RuleLicense: - description: The rule's license. - type: string - Security_Solution_Detections_API_RuleMetadata: - additionalProperties: true - type: object - Security_Solution_Detections_API_RuleName: - minLength: 1 - type: string - Security_Solution_Detections_API_RuleNameOverride: - description: Sets the source field for the alert's signal.rule.name value + - .bedrock + - .gemini + - .cases-webhook + - .d3security + - .email + - .gen-ai + - .index + - .jira + - .opsgenie + - .pagerduty + - .resilient + - .sentinelone + - .servicenow + - .servicenow-itom + - .servicenow-sir + - .server-log + - .slack + - .slack_api + - .swimlane + - .teams + - .tines + - .torq + - .webhook + - .xmatters + example: .server-log + title: Connector types type: string - Security_Solution_Detections_API_RuleObjectId: - $ref: '#/components/schemas/Security_Solution_Detections_API_UUID' - Security_Solution_Detections_API_RulePatchProps: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchProps + Connectors_create_connector_request: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' + .cases-webhook: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' + .email: '#/components/schemas/Connectors_create_connector_request_email' + .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' + .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' + .index: '#/components/schemas/Connectors_create_connector_request_index' + .jira: '#/components/schemas/Connectors_create_connector_request_jira' + .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' + .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' + .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' + .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' + .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' + .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' + .servicenow-itom: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + .slack: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' + .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' + .teams: '#/components/schemas/Connectors_create_connector_request_teams' + .tines: '#/components/schemas/Connectors_create_connector_request_tines' + .torq: '#/components/schemas/Connectors_create_connector_request_torq' + .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' + .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' + propertyName: connector_type_id + oneOf: + - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchProps + #/components/schemas/Connectors_create_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_create_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_create_connector_request_index' + - $ref: '#/components/schemas/Connectors_create_connector_request_jira' + - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchProps + #/components/schemas/Connectors_create_connector_request_servicenow_itom - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchProps + #/components/schemas/Connectors_create_connector_request_servicenow_sir + - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRulePatchProps - Security_Solution_Detections_API_RulePreviewLogs: + #/components/schemas/Connectors_create_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_create_connector_request_teams' + - $ref: '#/components/schemas/Connectors_create_connector_request_tines' + - $ref: '#/components/schemas/Connectors_create_connector_request_torq' + - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' + title: Create connector request body properties + Connectors_create_connector_request_bedrock: + description: >- + The Amazon Bedrock connector uses axios to send a POST request to Amazon + Bedrock. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. + enum: + - .bedrock + example: .bedrock + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' + required: + - config + - connector_type_id + - name + - secrets + title: Create Amazon Bedrock connector request type: object + Connectors_create_connector_request_cases_webhook: + description: > + The Webhook - Case Management connector uses axios to send POST, PUT, + and GET requests to a case management RESTful API web service. properties: - duration: - description: Execution duration in milliseconds - type: integer - errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: array - startedAt: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - warnings: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: array + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. + enum: + - .cases-webhook + example: .cases-webhook + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' + required: + - config + - connector_type_id + - name + title: Create Webhook - Case Managment connector request + type: object + Connectors_create_connector_request_d3security: + description: > + The connector uses axios to send a POST request to a D3 Security + endpoint. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. + enum: + - .d3security + example: .d3security + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - errors - - warnings - - duration - Security_Solution_Detections_API_RulePreviewParams: + - config + - connector_type_id + - name + - secrets + title: Create D3 Security connector request type: object + Connectors_create_connector_request_email: + description: > + The email connector uses the SMTP protocol to send mail messages, using + an integration of Nodemailer. An exception is Microsoft Exchange, which + uses HTTP protocol for sending emails, Send mail. Email message text is + sent as both plain text and html text. properties: - invocationCount: - type: integer - timeframeEnd: - format: date-time + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. + enum: + - .email + example: .email + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - - invocationCount - - timeframeEnd - Security_Solution_Detections_API_RuleQuery: - type: string - Security_Solution_Detections_API_RuleReferenceArray: - items: - type: string - type: array - Security_Solution_Detections_API_RuleResponse: - anyOf: - - $ref: '#/components/schemas/Security_Solution_Detections_API_EqlRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_QueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdRule' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRule - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRule - - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_EsqlRule' - discriminator: - propertyName: type - Security_Solution_Detections_API_RuleSignatureId: - description: 'Could be any string, not necessarily a UUID' - type: string - Security_Solution_Detections_API_RuleSource: - description: >- - Discriminated union that determines whether the rule is internally - sourced (created within the Kibana app) or has an external source, such - as the Elastic Prebuilt rules repo. - discriminator: - propertyName: type - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExternalRuleSource - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InternalRuleSource - Security_Solution_Detections_API_RuleTagArray: - description: >- - String array containing words and phrases to help categorize, filter, - and search rules. Defaults to an empty array. - items: - type: string - type: array - Security_Solution_Detections_API_RuleUpdateProps: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleUpdateProps - discriminator: - propertyName: type - Security_Solution_Detections_API_RuleVersion: - description: The rule's version number. - minimum: 1 - type: integer - Security_Solution_Detections_API_SavedObjectResolveAliasPurpose: - enum: - - savedObjectConversion - - savedObjectImport - type: string - Security_Solution_Detections_API_SavedObjectResolveAliasTargetId: - type: string - Security_Solution_Detections_API_SavedObjectResolveOutcome: - enum: - - exactMatch - - aliasMatch - - conflict - type: string - Security_Solution_Detections_API_SavedQueryId: - type: string - Security_Solution_Detections_API_SavedQueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleResponseFields - Security_Solution_Detections_API_SavedQueryRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SavedQueryRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_SavedQueryRuleOptionalFields: + - config + - connector_type_id + - name + - secrets + title: Create email connector request type: object + Connectors_create_connector_request_gemini: + description: >- + The Google Gemini connector uses axios to send a POST request to Google + Gemini. properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - response_actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction - type: array - Security_Solution_Detections_API_SavedQueryRulePatchFields: - allOf: - - type: object - properties: - saved_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryId - type: - description: Rule type - enum: - - saved_query - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchFields - Security_Solution_Detections_API_SavedQueryRuleRequiredFields: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. + enum: + - .gemini + example: .gemini + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' + required: + - config + - connector_type_id + - name + - secrets + title: Create Google Gemini connector request type: object + Connectors_create_connector_request_genai: + description: > + The OpenAI connector uses axios to send a POST request to either OpenAI + or Azure OpenAPI. properties: - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. enum: - - saved_query + - .gen-ai + example: .gen-ai + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_genai' required: - - type - - saved_id - Security_Solution_Detections_API_SavedQueryRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_SavedQueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SetAlertsStatusByIds: + - config + - connector_type_id + - name + - secrets + title: Create OpenAI connector request type: object + Connectors_create_connector_request_index: + description: The index connector indexes a document into Elasticsearch. properties: - signal_ids: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - minItems: 1 - type: array - status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. + enum: + - .index + example: .index + type: string + name: + description: The display name for the connector. + example: my-connector + type: string required: - - signal_ids - - status - Security_Solution_Detections_API_SetAlertsStatusByQuery: + - config + - connector_type_id + - name + title: Create index connector request type: object + Connectors_create_connector_request_jira: + description: The Jira connector uses the REST API v2 to create Jira issues. properties: - conflicts: - default: abort + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. enum: - - abort - - proceed + - .jira + example: .jira type: string - query: - additionalProperties: true - type: object - status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - query - - status - Security_Solution_Detections_API_SetAlertTags: + - config + - connector_type_id + - name + - secrets + title: Create Jira connector request type: object + Connectors_create_connector_request_opsgenie: + description: The Opsgenie connector uses the Opsgenie alert API. properties: - tags_to_add: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' - tags_to_remove: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. + enum: + - .opsgenie + example: .opsgenie + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - tags_to_add - - tags_to_remove - Security_Solution_Detections_API_SetupGuide: - type: string - Security_Solution_Detections_API_Severity: - description: Severity of the rule - enum: - - low - - medium - - high - - critical - type: string - Security_Solution_Detections_API_SeverityMapping: - description: Overrides generated alerts' severity with values from the source event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - value: - type: string - required: - - field - - operator - - severity - - value - type: array - Security_Solution_Detections_API_SiemErrorResponse: + - config + - connector_type_id + - name + - secrets + title: Create Opsgenie connector request type: object + Connectors_create_connector_request_pagerduty: + description: > + The PagerDuty connector uses the v2 Events API to trigger, acknowledge, + and resolve PagerDuty alerts. properties: - message: + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. + enum: + - .pagerduty + example: .pagerduty type: string - status_code: - type: integer + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - status_code - - message - Security_Solution_Detections_API_SortOrder: - enum: - - asc - - desc - type: string - Security_Solution_Detections_API_Threat: + - config + - connector_type_id + - name + - secrets + title: Create PagerDuty connector request type: object + Connectors_create_connector_request_resilient: + description: >- + The IBM Resilient connector uses the RESILIENT REST v2 to create IBM + Resilient incidents. properties: - framework: - description: Relevant attack framework + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. + enum: + - .resilient + example: .resilient type: string - tactic: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatTactic' - technique: - description: Array containing information on the attack techniques (optional) - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatTechnique - type: array + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' required: - - framework - - tactic - Security_Solution_Detections_API_ThreatArray: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threat' - type: array - Security_Solution_Detections_API_ThreatFilters: - items: - description: >- - Query and filter context array used to filter documents from the - Elasticsearch index containing the threat values - type: array - Security_Solution_Detections_API_ThreatIndex: - items: - type: string - type: array - Security_Solution_Detections_API_ThreatIndicatorPath: - description: >- - Defines the path to the threat indicator in the indicator documents - (optional) - type: string - Security_Solution_Detections_API_ThreatMapping: - items: - type: object - properties: - entries: - items: - type: object - properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: - enum: - - mapping - type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - required: - - field - - type - - value - type: array - required: - - entries - minItems: 1 - type: array - Security_Solution_Detections_API_ThreatMatchRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleResponseFields - Security_Solution_Detections_API_ThreatMatchRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields: + - config + - connector_type_id + - name + - secrets + title: Create IBM Resilient connector request type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRuleOptionalFields: + Connectors_create_connector_request_sentinelone: + description: > + The SentinelOne connector communicates with SentinelOne Management + Console via REST API. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Create SentinelOne connector request type: object properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - concurrent_searches: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ConcurrentSearches - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - items_per_search: - $ref: '#/components/schemas/Security_Solution_Detections_API_ItemsPerSearch' - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - threat_filters: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatFilters' - threat_indicator_path: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndicatorPath - threat_language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threat_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndex - threat_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMapping - threat_query: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatQuery - type: - description: Rule type - enum: - - threat_match - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchFields - Security_Solution_Detections_API_ThreatMatchRuleRequiredFields: - type: object + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. + enum: + - .sentinelone + example: .sentinelone + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' + required: + - config + - connector_type_id + - name + - secrets + x-technical-preview: true + Connectors_create_connector_request_serverlog: + description: This connector writes an entry to the Kibana server log. properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatQuery' - type: - description: Rule type + connector_type_id: + description: The type of connector. enum: - - threat_match + - .server-log + example: .server-log + type: string + name: + description: The display name for the connector. + example: my-connector type: string required: - - type - - query - - threat_query - - threat_mapping - - threat_index - Security_Solution_Detections_API_ThreatMatchRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_ThreatMatchRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatQuery: - description: Query to run - type: string - Security_Solution_Detections_API_ThreatSubtechnique: + - connector_type_id + - name + title: Create server log connector request type: object + Connectors_create_connector_request_servicenow: + description: > + The ServiceNow ITSM connector uses the import set API to create + ServiceNow incidents. You can use the connector for rule actions and + cases. properties: - id: - description: Subtechnique ID + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow + example: .servicenow type: string name: - description: Subtechnique name - type: string - reference: - description: Subtechnique reference + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - id + - config + - connector_type_id - name - - reference - Security_Solution_Detections_API_ThreatTactic: + - secrets + title: Create ServiceNow ITSM connector request type: object + Connectors_create_connector_request_servicenow_itom: + description: > + The ServiceNow ITOM connector uses the event API to create ServiceNow + events. You can use the connector for rule actions. properties: - id: - description: Tactic ID + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-itom + example: .servicenow-itom type: string name: - description: Tactic name - type: string - reference: - description: Tactic reference + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - id + - config + - connector_type_id - name - - reference - Security_Solution_Detections_API_ThreatTechnique: + - secrets + title: Create ServiceNow ITOM connector request type: object + Connectors_create_connector_request_servicenow_sir: + description: > + The ServiceNow SecOps connector uses the import set API to create + ServiceNow security incidents. You can use the connector for rule + actions and cases. properties: - id: - description: Technique ID + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-sir + example: .servicenow-sir type: string name: - description: Technique name - type: string - reference: - description: Technique reference + description: The display name for the connector. + example: my-connector type: string - subtechnique: - description: Array containing more specific information on the attack technique - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatSubtechnique - type: array + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - id + - config + - connector_type_id - name - - reference - Security_Solution_Detections_API_Threshold: - type: object - properties: - cardinality: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdCardinality - field: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdField' - value: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdValue' - required: - - field - - value - Security_Solution_Detections_API_ThresholdAlertSuppression: - type: object - properties: - duration: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration - required: - - duration - Security_Solution_Detections_API_ThresholdCardinality: - items: - type: object - properties: - field: - type: string - value: - minimum: 0 - type: integer - required: - - field - - value - type: array - Security_Solution_Detections_API_ThresholdField: - description: Field to aggregate on - oneOf: - - type: string - - items: - type: string - type: array - Security_Solution_Detections_API_ThresholdRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleResponseFields - Security_Solution_Detections_API_ThresholdRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThresholdRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdAlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_ThresholdRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchFields - Security_Solution_Detections_API_ThresholdRuleRequiredFields: + - secrets + title: Create ServiceNow SecOps connector request type: object + Connectors_create_connector_request_slack_api: + description: The Slack connector uses an API method to send Slack messages. properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. enum: - - threshold - type: string - required: - - type - - query - - threshold - Security_Solution_Detections_API_ThresholdRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_ThresholdRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdValue: - description: Threshold value - minimum: 1 - type: integer - Security_Solution_Detections_API_ThrottleForBulkActions: - description: >- - The condition for throttling the notification: 'rule', 'no_actions', or - time duration - enum: - - rule - - 1h - - 1d - - 7d - type: string - Security_Solution_Detections_API_TiebreakerField: - description: Sets a secondary field for sorting events - type: string - Security_Solution_Detections_API_TimelineTemplateId: - description: Timeline template ID - type: string - Security_Solution_Detections_API_TimelineTemplateTitle: - description: Timeline template title - type: string - Security_Solution_Detections_API_TimestampField: - description: Contains the event timestamp used for sorting a sequence of events - type: string - Security_Solution_Detections_API_TimestampOverride: - description: Sets the time field used to query indices - type: string - Security_Solution_Detections_API_TimestampOverrideFallbackDisabled: - description: Disables the fallback to the event's @timestamp field - type: boolean - Security_Solution_Detections_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Solution_Detections_API_WarningSchema: - type: object - properties: - actionPath: - type: string - buttonLabel: - type: string - message: + - .slack_api + example: .slack_api type: string - type: + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' required: - - type - - message - - actionPath - Security_Solution_Endpoint_Exceptions_API_EndpointList: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionList - - additionalProperties: false - type: object - Security_Solution_Endpoint_Exceptions_API_EndpointListItem: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItem - Security_Solution_Endpoint_Exceptions_API_ExceptionList: + - connector_type_id + - name + - secrets + title: Create Slack connector request type: object + Connectors_create_connector_request_slack_webhook: + description: The Slack connector uses Slack Incoming Webhooks. properties: - _version: - type: string - created_at: - format: date-time - type: string - created_by: + connector_type_id: + description: The type of connector. + enum: + - .slack + example: .slack type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListId - immutable: - type: boolean - list_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListType - updated_at: - format: date-time - type: string - updated_by: + description: The display name for the connector. + example: my-connector type: string - version: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' required: - - id - - list_id - - type + - connector_type_id - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription: - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Endpoint_Exceptions_API_ExceptionListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItem: + - secrets + title: Create Slack connector request type: object + Connectors_create_connector_request_swimlane: + description: >- + The Swimlane connector uses the Swimlane REST API to create Swimlane + records. properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: + description: The type of connector. + enum: + - .swimlane + example: .swimlane type: string - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - item_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags - tie_breaker_id: + description: The display name for the connector. + example: my-connector type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType - updated_at: - format: date-time + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' + required: + - config + - connector_type_id + - name + - secrets + title: Create Swimlane connector request + type: object + Connectors_create_connector_request_teams: + description: The Microsoft Teams connector uses Incoming Webhooks. + properties: + connector_type_id: + description: The type of connector. + enum: + - .teams + example: .teams type: string - updated_by: + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' required: - - id - - item_id - - list_id - - type + - connector_type_id - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment: + - secrets + title: Create Microsoft Teams connector request type: object + Connectors_create_connector_request_tines: + description: > + The Tines connector uses Tines Webhook actions to send events via POST + request. properties: - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - created_at: - format: date-time + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + description: The type of connector. + enum: + - .tines + example: .tines type: string - created_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - updated_at: - format: date-time + name: + description: The display name for the connector. + example: my-connector type: string - updated_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - - id - - comment - - created_at - - created_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists: + - config + - connector_type_id + - name + - secrets + title: Create Tines connector request type: object + Connectors_create_connector_request_torq: + description: > + The Torq connector uses a Torq webhook to trigger workflows with Kibana + actions. properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: + description: The type of connector. enum: - - exists + - .torq + example: .torq + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' required: - - type - - field - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList: + - config + - connector_type_id + - name + - secrets + title: Create Torq connector request type: object + Connectors_create_connector_request_webhook: + description: > + The Webhook connector uses axios to send a POST or PUT request to a web + service. properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - list: - type: object - properties: - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListId - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListType - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + description: The type of connector. enum: - - list + - .webhook + example: .webhook + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' required: - - type - - field - - list - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: + - config + - connector_type_id + - name + - secrets + title: Create Webhook connector request type: object + Connectors_create_connector_request_xmatters: + description: > + The xMatters connector uses the xMatters Workflow for Elastic to send + actionable alerts to on-call xMatters resources. properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: + description: The type of connector. enum: - - match + - .xmatters + example: .xmatters type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' required: - - type - - field - - value - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: + - config + - connector_type_id + - name + - secrets + title: Create xMatters connector request type: object + Connectors_features: + description: | + The feature that uses the connector. + enum: + - alerting + - cases + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - siem + - uptime + type: string + Connectors_is_deprecated: + description: Indicates whether the connector type is deprecated. + example: false + type: boolean + Connectors_is_missing_secrets: + description: >- + Indicates whether secrets are missing for the connector. Secrets + configuration properties vary depending on the connector type. + example: false + type: boolean + Connectors_is_preconfigured: + description: > + Indicates whether it is a preconfigured connector. If true, the `config` + and `is_missing_secrets` properties are omitted from the response. + example: false + type: boolean + Connectors_is_system_action: + description: Indicates whether the connector is used for system actions. + example: false + type: boolean + Connectors_referenced_by_count: + description: > + Indicates the number of saved objects that reference the connector. If + `is_preconfigured` is true, this value is not calculated. This property + is returned only by the get all connectors API. + example: 2 + type: integer + Connectors_secrets_properties_bedrock: + description: Defines secrets for connectors when type is `.bedrock`. properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any + accessKey: + description: The AWS access key for authentication. + type: string + secret: + description: The AWS secret for authentication. type: string - value: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - minItems: 1 - type: array required: - - type - - field - - value - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: + - accessKey + - secret + title: Connector secrets properties for an Amazon Bedrock connector + type: object + Connectors_secrets_properties_cases_webhook: + title: Connector secrets properties for Webhook - Case Management connector type: object properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard + password: + description: >- + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - required: - - type - - field - - value - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested: + user: + description: >- + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + type: string + Connectors_secrets_properties_d3security: + description: Defines secrets for connectors when type is `.d3security`. type: object properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - type: - enum: - - nested + token: + description: The D3 Security token. type: string required: - - type - - field - - entries - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta: - additionalProperties: true - type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListName: - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Solution_Endpoint_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse: - type: object + - token + title: Connector secrets properties for a D3 Security connector + Connectors_secrets_properties_email: + description: Defines secrets for connectors when type is `.email`. properties: - error: + clientSecret: + description: > + The Microsoft Exchange Client secret for OAuth 2.0 client + credentials authentication. It must be URL-encoded. If `service` is + `exchange_server`, this property is required. type: string - message: + password: + description: > + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse: + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + type: string + title: Connector secrets properties for an email connector type: object + Connectors_secrets_properties_gemini: + description: Defines secrets for connectors when type is `.gemini`. properties: - message: + credentialsJSON: + description: >- + The service account credentials JSON file. The service account + should have Vertex AI user IAM role assigned to it. type: string - status_code: - type: integer required: - - status_code - - message - Security_Solution_Endpoint_Management_API_ActionLogRequestQuery: + - credentialsJSON + title: Connector secrets properties for a Google Gemini connector type: object + Connectors_secrets_properties_genai: + description: Defines secrets for connectors when type is `.gen-ai`. properties: - end_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate - page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' - page_size: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PageSize - start_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate - Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse: + apiKey: + description: The OpenAI API key. + type: string + title: Connector secrets properties for an OpenAI connector + type: object + Connectors_secrets_properties_jira: + description: Defines secrets for connectors when type is `.jira`. type: object properties: - body: - type: object - properties: - data: - type: object - properties: - canEncrypt: - type: boolean - required: - - data + apiToken: + description: The Jira API authentication token for HTTP basic authentication. + type: string + email: + description: The account email for HTTP Basic authentication. + type: string required: - - body - Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse: + - apiToken + - email + title: Connector secrets properties for a Jira connector + Connectors_secrets_properties_opsgenie: + description: Defines secrets for connectors when type is `.opsgenie`. type: object properties: - body: - type: object - properties: - data: - type: object - properties: - agent_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId - pending_actions: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionsSchema - required: - - agent_id - - pending_actions - required: - - data + apiKey: + description: The Opsgenie API authentication key for HTTP Basic authentication. + type: string required: - - body - Security_Solution_Endpoint_Management_API_AgentId: - description: Agent ID - type: string - Security_Solution_Endpoint_Management_API_AgentIds: - minLength: 1 - oneOf: - - items: - minLength: 1 - type: string - maxItems: 50 - minItems: 1 - type: array - - minLength: 1 + - apiKey + title: Connector secrets properties for an Opsgenie connector + Connectors_secrets_properties_pagerduty: + description: Defines secrets for connectors when type is `.pagerduty`. + properties: + routingKey: + description: > + A 32 character PagerDuty Integration Key for an integration on a + service. type: string - Security_Solution_Endpoint_Management_API_AgentTypes: - enum: - - endpoint - - sentinel_one - - crowdstrike - type: string - Security_Solution_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NonEmptyString - minItems: 1 - type: array - Security_Solution_Endpoint_Management_API_CaseIds: - description: Case IDs to be updated (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Solution_Endpoint_Management_API_Command: - description: The command to be executed (cannot be an empty string) - enum: - - isolate - - unisolate - - kill-process - - suspend-process - - running-processes - - get-file - - execute - - upload - - scan - minLength: 1 - type: string - Security_Solution_Endpoint_Management_API_Commands: - items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Command' - type: array - Security_Solution_Endpoint_Management_API_Comment: - description: Optional comment - type: string - Security_Solution_Endpoint_Management_API_EndDate: - description: End date - type: string - Security_Solution_Endpoint_Management_API_EndpointIds: - description: List of endpoint IDs (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - command: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Command - timeout: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Timeout - required: - - command - required: - - parameters - Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery: + required: + - routingKey + title: Connector secrets properties for a PagerDuty connector type: object - properties: - agentIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds - agentTypes: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - commands: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Commands - endDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate - page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate - types: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Types' - userIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UserIds - withOutputs: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_WithOutputs - Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_KillOrSuspendActionSchema: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - type: object - properties: - pid: - minimum: 1 - type: integer - - type: object - properties: - entity_id: - minLength: 1 - type: string - required: - - parameters - Security_Solution_Endpoint_Management_API_ListRequestQuery: + Connectors_secrets_properties_resilient: + description: Defines secrets for connectors when type is `.resilient`. type: object properties: - hostStatuses: - items: - enum: - - healthy - - offline - - updating - - inactive - - unenrolled - type: string - type: array - kuery: - nullable: true - type: string - page: - default: 0 - description: Page number - minimum: 0 - type: integer - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - sortDirection: - enum: - - asc - - desc - nullable: true + apiKeyId: + description: The authentication key ID for HTTP Basic authentication. type: string - sortField: - enum: - - enrolled_at - - metadata.host.hostname - - host_status - - metadata.Endpoint.policy.applied.name - - metadata.Endpoint.policy.applied.status - - metadata.host.os.name - - metadata.host.ip - - metadata.agent.version - - last_checkin + apiKeySecret: + description: The authentication key secret for HTTP Basic authentication. type: string required: - - hostStatuses - Security_Solution_Endpoint_Management_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Endpoint_Management_API_NoParametersRequestSchema: - type: object + - apiKeyId + - apiKeySecret + title: Connector secrets properties for IBM Resilient connector + Connectors_secrets_properties_sentinelone: + description: Defines secrets for connectors when type is `.sentinelone`. properties: - body: - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids + token: + description: The A SentinelOne API token. + type: string required: - - body - Security_Solution_Endpoint_Management_API_Page: - default: 1 - description: Page number - minimum: 1 - type: integer - Security_Solution_Endpoint_Management_API_PageSize: - default: 10 - description: Number of items per page - maximum: 100 - minimum: 1 - type: integer - Security_Solution_Endpoint_Management_API_Parameters: - description: Optional parameters object - type: object - Security_Solution_Endpoint_Management_API_PendingActionDataType: - type: integer - Security_Solution_Endpoint_Management_API_PendingActionsSchema: - oneOf: - - type: object - properties: - execute: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - get-file: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - isolate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - kill-process: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - running-processes: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - scan: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - suspend-process: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - unisolate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - upload: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - - additionalProperties: true - type: object - Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse: + - token + title: Connector secrets properties for a SentinelOne connector type: object + Connectors_secrets_properties_servicenow: + description: >- + Defines secrets for connectors when type is `.servicenow`, + `.servicenow-sir`, or `.servicenow-itom`. properties: - note: + clientSecret: + description: >- + The client secret assigned to your OAuth application. This property + is required when `isOAuth` is `true`. type: string - Security_Solution_Endpoint_Management_API_ScanRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Solution_Endpoint_Management_API_StartDate: - description: Start date - type: string - Security_Solution_Endpoint_Management_API_SuccessResponse: - type: object - properties: {} - Security_Solution_Endpoint_Management_API_Timeout: - description: The maximum timeout value in milliseconds (optional) - minimum: 1 - type: integer - Security_Solution_Endpoint_Management_API_Type: - description: Type of response action - enum: - - automated - - manual - type: string - Security_Solution_Endpoint_Management_API_Types: - description: List of types of response actions - items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Type' - maxLength: 2 - minLength: 1 - type: array - Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_UploadRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - file: - format: binary - type: string - parameters: - type: object - properties: - overwrite: - default: false - type: boolean - required: - - parameters - - file - Security_Solution_Endpoint_Management_API_UserIds: - description: User IDs - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 + password: + description: >- + The password for HTTP basic authentication. This property is + required when `isOAuth` is `false`. type: string - Security_Solution_Endpoint_Management_API_WithOutputs: - description: Shows detailed outputs for an action response - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 + privateKey: + description: >- + The RSA private key that you created for use in ServiceNow. This + property is required when `isOAuth` is `true`. + type: string + privateKeyPassword: + description: >- + The password for the RSA private key. This property is required when + `isOAuth` is `true` and you set a password on your private key. + type: string + username: + description: >- + The username for HTTP basic authentication. This property is + required when `isOAuth` is `false`. type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: + title: >- + Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors + type: object + Connectors_secrets_properties_slack_api: + description: Defines secrets for connectors when type is `.slack`. type: object properties: - index: - type: integer - message: + token: + description: Slack bot user OAuth token. type: string required: - - message - - index - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats: + - token + title: Connector secrets properties for a Web API Slack connector + Connectors_secrets_properties_slack_webhook: + description: Defines secrets for connectors when type is `.slack`. type: object properties: - failed: - type: integer - successful: - type: integer - total: - type: integer + webhookUrl: + description: Slack webhook url. + type: string required: - - successful - - failed - - total - Security_Solution_Entity_Analytics_API_AssetCriticalityLevel: - description: The criticality level of the asset. - enum: - - low_impact - - medium_impact - - high_impact - - extreme_impact - type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityRecord: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - '@timestamp': - description: The time the record was created or updated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - required: - - '@timestamp' - Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts: - type: object + - webhookUrl + title: Connector secrets properties for a Webhook Slack connector + Connectors_secrets_properties_swimlane: + description: Defines secrets for connectors when type is `.swimlane`. properties: - id_field: - $ref: '#/components/schemas/Security_Solution_Entity_Analytics_API_IdField' - description: The field representing the ID. - example: host.name - id_value: - description: The ID value of the asset. + apiToken: + description: Swimlane API authentication token. type: string - required: - - id_value - - id_field - Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts - - type: object - properties: - criticality_level: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality_level - Security_Solution_Entity_Analytics_API_IdField: - enum: - - host.name - - user.name - type: string - Security_Solution_Exceptions_API_CreateExceptionListItemComment: + title: Connector secrets properties for a Swimlane connector type: object + Connectors_secrets_properties_teams: + description: Defines secrets for connectors when type is `.teams`. properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + webhookUrl: + description: > + The URL of the incoming webhook. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string required: - - comment - Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemComment - type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment: + - webhookUrl + title: Connector secrets properties for a Microsoft Teams connector type: object + Connectors_secrets_properties_tines: + description: Defines secrets for connectors when type is `.tines`. properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + email: + description: The email used to sign in to Tines. + type: string + token: + description: The Tines API token. + type: string required: - - comment - Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment - type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps: + - email + - token + title: Connector secrets properties for a Tines connector type: object + Connectors_secrets_properties_torq: + description: Defines secrets for connectors when type is `.torq`. properties: - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time + token: + description: The secret of the webhook authentication header. type: string - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType required: - - type - - name - - description - - entries - Security_Solution_Exceptions_API_ExceptionList: + - token + title: Connector secrets properties for a Torq connector type: object + Connectors_secrets_properties_webhook: + description: Defines secrets for connectors when type is `.webhook`. properties: - _version: + crt: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT + file. type: string - created_at: - format: date-time + key: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the KEY file. type: string - created_by: + password: + description: > + The password for HTTP basic authentication or the passphrase for the + SSL certificate files. If `hasAuth` is set to `true` and `authType` + is `webhook-authentication-basic`, this property is required. type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - immutable: - type: boolean - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags - tie_breaker_id: + pfx: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType - updated_at: - format: date-time + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true` and `authType` is `webhook-authentication-basic`, this + property is required. type: string - updated_by: + title: Connector secrets properties for a Webhook connector + type: object + Connectors_secrets_properties_xmatters: + description: Defines secrets for connectors when type is `.xmatters`. + properties: + password: + description: > + A user name for HTTP basic authentication. It is applicable only + when `usesBasic` is `true`. type: string - version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion - required: - - id - - list_id - - type - - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Exceptions_API_ExceptionListDescription: - type: string - Security_Solution_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItem: + secretsUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters with the + API key included in the URL. It is applicable only when `usesBasic` + is `false`. + type: string + user: + description: > + A password for HTTP basic authentication. It is applicable only when + `usesBasic` is `true`. + type: string + title: Connector secrets properties for an xMatters connector + type: object + Connectors_update_connector_request: + description: The properties vary depending on the connector type. + oneOf: + - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_update_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_update_connector_request_index' + - $ref: '#/components/schemas/Connectors_update_connector_request_jira' + - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_servicenow_itom + - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_update_connector_request_teams' + - $ref: '#/components/schemas/Connectors_update_connector_request_tines' + - $ref: '#/components/schemas/Connectors_update_connector_request_torq' + - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' + title: Update connector request body properties + Connectors_update_connector_request_bedrock: + title: Update Amazon Bedrock connector request type: object properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType - updated_at: - format: date-time - type: string - updated_by: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' required: - - id - - item_id - - list_id - - type + - config - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Exceptions_API_ExceptionListItemComment: + Connectors_update_connector_request_cases_webhook: + title: Update Webhook - Case Managment connector request type: object properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - created_at: - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - updated_at: - format: date-time + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + name: + description: The display name for the connector. + example: my-connector type: string - updated_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' required: - - id - - comment - - created_at - - created_by - Security_Solution_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemComment - type: array - Security_Solution_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Solution_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Solution_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntry - type: array - Security_Solution_Exceptions_API_ExceptionListItemEntryExists: + - config + - name + Connectors_update_connector_request_d3security: + title: Update D3 Security connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - exists + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - type - - field - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryList: + - config + - name + - secrets + Connectors_update_connector_request_email: + title: Update email connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListType' - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - list + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - - type - - field - - list - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatch: + - config + - name + Connectors_update_connector_request_gemini: + title: Update Google Gemini connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + name: + description: The display name for the connector. type: string - value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - - type - - field - - value - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny: + - config + - name + Connectors_update_connector_request_index: + title: Update index connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + name: + description: The display name for the connector. type: string - value: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString - minItems: 1 - type: array required: - - type - - field - - value - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard: + - config + - name + Connectors_update_connector_request_jira: + title: Update Jira connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + name: + description: The display name for the connector. type: string - value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - type - - field - - value - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryNested: + - config + - name + - secrets + Connectors_update_connector_request_opsgenie: + title: Update Opsgenie connector request type: object properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - type: - enum: - - nested + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - type - - field - - entries - Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Solution_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Solution_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Exceptions_API_ExceptionListItemTags: - items: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - type: array - Security_Solution_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Solution_Exceptions_API_ExceptionListMeta: - additionalProperties: true - type: object - Security_Solution_Exceptions_API_ExceptionListName: - type: string - Security_Solution_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Solution_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Exceptions_API_ExceptionListsImportBulkError: + - config + - name + - secrets + Connectors_update_connector_request_pagerduty: + title: Update PagerDuty connector request type: object properties: - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - error - Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkError - type: array - Security_Solution_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Solution_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Solution_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Solution_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Solution_Exceptions_API_FindExceptionListItemsFilter: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_FindExceptionListsFilter: - type: string - Security_Solution_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Solution_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Exceptions_API_PlatformErrorResponse: + - config + - name + - secrets + Connectors_update_connector_request_resilient: + title: Update IBM Resilient connector request type: object properties: - error: - type: string - message: + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + name: + description: The display name for the connector. type: string - statusCode: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' required: - - statusCode - - error - - message - Security_Solution_Exceptions_API_RuleId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_UUID' - Security_Solution_Exceptions_API_SiemErrorResponse: + - config + - name + - secrets + Connectors_update_connector_request_sentinelone: + title: Update SentinelOne connector request type: object properties: - message: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + name: + description: The display name for the connector. type: string - status_code: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' required: - - status_code - - message - Security_Solution_Exceptions_API_UpdateExceptionListItemComment: + - config + - name + - secrets + Connectors_update_connector_request_serverlog: + title: Update server log connector request type: object properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + name: + description: The display name for the connector. + type: string required: - - comment - Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemComment - type: array - Security_Solution_Exceptions_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Solution_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListItemsFilter: - type: string - Security_Solution_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListsFilter: - type: string - Security_Solution_Lists_API_List: + - name + Connectors_update_connector_request_servicenow: + title: Update ServiceNow ITSM connector or ServiceNow SecOps request type: object properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - immutable: - type: boolean - meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListMetadata' + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - serializer: - type: string - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - updated_at: - format: date-time - type: string - updated_by: + description: The display name for the connector. type: string - version: - minimum: 1 - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - id - - type + - config - name - - description - - immutable - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItem: + - secrets + Connectors_update_connector_request_servicenow_itom: + title: Create ServiceNow ITOM connector request type: object properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemMetadata' - serializer: - type: string - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - updated_at: - format: date-time - type: string - updated_by: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + name: + description: The display name for the connector. type: string - value: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemValue' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - id - - type - - list_id - - value - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItemMetadata: - additionalProperties: true - type: object - Security_Solution_Lists_API_ListItemPrivileges: + - config + - name + - secrets + Connectors_update_connector_request_slack_api: + title: Update Slack connector request type: object properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean - type: object - has_all_requested: - type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - username: + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' required: - - username - - has_all_requested - - cluster - - index - - application - Security_Solution_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListMetadata: - additionalProperties: true - type: object - Security_Solution_Lists_API_ListName: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListPrivileges: + - name + - secrets + Connectors_update_connector_request_slack_webhook: + title: Update Slack connector request type: object properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean - type: object - has_all_requested: - type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - username: + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' required: - - username - - has_all_requested - - cluster - - index - - application - Security_Solution_Lists_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Solution_Lists_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Lists_API_PlatformErrorResponse: + - name + - secrets + Connectors_update_connector_request_swimlane: + title: Update Swimlane connector request type: object properties: - error: - type: string - message: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + name: + description: The display name for the connector. + example: my-connector type: string - statusCode: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' required: - - statusCode - - error - - message - Security_Solution_Lists_API_SiemErrorResponse: + - config + - name + - secrets + Connectors_update_connector_request_teams: + title: Update Microsoft Teams connector request type: object properties: - message: + name: + description: The display name for the connector. type: string - status_code: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' required: - - status_code - - message - Security_Solution_Osquery_API_ArrayQueries: - items: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueriesItem' - type: array - Security_Solution_Osquery_API_ArrayQueriesItem: - type: object - properties: - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_CreateLiveQueryRequestBody: - type: object - properties: - agent_all: - type: boolean - agent_ids: - items: - type: string - type: array - agent_platforms: - items: - type: string - type: array - agent_policy_ids: - items: - type: string - type: array - alert_ids: - items: - type: string - type: array - case_ids: - items: - type: string - type: array - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - event_ids: - items: - type: string - type: array - metadata: - nullable: true - type: object - pack_id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackIdOrUndefined' - queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueries' - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' - saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined - Security_Solution_Osquery_API_CreatePacksRequestBody: + - name + - secrets + Connectors_update_connector_request_tines: + title: Update Tines connector request type: object properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' name: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackName' - policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined - queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_CreateSavedQueryRequestBody: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - interval: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_DefaultSuccessResponse: - type: object - properties: {} - Security_Solution_Osquery_API_Description: - type: string - Security_Solution_Osquery_API_DescriptionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Description' - nullable: true - Security_Solution_Osquery_API_ECSMapping: - additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMappingItem' - type: object - Security_Solution_Osquery_API_ECSMappingItem: - type: object - properties: - field: + description: The display name for the connector. type: string - value: - oneOf: - - type: string - - items: - type: string - type: array - Security_Solution_Osquery_API_ECSMappingOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMapping' - nullable: true - Security_Solution_Osquery_API_Enabled: - type: boolean - Security_Solution_Osquery_API_EnabledOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Enabled' - nullable: true - Security_Solution_Osquery_API_FindLiveQueryRequestQuery: - type: object - properties: - kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindPacksRequestQuery: + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' + required: + - config + - name + - secrets + Connectors_update_connector_request_torq: + title: Update Torq connector request type: object properties: - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindSavedQueryRequestQuery: + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' + required: + - config + - name + - secrets + Connectors_update_connector_request_webhook: + title: Update Webhook connector request type: object properties: - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + required: + - config + - name + - secrets + Connectors_update_connector_request_xmatters: + title: Update xMatters connector request type: object properties: - kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_Id: - type: string - Security_Solution_Osquery_API_Interval: - type: string - Security_Solution_Osquery_API_IntervalOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' - nullable: true - Security_Solution_Osquery_API_KueryOrUndefined: - nullable: true - type: string - Security_Solution_Osquery_API_ObjectQueries: - additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueriesItem' - type: object - Security_Solution_Osquery_API_ObjectQueriesItem: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + required: + - config + - name + - secrets + Data_views_400_response: + title: Bad request type: object properties: - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_PackId: - type: string - Security_Solution_Osquery_API_PackIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - nullable: true - Security_Solution_Osquery_API_PackName: - type: string - Security_Solution_Osquery_API_PageOrUndefined: - nullable: true - type: integer - Security_Solution_Osquery_API_PageSizeOrUndefined: - nullable: true - type: integer - Security_Solution_Osquery_API_Platform: - type: string - Security_Solution_Osquery_API_PlatformOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Platform' - nullable: true - Security_Solution_Osquery_API_PolicyIds: - items: - type: string - type: array - Security_Solution_Osquery_API_PolicyIdsOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PolicyIds' - nullable: true - Security_Solution_Osquery_API_Query: - type: string - Security_Solution_Osquery_API_QueryOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' - nullable: true - Security_Solution_Osquery_API_Removed: - type: boolean - Security_Solution_Osquery_API_RemovedOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Removed' - nullable: true - Security_Solution_Osquery_API_SavedQueryId: - type: string - Security_Solution_Osquery_API_SavedQueryIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - nullable: true - Security_Solution_Osquery_API_Shards: - additionalProperties: - type: number + error: + example: Bad Request + type: string + message: + type: string + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: type: object - Security_Solution_Osquery_API_Snapshot: - type: boolean - Security_Solution_Osquery_API_SnapshotOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Snapshot' - nullable: true - Security_Solution_Osquery_API_SortOrderOrUndefined: - oneOf: - - nullable: true + properties: + error: + enum: + - Not Found + example: Not Found type: string - - enum: - - asc - - desc - Security_Solution_Osquery_API_SortOrUndefined: - nullable: true - type: string - Security_Solution_Osquery_API_UpdatePacksRequestBody: + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request type: object properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined - queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_UpdateSavedQueryRequestBody: + data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean + required: + - data_view + Data_views_data_view_response_object: + title: Data view response properties type: object properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - interval: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_IntervalOrUndefined - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_Version: - type: string - Security_Solution_Osquery_API_VersionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Version' - nullable: true - Security_Solution_Timeline_API_BareNote: + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. type: object properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - nullable: true - type: string - note: - nullable: true + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 type: string - timelineId: - nullable: true + customLabel: + description: Custom label for the field. type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. type: string required: - - timelineId - Security_Solution_Timeline_API_ColumnHeaderResult: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request type: object properties: - aggregatable: + delete: + description: Deletes referenced saved object if all references are removed. type: boolean - category: - type: string - columnHeaderType: - type: string - description: - type: string - example: + forId: + description: Limit the affected saved objects to one or more by identifier. oneOf: - type: string - - type: number - id: + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. type: string - indexes: - items: - type: string - type: array - name: + fromId: + description: The saved object reference to change. type: string - placeholder: + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. type: string - searchable: - type: boolean - type: + toId: + description: New saved object reference value to replace the old value. type: string - Security_Solution_Timeline_API_DataProviderQueryMatch: + required: + - fromId + - toId + Data_views_timefieldname: + description: 'The timestamp field name, which you use for time-based data views.' + type: string + Data_views_title: + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: 'When set to `rollup`, identifies the rollup data views.' + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. type: object properties: - enabled: - nullable: true - type: boolean - excluded: - nullable: true - type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' - Security_Solution_Timeline_API_DataProviderResult: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + required: + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true type: object properties: - and: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderQueryMatch - nullable: true - type: array - enabled: - nullable: true - type: boolean - excluded: - nullable: true - type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' - nullable: true - type: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DataProviderType' - nullable: true - Security_Solution_Timeline_API_DataProviderType: - description: >- - The type of data provider to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string - Security_Solution_Timeline_API_DocumentIds: - oneOf: - - items: - type: string - type: array - - type: string - Security_Solution_Timeline_API_FavoriteTimelineResponse: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request type: object properties: - code: - nullable: true - type: number - favorite: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult - type: array - message: - nullable: true - type: string - savedObjectId: - type: string - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' - version: - type: string + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean required: - - savedObjectId - - version - Security_Solution_Timeline_API_FavoriteTimelineResult: + - data_view + Kibana_HTTP_APIs_core_status_redactedResponse: + additionalProperties: false + description: A minimal representation of Kibana's operational status. type: object properties: - favoriteDate: - nullable: true - type: number - fullName: - nullable: true - type: string - userName: - nullable: true - type: string - Security_Solution_Timeline_API_FilterTimelineResult: + status: + additionalProperties: false + type: object + properties: + overall: + additionalProperties: false + type: object + properties: + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + required: + - level + required: + - overall + required: + - status + Kibana_HTTP_APIs_core_status_response: + additionalProperties: false + description: >- + Kibana's operational status as well as a detailed breakdown of plugin + statuses indication of various loads (like event loop utilization and + network traffic) at time of request. type: object properties: - exists: - type: boolean - match_all: + metrics: + additionalProperties: false + description: Metric groups collected by Kibana. + type: object + properties: + collection_interval_in_millis: + description: The interval at which metrics should be collected. + type: number + elasticsearch_client: + additionalProperties: false + description: Current network metrics of Kibana's Elasticsearch client. + type: object + properties: + totalActiveSockets: + description: Count of network sockets currently in use. + type: number + totalIdleSockets: + description: Count of network sockets currently idle. + type: number + totalQueuedRequests: + description: Count of requests not yet assigned to sockets. + type: number + required: + - totalActiveSockets + - totalIdleSockets + - totalQueuedRequests + last_updated: + description: The time metrics were collected. + type: string + required: + - elasticsearch_client + - last_updated + - collection_interval_in_millis + name: + description: Kibana instance name. type: string - meta: + status: + additionalProperties: false type: object properties: - alias: - type: string - controlledBy: - type: string - disabled: - type: boolean - field: - type: string - formattedValue: - type: string - index: - type: string - key: - type: string - negate: - type: boolean - params: - type: string - type: - type: string - value: - type: string - missing: - type: string - query: - type: string - range: - type: string - script: - type: string - Security_Solution_Timeline_API_ImportTimelineResult: - type: object - properties: - errors: - items: - type: object - properties: - error: + core: + additionalProperties: false + description: Statuses of core Kibana services. + type: object + properties: + elasticsearch: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + savedObjects: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + required: + - elasticsearch + - savedObjects + overall: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + plugins: + additionalProperties: + additionalProperties: false type: object properties: - message: + detail: + description: Human readable detail of the service status. type: string - status_code: - type: number - id: - type: string - type: array - success: - type: boolean - success_count: - type: number - timelines_installed: - type: number - timelines_updated: - type: number - Security_Solution_Timeline_API_ImportTimelines: - allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' - - type: object + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + description: A dynamic mapping of plugin ID to plugin status. + type: object + required: + - overall + - core + - plugins + uuid: + description: >- + Unique, generated Kibana instance UUID. This UUID should persist + even if the Kibana process restarts. + type: string + version: + additionalProperties: false + type: object properties: - eventNotes: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - nullable: true - type: array - globalNotes: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - savedObjectId: - nullable: true + build_date: + description: The date and time of this build. type: string - version: - nullable: true + build_flavor: + description: >- + The build flavour determines configuration and behavior of + Kibana. On premise users will almost always run the + "traditional" flavour, while other flavours are reserved for + Elastic-specific use cases. + enum: + - serverless + - traditional type: string - Security_Solution_Timeline_API_Note: - allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - - type: object - properties: - noteId: + build_hash: + description: >- + A unique hash value representing the git commit of this Kibana + build. type: string - version: + build_number: + description: >- + A monotonically increasing number, each subsequent build will + have a higher number. + type: number + build_snapshot: + description: Whether this build is a snapshot build. + type: boolean + number: + description: A semantic version number. type: string - Security_Solution_Timeline_API_PinnedEvent: + required: + - number + - build_hash + - build_number + - build_snapshot + - build_flavor + - build_date + required: + - name + - uuid + - version + - status + - metrics + Machine_learning_APIs_mlSync200Response: + properties: + datafeedsAdded: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job is missing a datafeed + identifier, it is added when you run the sync machine learning saved + objects API. + type: object + datafeedsRemoved: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job references a datafeed + that no longer exists, it is deleted when you run the sync machine + learning saved objects API. + type: object + savedObjectsCreated: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated + savedObjectsDeleted: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted + title: Successful sync API response type: object + Machine_learning_APIs_mlSync4xxResponse: properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - type: string - pinnedEventId: - type: string - timelineId: - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true + error: + example: Unauthorized type: string - version: + message: type: string - required: - - eventId - - pinnedEventId - - timelineId - - version - Security_Solution_Timeline_API_QueryMatchResult: + statusCode: + example: 401 + type: integer + title: Unsuccessful sync API response type: object + Machine_learning_APIs_mlSyncResponseAnomalyDetectors: + description: >- + The sync machine learning saved objects API response contains this + object when there are anomaly detection jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. properties: - displayField: - nullable: true - type: string - displayValue: - nullable: true - type: string - field: - nullable: true - type: string - operator: - nullable: true - type: string - value: - nullable: true - type: string - Security_Solution_Timeline_API_Readable: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for anomaly detection jobs + type: object + Machine_learning_APIs_mlSyncResponseDatafeeds: + description: >- + The sync machine learning saved objects API response contains this + object when there are datafeeds affected by the synchronization. There + is an object for each relevant datafeed, which contains the + synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for datafeeds type: object + Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: + description: >- + The sync machine learning saved objects API response contains this + object when there are data frame analytics jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. properties: - _data: - additionalProperties: true - type: object - _encoding: - type: string - _events: - additionalProperties: true - type: object - _eventsCount: - type: number - _maxListeners: - additionalProperties: true + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for data frame analytics jobs + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: + description: >- + If saved objects are missing for machine learning jobs or trained + models, they are created when you run the sync machine learning saved + objects API. + properties: + anomaly-detector: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If saved objects are missing for anomaly detection jobs, they are + created. type: object - _position: - type: number - _read: - additionalProperties: true + data-frame-analytics: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If saved objects are missing for data frame analytics jobs, they are + created. type: object - _readableState: - additionalProperties: true + trained-model: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: 'If saved objects are missing for trained models, they are created.' type: object - readable: - type: boolean - Security_Solution_Timeline_API_RowRendererId: - enum: - - alert - - alerts - - auditd - - auditd_file - - library - - netflow - - plain - - registry - - suricata - - system - - system_dns - - system_endgame_process - - system_file - - system_fim - - system_security_event - - system_socket - - threat_match - - zeek - type: string - Security_Solution_Timeline_API_SavedTimeline: + title: Sync API response for created saved objects type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: + description: >- + If saved objects exist for machine learning jobs or trained models that + no longer exist, they are deleted when you run the sync machine learning + saved objects API. properties: - columns: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ColumnHeaderResult - nullable: true - type: array - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - dataProviders: - items: + anomaly-detector: + additionalProperties: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderResult - nullable: true - type: array - dataViewId: - nullable: true - type: string - dateRange: - nullable: true - type: object - properties: - end: - oneOf: - - type: string - - type: number - start: - oneOf: - - type: string - - type: number - description: - nullable: true - type: string - eqlOptions: - nullable: true + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If there are saved objects exist for nonexistent anomaly detection + jobs, they are deleted. type: object - properties: - eventCategoryField: - nullable: true - type: string - query: - nullable: true - type: string - size: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - tiebreakerField: - nullable: true - type: string - timestampField: - nullable: true - type: string - eventType: - nullable: true - type: string - excludedRowRendererIds: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_RowRendererId' - nullable: true - type: array - favorite: - items: + data-frame-analytics: + additionalProperties: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult - nullable: true - type: array - filters: - items: + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If there are saved objects exist for nonexistent data frame + analytics jobs, they are deleted. + type: object + trained-model: + additionalProperties: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FilterTimelineResult - nullable: true - type: array - indexNames: - items: - type: string - nullable: true - type: array - kqlMode: - nullable: true - type: string - kqlQuery: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SerializedFilterQueryResult - nullable: true - savedQueryId: - nullable: true - type: string - savedSearchId: - nullable: true - type: string - sort: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Sort' - nullable: true - status: - enum: - - active - - draft - - immutable - nullable: true - type: string - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' - nullable: true - title: - nullable: true - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - Security_Solution_Timeline_API_SerializedFilterQueryResult: - type: object - properties: - filterQuery: - nullable: true + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: >- + If there are saved objects exist for nonexistent trained models, + they are deleted. type: object - properties: - kuery: - nullable: true - type: object - properties: - expression: - nullable: true - type: string - kind: - nullable: true - type: string - serializedQuery: - nullable: true - type: string - Security_Solution_Timeline_API_Sort: - oneOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' - - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' - type: array - Security_Solution_Timeline_API_SortFieldTimeline: - description: The field to sort the timelines by. - enum: - - title - - description - - updated - - created - type: string - Security_Solution_Timeline_API_SortObject: + title: Sync API response for deleted saved objects type: object - properties: - columnId: - nullable: true - type: string - columnType: - nullable: true - type: string - sortDirection: - nullable: true - type: string - Security_Solution_Timeline_API_TimelineResponse: - allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' - type: array - noteIds: - items: - type: string - type: array - notes: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' - type: array - pinnedEventIds: - items: - type: string - type: array - pinnedEventsSaveObject: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent - type: array - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version - Security_Solution_Timeline_API_TimelineStatus: - description: >- - The status of the timeline. Valid values are `active`, `draft`, and - `immutable`. - enum: - - active - - draft - - immutable - type: string - Security_Solution_Timeline_API_TimelineType: + Machine_learning_APIs_mlSyncResponseSuccess: + description: The success or failure of the synchronization. + type: boolean + Machine_learning_APIs_mlSyncResponseTrainedModels: description: >- - The type of timeline to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string + The sync machine learning saved objects API response contains this + object when there are trained models affected by the synchronization. + There is an object for each relevant trained model, which contains the + synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for trained models + type: object Serverless_saved_objects_400_response: title: Bad request type: object @@ -25587,16 +8617,15 @@ components: title: Update SLO request type: object securitySchemes: - apiKeyAuth: - description: > - These APIs use key-based authentication. You must create an API key and - use the encoded value in the request header. For example: - `Authorization: ApiKey base64AccessApiKey` - in: header - name: Authorization - type: apiKey + BasicAuth: + scheme: basic + type: http + Kibana_HTTP_APIs_basicAuth: + scheme: basic + type: http security: - - apiKeyAuth: [] + - BasicAuth: [] + - Kibana_HTTP_APIs_basicAuth: [] tags: - description: > Configure APM agent keys to authorize requests from APM agents to the APM @@ -25619,30 +8648,6 @@ tags: Manage Kibana saved objects, including dashboards, visualizations, and more. name: saved objects - - description: Manage and interact with Security Assistant resources. - name: Security AI Assistant API - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. - name: Security Solution Detections API - - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Solution Endpoint Management API - - description: '' - name: Security Solution Entity Analytics API - - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. - name: Security Solution Exceptions API - - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - name: Security Solution Lists API - - description: 'Run live queries, manage packs and saved queries.' - name: Security Solution Osquery API - - description: >- - You can create Timelines and Timeline templates via the API, as well as - import new Timelines from an ndjson file. - name: Security Solution Timeline API - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - name: system diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 977a910dabf6bf..afabb83adf3169 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -810,255 +810,6 @@ paths: summary: Search for annotations tags: - APM annotations - /api/asset_criticality: - delete: - operationId: DeleteAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField - - description: If 'wait_for' the request will wait for the index refresh. - in: query - name: refresh - required: false - schema: - enum: - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - description: >- - If the record was deleted. If false the record did not - exist. - type: boolean - record: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - required: - - deleted - description: Successful response - '400': - description: Invalid request - summary: Delete Criticality Record - tags: - - Security Solution Entity Analytics API - get: - operationId: GetAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - '404': - description: Criticality record not found - summary: Get Criticality Record - tags: - - Security Solution Entity Analytics API - post: - operationId: CreateAssetCriticalityRecord - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. - enum: - - wait_for - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - summary: Create Criticality Record - tags: - - Security Solution Entity Analytics API - /api/asset_criticality/bulk: - post: - operationId: BulkUpsertAssetCriticalityRecords - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 - type: object - properties: - records: - items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord - maxItems: 1000 - minItems: 1 - type: array - required: - - records - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem - type: array - stats: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats - required: - - errors - - stats - description: Bulk upload successful - '413': - description: File too large - summary: >- - Bulk upsert asset criticality data, creating or updating records as - needed - tags: - - Security Solution Entity Analytics API - /api/asset_criticality/list: - post: - operationId: FindAssetCriticalityRecords - parameters: - - description: The field to sort by. - in: query - name: sort_field - required: false - schema: - enum: - - id_value - - id_field - - criticality_level - - \@timestamp - type: string - - description: The order to sort by. - in: query - name: sort_direction - required: false - schema: - enum: - - asc - - desc - type: string - - description: The page number to return. - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of records to return per page. - in: query - name: per_page - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: The kuery to filter by. - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Bulk upload successful - summary: 'List asset criticality data, filtering and sorting as needed' - tags: - - Security Solution Entity Analytics API /api/data_views: get: operationId: getAllDataViewsDefault @@ -1583,1061 +1334,838 @@ paths: summary: Preview a saved object reference swap tags: - data views - /api/detection_engine/index: - delete: - operationId: DeleteAlertsIndex + /api/encrypted_saved_objects/_rotate_key: + post: + description: > + Superuser role required. + + + If a saved object cannot be decrypted using the primary encryption key, + then Kibana will attempt to decrypt it using the specified + decryption-only keys. In most of the cases this overhead is negligible, + but if you're dealing with a large number of saved objects and + experiencing performance issues, you may want to rotate the encryption + key. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: rotateEncryptionKey + parameters: + - description: > + Specifies a maximum number of saved objects that Kibana can process + in a single batch. Bulk key rotation is an iterative process since + Kibana may not be able to fetch and process all required saved + objects in one go and splits processing into consequent batches. By + default, the batch size is 10000, which is also a maximum allowed + value. + in: query + name: batch_size + required: false + schema: + default: 10000 + type: number + - description: > + Limits encryption key rotation only to the saved objects with the + specified type. By default, Kibana tries to rotate the encryption + key for all saved object types that may contain encrypted + attributes. + in: query + name: type + required: false + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + rotateEncryptionKeyResponse: + $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: type: object properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Not enough permissions response - '404': + failed: + description: > + Indicates the number of the saved objects that were still + encrypted with one of the old encryption keys that Kibana + failed to re-encrypt with the primary key. + type: number + successful: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + + + NOTE: In most cases, `total` will be greater than + `successful` even if `failed` is zero. The reason is that + Kibana may not need or may not be able to rotate + encryption keys for all encrypted saved objects. + type: number + total: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + type: number + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: string - description: Index does not exist response - '500': + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + '429': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Delete an alerts index + type: object + description: Already in progress. + summary: Rotate a key for encrypted saved objects tags: - - Security Solution Detections API - - Alert index API + - saved objects + /api/ml/saved_objects/sync: get: - operationId: ReadAlertsIndex + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models in the default space. You must have `all` privileges for the + **Machine Learning** feature in the **Analytics** section of the Kibana + feature privileges. This API runs automatically when you start Kibana + and periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' schema: - type: object - properties: - index_mapping_outdated: - nullable: true - type: boolean - name: - type: string - required: - - name - - index_mapping_outdated - description: Successful response + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Not enough permissions response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Reads the alert index name if it exists + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync saved objects in the default space tags: - - Security Solution Detections API - - Alert index API + - ml + /api/saved_objects/_bulk_create: post: - operationId: CreateAlertsIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + deprecated: true + operationId: bulkCreateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: 'When true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Not enough permissions response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Create an alerts index - tags: - - Security Solution Detections API - - Alert index API - /api/detection_engine/privileges: - get: - description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - - space and index privileges, which determine if the user can create an - - index for the Elastic Security alerts generated by - - detection engine rules. - operationId: ReadPrivileges + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Returns user privileges for the Kibana space - tags: - - Security Solution Detections API - - Privileges API - /api/detection_engine/rules: - delete: - description: Delete a detection rule using the `rule_id` or `id` field. - operationId: DeleteRule - parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - responses: - '200': + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Delete a detection rule + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Create saved objects tags: - - Security Solution Detections API - - Rules API - get: - description: Retrieve a detection rule using the `rule_id` or `id` field. - operationId: ReadRule + - saved objects + /api/saved_objects/_bulk_delete: + post: + deprecated: true + description: | + WARNING: When you delete a saved object, it cannot be recovered. + operationId: bulkDeleteSavedObjects parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + When true, force delete objects that exist in multiple namespaces. + Note that the option applies to the whole request. Use the delete + object API to specify per-object deletion behavior. TIP: Use this if + you attempted to delete objects and received an HTTP 400 error with + the following message: "Unable to delete saved object that exists in + multiple namespaces, use the force option to delete it anyway". + WARNING: When you bulk delete objects that exist in multiple + namespaces, the API also deletes legacy url aliases that reference + the object. These requests are batched to minimise the impact but + they can place a heavy load on Kibana. Make sure you limit the + number of objects that exist in multiple namespaces in a single bulk + delete operation. in: query - name: rule_id - required: false + name: force schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Retrieve a detection rule - tags: - - Security Solution Detections API - - Rules API - patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. - operationId: PatchRule + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePatchProps + items: + type: object + type: array required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Patch a detection rule - tags: - - Security Solution Detections API - - Rules API - post: - description: Create a new detection rule. - operationId: CreateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleCreateProps - required: true - responses: - '200': + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - description: Indicates a successful call. - summary: Create a detection rule + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Delete saved objects tags: - - Security Solution Detections API - - Rules API - put: - description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` or `rule_id` values. - operationId: UpdateRule + - saved objects + /api/saved_objects/_bulk_get: + post: + deprecated: true + operationId: bulkGetSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleUpdateProps + items: + type: object + type: array required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + type: object description: Indicates a successful call. - summary: Update a detection rule - tags: - - Security Solution Detections API - - Rules API - /api/detection_engine/rules/_bulk_action: - post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. - operationId: PerformRulesBulkAction - parameters: - - description: Enables dry run mode for the request call. - in: query - name: dry_run - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDeleteRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDisableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEnableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkManualRuleRun - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditRules - responses: - '200': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportActionResponse - description: OK - summary: Apply a bulk action to detection rules + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Get saved objects tags: - - Security Solution Detections API - - Bulk API - /api/detection_engine/rules/_bulk_create: + - saved objects + /api/saved_objects/_bulk_resolve: post: deprecated: true - description: Create new detection rules in bulk. - operationId: BulkCreateRules + description: > + Retrieve multiple Kibana saved objects by identifier using any legacy + URL aliases if they exist. Under certain circumstances when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved by the bulk resolve API + using either its new ID or its old ID. + operationId: bulkResolveSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleCreateProps + type: object type: array - description: 'A JSON array of rules, where each rule contains the required fields.' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - summary: Create multiple detection rules + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Resolve saved objects tags: - - Security Solution Detections API - - Bulk API - /api/detection_engine/rules/_bulk_delete: - delete: + - saved objects + /api/saved_objects/_bulk_update: + post: deprecated: true - description: Delete detection rules in bulk. - operationId: BulkDeleteRules + description: Update the attributes for multiple Kibana saved objects. + operationId: bulkUpdateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: items: type: object - properties: - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId type: array - description: >- - A JSON array of `id` or `rule_id` fields of the rules you want to - delete. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Delete multiple detection rules - tags: - - Security Solution Detections API - - Bulk API - post: - deprecated: true - description: Deletes multiple rules. - operationId: BulkDeleteRulesPost - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: type: object - properties: - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - type: array - description: >- - A JSON array of `id` or `rule_id` fields of the rules you want to - delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Delete multiple detection rules - tags: - - Security Solution Detections API - - Bulk API - /api/detection_engine/rules/_bulk_update: - patch: - deprecated: true - description: >- - Update specific fields of existing detection rules using the `rule_id` - or `id` field. - operationId: BulkPatchRules - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePatchProps - type: array - description: 'A JSON array of rules, where each rule contains the required fields.' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - summary: Patch multiple detection rules + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Update saved objects tags: - - Security Solution Detections API - - Bulk API - put: - deprecated: true + - saved objects + /api/saved_objects/_export: + post: description: > - Update multiple detection rules using the `rule_id` or `id` field. The - original rules are replaced, and all unspecified fields are deleted. + Retrieve sets of saved objects that you want to import into Kibana. - > info + You must include `type` or `objects` in the request body. - > You cannot modify the `id` or `rule_id` values. - operationId: BulkUpdateRules - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleUpdateProps - type: array - description: >- - A JSON array where each element includes the `id` or `rule_id` field - of the rule you want to update and the fields you want to modify. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - summary: Update multiple detection rules - tags: - - Security Solution Detections API - - Bulk API - /api/detection_engine/rules/_export: - post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - - Actions + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + - - Exception lists + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. - > info - > You cannot export prebuilt rules. - operationId: ExportRules + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault parameters: - - description: Determines whether a summary of the exported rules is returned. - in: query - name: exclude_export_details - required: false - schema: - default: false - type: boolean - - description: File name for saving the exported rules. - in: query - name: file_name - required: false - schema: - default: export.ndjson - type: string + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: '#/components/examples/Saved_objects_export_objects_request' schema: - nullable: true type: object properties: - objects: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. items: type: object - properties: - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - required: - - rule_id type: array - required: - - objects - required: false + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: '#/components/examples/Saved_objects_export_objects_response' schema: - description: An `.ndjson` file containing the returned rules. - format: binary - type: string + additionalProperties: true + type: object description: Indicates a successful call. - summary: Export detection rules + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Export saved objects tags: - - Security Solution Detections API - - Import/Export API - /api/detection_engine/rules/_find: + - saved objects + /api/saved_objects/_find: get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. - operationId: FindRules + deprecated: true + description: Retrieve a paginated set of Kibana saved objects. + operationId: findSavedObjects parameters: - - in: query + - description: > + An aggregation structure, serialized as a string. The field format + is similar to filter, meaning that to use a saved object type + attribute in the aggregation, the `savedObjectType.attributes.title: + "myTitle"` format must be used. For root fields, the syntax is + `savedObjectType.rootField`. NOTE: As objects change in Kibana, the + results on each page of the response also change. Use the find API + for traditional paginated results, but avoid using it to export + large amounts of data. + in: query + name: aggs + schema: + type: string + - description: The default operator to use for the `simple_query_string`. + in: query + name: default_search_operator + schema: + type: string + - description: The fields to return in the attributes key of the response. + in: query name: fields - required: false schema: - items: - type: string - type: array - - description: Search query + oneOf: + - type: string + - type: array + - description: > + The filter is a KQL string with the caveat that if you filter with + an attribute from your saved object type, it should look like that: + `savedObjectType.attributes.title: "myTitle"`. However, if you use a + root attribute of a saved object such as `updated_at`, you will have + to define your filter like that: `savedObjectType.updated_at > + 2018-12-22`. in: query name: filter - required: false schema: type: string - - description: Field to sort by + - description: >- + Filters to objects that do not have a relationship with the type and + identifier combination. + in: query + name: has_no_reference + schema: + type: object + - description: >- + The operator to use for the `has_no_reference` parameter. Either + `OR` or `AND`. Defaults to `OR`. + in: query + name: has_no_reference_operator + schema: + type: string + - description: >- + Filters to objects that have a relationship with the type and ID + combination. in: query - name: sort_field - required: false + name: has_reference schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_FindRulesSortField - - description: Sort order + type: object + - description: >- + The operator to use for the `has_reference` parameter. Either `OR` + or `AND`. Defaults to `OR`. in: query - name: sort_order - required: false + name: has_reference_operator schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_SortOrder' - - description: Page number + type: string + - description: The page of objects to return. in: query name: page - required: false schema: - default: 1 - minimum: 1 type: integer - - description: Rules per page + - description: The number of objects to return per page. in: query name: per_page - required: false schema: - default: 20 - minimum: 0 type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - summary: List all detection rules - tags: - - Security Solution Detections API - - Rules API - /api/detection_engine/rules/_import: - post: - description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: - - - The `Content-Type: multipart/form-data` HTTP header. - - - A link to the `.ndjson` file containing the rules. - operationId: ImportRules - parameters: - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. + An Elasticsearch `simple_query_string` query that filters the + objects in the response. in: query - name: overwrite - required: false + name: search schema: - default: false - type: boolean + type: string - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. + The fields to perform the `simple_query_string` parsed query + against. in: query - name: overwrite_exceptions - required: false + name: search_fields + schema: + oneOf: + - type: string + - type: array + - description: > + Sorts the response. Includes "root" and "type" fields. "root" fields + exist for all saved objects, such as "updated_at". "type" fields are + specific to an object type, such as fields returned in the + attributes key of the response. When a single type is defined in the + type parameter, the "root" and "type" fields are allowed, and + validity checks are made in that order. When multiple types are + defined in the type parameter, only "root" fields are allowed. + in: query + name: sort_field + schema: + type: string + - description: The saved object types to include. + in: query + name: type + required: true + schema: + oneOf: + - type: string + - type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Search for saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false schema: - default: false type: boolean - - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. in: query - name: overwrite_action_connectors + name: overwrite required: false schema: - default: false type: boolean - - description: Generates a new list ID for each imported exception list. + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. in: query - name: as_new_list + name: compatibilityMode required: false schema: - default: false type: boolean requestBody: content: multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: '#/components/examples/Saved_objects_import_objects_request' schema: type: object properties: file: - description: The `.ndjson` file containing the rules. - format: binary - type: string + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: '#/components/examples/Saved_objects_import_objects_response' schema: - additionalProperties: false type: object properties: - action_connectors_errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema - type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_WarningSchema - type: array errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema - type: array - exceptions_errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + type: object type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. type: boolean - success_count: - minimum: 0 + successCount: + description: Indicates the number of successfully imported records. type: integer - required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array description: Indicates a successful call. - summary: Import detection rules + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Import saved objects tags: - - Security Solution Detections API - - Import/Export API - '/api/detection_engine/rules/{id}/exceptions': + - saved objects + /api/saved_objects/_resolve_import_errors: post: - operationId: CreateRuleExceptionListItems + description: > + To resolve errors from the Import objects API, you can: + + + * Retry certain saved objects + + * Overwrite specific saved objects + + * Change references to different saved objects + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: resolveImportErrors parameters: - - description: Detection rule's identifier - in: path - name: id - required: true + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. When enabled during the initial import, also enable when + resolving import errors. This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + - description: > + Creates copies of the saved objects, regenerates each object ID, and + resets the origin. When enabled during the initial import, also + enable when resolving import errors. + in: query + name: createNewCopies + required: false schema: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_RuleId' + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsRequest: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_request schema: type: object properties: - items: + file: + description: The same file given to the import API. + format: binary + type: string + retries: + description: >- + The retry operations, which can specify how to resolve + different types of errors. items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps + type: object + properties: + destinationId: + description: >- + Specifies the destination ID that the imported object + should have, if different from the current ID. + type: string + id: + description: The saved object ID. + type: string + ignoreMissingReferences: + description: >- + When set to `true`, ignores missing reference errors. + When set to `false`, does nothing. + type: boolean + overwrite: + description: >- + When set to `true`, the source object overwrites the + conflicting destination object. When set to `false`, + does nothing. + type: boolean + replaceReferences: + description: >- + A list of `type`, `from`, and `to` used to change the + object references. + items: + type: object + properties: + from: + type: string + to: + type: string + type: + type: string + type: array + type: + description: The saved object type. + type: string + required: + - type + - id type: array required: - - items - description: Rule exception list items + - retries required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - schema: - items: + examples: + resolveImportErrorsResponse: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: + #/components/examples/Saved_objects_resolve_missing_reference_response schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates rule exception list items - tags: - - Security Solution Exceptions API - /api/detection_engine/rules/prepackaged: - put: - description: Install and update all Elastic prebuilt detection rules and Timelines. - operationId: InstallPrebuiltRulesAndTimelines - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false type: object properties: - rules_installed: - description: The number of rules installed - minimum: 0 - type: integer - rules_updated: - description: The number of rules updated - minimum: 0 - type: integer - timelines_installed: - description: The number of timelines installed - minimum: 0 - type: integer - timelines_updated: - description: The number of timelines updated - minimum: 0 - type: integer - required: - - rules_installed - - rules_updated - - timelines_installed - - timelines_updated - description: Indicates a successful call - summary: Install prebuilt detection rules and Timelines - tags: - - Security Solution Detections API - - Prebuilt Rules API - /api/detection_engine/rules/prepackaged/_status: - get: - description: >- - Retrieve the status of all Elastic prebuilt detection rules and - Timelines. - operationId: ReadPrebuiltRulesAndTimelinesStatus - responses: - '200': + errors: + description: > + Specifies the objects that failed to resolve. + + + NOTE: One object can result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and a `conflict` error. + items: + type: object + type: array + success: + description: > + Indicates a successful import. When set to `false`, some + objects may not have been created. For additional + information, refer to the `errors` and `successResults` + properties. + type: boolean + successCount: + description: | + Indicates the number of successfully resolved records. + type: number + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are only created when all resolvable errors + are addressed, including conflict and missing references. + items: + type: object + type: array + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - rules_custom_installed: - description: The total number of custom rules - minimum: 0 - type: integer - rules_installed: - description: The total number of installed prebuilt rules - minimum: 0 - type: integer - rules_not_installed: - description: >- - The total number of available prebuilt rules that are not - installed - minimum: 0 - type: integer - rules_not_updated: - description: The total number of outdated prebuilt rules - minimum: 0 - type: integer - timelines_installed: - description: The total number of installed prebuilt timelines - minimum: 0 - type: integer - timelines_not_installed: - description: >- - The total number of available prebuilt timelines that are - not installed - minimum: 0 - type: integer - timelines_not_updated: - description: The total number of outdated prebuilt timelines - minimum: 0 - type: integer - required: - - rules_custom_installed - - rules_installed - - rules_not_installed - - rules_not_updated - - timelines_installed - - timelines_not_installed - - timelines_not_updated - description: Indicates a successful call - summary: Retrieve the status of prebuilt detection rules and Timelines + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve import errors tags: - - Security Solution Detections API - - Prebuilt Rules API - /api/detection_engine/rules/preview: + - saved objects + '/api/saved_objects/{type}': post: - operationId: RulePreview + deprecated: true + description: Create a Kibana saved object with a randomly generated identifier. + operationId: createSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams - discriminator: - propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' + required: + - attributes required: true responses: '200': @@ -2645,25191 +2173,7664 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - isAborted: - type: boolean - logs: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewLogs - type: array - previewId: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - required: - - logs - description: Successful response - '400': + description: Indicates a successful call. + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + '/api/saved_objects/{type}/{id}': + get: + deprecated: true + description: Retrieve a single Kibana saved object by identifier. + operationId: getSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + type: object + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Preview rule alerts generated on specified time range + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Get a saved object tags: - - Security Solution Detections API - - Rule preview API - /api/detection_engine/signals/assignees: + - saved objects post: - description: | - Assign users to detection alerts, and unassign them from alerts. - > info - > You cannot add and remove the same assignee in the same request. - operationId: SetAlertAssignees + deprecated: true + description: >- + Create a Kibana saved object and specify its identifier instead of using + a randomly generated ID. + operationId: createSavedObjectId + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - assignees: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertAssignees - description: Details about the assignees to assign and unassign. - ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds - description: List of alerts ids to assign and unassign passed assignees. + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' required: - - assignees - - ids + - attributes required: true responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object description: Indicates a successful call. - '400': - description: Invalid request. - summary: Assign and unassign users from detection alerts + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object tags: - - Security Solution Detections API - /api/detection_engine/signals/finalize_migration: - post: - description: > - Finalize successful migrations of detection alerts. This replaces the - original index's alias with the successfully migrated index's alias. - - The endpoint is idempotent; therefore, it can safely be used to poll a - given migration and, upon completion, - - finalize it. - operationId: FinalizeAlertsMigration + - saved objects + put: + deprecated: true + description: Update the attributes for Kibana saved objects. + operationId: updateSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - migration_ids: - items: - type: string - minItems: 1 - type: array - required: - - migration_ids - description: Array of `migration_id`s to finalize required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MigrationFinalizationResult - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': + type: object + description: Indicates a successful call. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + type: object + description: Indicates the object was not found. + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Finalize detection alert migrations + type: object + description: Indicates a conflict error. + summary: Update a saved object tags: - - Security Solution Detections API - - Alerts migration API - /api/detection_engine/signals/migration: - delete: + - saved objects + '/api/saved_objects/resolve/{type}/{id}': + get: + deprecated: true description: > - Migrations favor data integrity over shard size. Consequently, unused or - orphaned indices are artifacts of - - the migration process. A successful migration will result in both the - old and new indices being present. - - As such, the old, orphaned index can (and likely should) be deleted. - - - While you can delete these indices manually, - - the endpoint accomplishes this task by applying a deletion policy to the - relevant index, causing it to be deleted - - after 30 days. It also deletes other artifacts specific to the migration - implementation. - operationId: AlertsMigrationCleanup - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - migration_ids: - items: - type: string - minItems: 1 - type: array - required: - - migration_ids - description: Array of `migration_id`s to cleanup - required: true + Retrieve a single Kibana saved object by identifier using any legacy URL + alias if it exists. Under certain circumstances, when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved using either its new ID or + its old ID. + operationId: resolveSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MigrationCleanupResult - type: array - description: Successful response + type: object + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Clean up detection alert migrations + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve a saved object tags: - - Security Solution Detections API - - Alerts migration API - post: - description: > - Initiate a migration of detection alerts. - - Migrations are initiated per index. While the process is neither - destructive nor interferes with existing data, it may be - resource-intensive. As such, it is recommended that you plan your - migrations accordingly. - operationId: CreateAlertsMigration - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - type: object - properties: - index: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - minItems: 1 - type: array - required: - - index - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsReindexOptions - description: Alerts migration parameters - required: true + - saved objects + /api/status: + get: + operationId: /api/status#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - indices: - items: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexMigrationSuccess - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexMigrationError - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SkippedAlertsIndexMigration - type: array - required: - - indices - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Initiate a detection alert migration + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status tags: - - Security Solution Detections API - - Alerts migration API - /api/detection_engine/signals/migration_status: - post: - description: >- - Retrieve indices that contain detection alerts of a particular age, - along with migration information for each of those indices. - operationId: ReadAlertsMigrationStatus + - system + '/s/{spaceId}/api/observability/slos': + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp parameters: - - description: Maximum age of qualifying detection alerts + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' in: query - name: from - required: true + name: kqlQuery schema: - description: > - Time from which data is analyzed. For example, now-4200s means the - rule analyzes data from 70 minutes - - before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). - format: date-math type: string + - description: 'The page to use for pagination, must be greater or equal than 1' + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - indices: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexMigrationStatus - type: array - required: - - indices - description: Successful response + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Retrieve the status of detection alert migrations + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs tags: - - Security Solution Detections API - - Alerts migration API - /api/detection_engine/signals/search: + - slo post: - description: Find and/or aggregate detection alerts that match the given query. - operationId: SearchAlerts + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: Elasticsearch query and aggregation request - type: object - properties: - _source: - oneOf: - - type: boolean - - type: string - - items: - type: string - type: array - aggs: - additionalProperties: true - type: object - fields: - items: - type: string - type: array - query: - additionalProperties: true - type: object - runtime_mappings: - additionalProperties: true - type: object - size: - minimum: 0 - type: integer - sort: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSort - track_total_hits: - type: boolean - description: Search and/or aggregation query + $ref: '#/components/schemas/SLOs_create_slo_request' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - description: Elasticsearch search response - type: object - description: Successful response + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Find and/or aggregate detection alerts + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + summary: Create an SLO tags: - - Security Solution Detections API - - Alerts API - /api/detection_engine/signals/status: + - slo + '/s/{spaceId}/api/observability/slos/_delete_instances': post: - description: Set the status of one or more detection alerts. - operationId: SetAlertsStatus + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' required: true responses: - '200': + '204': + description: Successful request + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response - '400': + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Set a detection alert status + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + summary: Batch delete rollup and summary data tags: - - Security Solution Detections API - - Alerts API - /api/detection_engine/signals/tags: - post: - description: | - And tags to detection alerts, and remove them from alerts. - > info - > You cannot add and remove the same alert tag in the same request. - operationId: SetAlertTags - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertTags - required: - - ids - - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied - required: true + - slo + '/s/{spaceId}/api/observability/slos/{sloId}': + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response + '204': + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse - description: Internal server error response - summary: Add and remove detection alert tags - tags: - - Security Solution Detections API - - Alerts API - /api/detection_engine/tags: - get: - description: List all unique tags from all detection rules. - operationId: ReadTags - responses: - '200': + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - description: Indicates a successful call - summary: List all detection rule tags + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO tags: - - Security Solution Detections API - - Tags API - /api/encrypted_saved_objects/_rotate_key: - post: + - slo + get: description: > - Superuser role required. - - - If a saved object cannot be decrypted using the primary encryption key, - then Kibana will attempt to decrypt it using the specified - decryption-only keys. In most of the cases this overhead is negligible, - but if you're dealing with a large number of saved objects and - experiencing performance issues, you may want to rotate the encryption - key. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: rotateEncryptionKey + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp parameters: - - description: > - Specifies a maximum number of saved objects that Kibana can process - in a single batch. Bulk key rotation is an iterative process since - Kibana may not be able to fetch and process all required saved - objects in one go and splits processing into consequent batches. By - default, the batch size is 10000, which is also a maximum allowed - value. - in: query - name: batch_size - required: false - schema: - default: 10000 - type: number - - description: > - Limits encryption key rotation only to the saved objects with the - specified type. By default, Kibana tries to rotate the encryption - key for all saved object types that may contain encrypted - attributes. + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde in: query - name: type - required: false + name: instanceId schema: type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - rotateEncryptionKeyResponse: - $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: - type: object - properties: - failed: - description: > - Indicates the number of the saved objects that were still - encrypted with one of the old encryption keys that Kibana - failed to re-encrypt with the primary key. - type: number - successful: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - - - NOTE: In most cases, `total` will be greater than - `successful` even if `failed` is zero. The reason is that - Kibana may not need or may not be able to rotate - encryption keys for all encrypted saved objects. - type: number - total: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - type: number - description: Indicates a successful call. + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' + $ref: '#/components/schemas/SLOs_400_response' description: Bad request - '429': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Already in progress. - summary: Rotate a key for encrypted saved objects + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO tags: - - saved objects - /api/endpoint_list: - post: - description: Creates an endpoint list or does nothing if the list already exists - operationId: CreateEndpointList + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointList - description: Successful response + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '500': + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Creates an endpoint list - /api/endpoint_list/items: - delete: - operationId: DeleteEndpointListItem + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/_reset': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: - '200': + '204': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - description: Successful response + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Deletes an endpoint list item - get: - operationId: ReadEndpointListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Reads an endpoint list item + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/disable': post: - operationId: CreateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray - item_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item already exists - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Creates an endpoint list item - put: - operationId: UpdateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - description: Successful response + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Updates an endpoint list item - /api/endpoint_list/items/_find: - get: - operationId: FindEndpointListItems + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/enable': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp parameters: - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response + '204': + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Finds endpoint list items - /api/endpoint/action: - get: - description: Get a list of action requests and their responses - operationId: EndpointGetActionsList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Actions List schema + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO tags: - - Security Solution Endpoint Management API - '/api/endpoint/action_log/{agent_id}': - get: - deprecated: true - description: Get action requests log - operationId: EndpointGetActionLog - parameters: - - in: path - name: agent_id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionLogRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get action requests log schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/action_status: - get: - description: Get action status - operationId: EndpointGetActionsStatus - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agent_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse - description: OK - summary: Get Actions status schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/action/{action_id}': - get: - description: Get action details - operationId: EndpointGetActionsDetails - parameters: - - in: path - name: action_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Action details schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}/download`': - get: - description: Download a file from an endpoint - operationId: EndpointFileDownload - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: File Download schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}`': - get: - description: Get file info - operationId: EndpointFileInfo - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: File Info schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/execute: - post: - description: Execute a given command on an endpoint - operationId: EndpointExecuteAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Execute Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/get_file: - post: - description: Get a file from an endpoint - operationId: EndpointGetFileAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get File Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/isolate: - post: - description: Isolate an endpoint - operationId: EndpointIsolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Isolate Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/kill_process: - post: - description: Kill a running process on an endpoint - operationId: EndpointKillProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_KillOrSuspendActionSchema - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Kill process Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/running_procs: - post: - description: Get list of running processes on an endpoint - operationId: EndpointGetProcessesAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Running Processes Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/scan: - post: - description: Scan a file or directory - operationId: EndpointScanAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ScanRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Scan Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/state: - get: - operationId: EndpointGetActionsState - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse - description: OK - summary: Get Action State schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/suspend_process: - post: - description: Suspend a running process on an endpoint - operationId: EndpointSuspendProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_KillOrSuspendActionSchema - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Suspend process Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/unisolate: - post: - description: Release an endpoint - operationId: EndpointUnisolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Unisolate Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/action/upload: - post: - description: Upload a file to an endpoint - operationId: EndpointUploadAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UploadRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Upload Action - tags: - - Security Solution Endpoint Management API - /api/endpoint/isolate: - post: - deprecated: true - operationId: EndpointIsolateRedirect - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - '308': - description: Permanent Redirect - headers: - Location: - description: Permanently redirects to "/api/endpoint/action/isolate" - schema: - example: /api/endpoint/action/isolate - type: string - summary: Permanently redirects to a new location - tags: - - Security Solution Endpoint Management API - /api/endpoint/metadata: - get: - operationId: GetEndpointMetadataList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ListRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Metadata List schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/metadata/{id}': - get: - operationId: GetEndpointMetadata - parameters: - - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Metadata schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/metadata/transforms: - get: - operationId: GetEndpointMetadataTransform - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Metadata Transform schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/policy_response: - get: - operationId: GetPolicyResponse - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agentId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Policy Response schema - tags: - - Security Solution Endpoint Management API - /api/endpoint/policy/summaries: - get: - deprecated: true - operationId: GetAgentPolicySummary - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - package_name: - type: string - policy_id: - nullable: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get Agent Policy Summary schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/protection_updates_note/{package_policy_id}': - get: - operationId: GetProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Get Protection Updates Note schema - tags: - - Security Solution Endpoint Management API - post: - operationId: CreateUpdateProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - note: - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Create Update Protection Updates Note schema - tags: - - Security Solution Endpoint Management API - '/api/endpoint/suggestions/{suggestion_type}': - post: - operationId: GetEndpointSuggestions - parameters: - - in: path - name: suggestion_type - required: true - schema: - enum: - - eventFilters - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - field: - type: string - fieldMeta: {} - filters: {} - query: - type: string - required: - - parameters - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get suggestions - tags: - - Security Solution Endpoint Management API - /api/endpoint/unisolate: - post: - deprecated: true - operationId: EndpointUnisolateRedirect - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse - description: OK - '308': - description: Permanent Redirect - headers: - Location: - description: Permanently redirects to "/api/endpoint/action/unisolate" - schema: - example: /api/endpoint/action/unisolate - type: string - summary: Permanently redirects to a new location - tags: - - Security Solution Endpoint Management API - /api/exception_lists: - delete: - operationId: DeleteExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Deletes an exception list - tags: - - Security Solution Exceptions API - get: - operationId: ReadExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Retrieves an exception list using its `id` or `list_id` field - tags: - - Security Solution Exceptions API - post: - operationId: CreateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion - default: 1 - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates an exception list - tags: - - Security Solution Exceptions API - put: - operationId: UpdateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Updates an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/_duplicate: - post: - operationId: DuplicateExceptionList - parameters: - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list to duplicate not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Duplicates an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/_export: - post: - description: Exports an exception list and its associated items to an .ndjson file - operationId: ExportExceptionList - parameters: - - description: Exception list's identifier - in: query - name: id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: >- - A `.ndjson` file containing specified exception list and its - items - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Exports an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/_find: - get: - operationId: FindExceptionLists - parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: - - - - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - type: array - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of exception lists to return per page - in: query - name: per_page - required: false - schema: - minimum: 1 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - type: string - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Finds exception lists - tags: - - Security Solution Exceptions API - /api/exception_lists/_import: - post: - description: Imports an exception list and associated items - operationId: ImportExceptionList - parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false - schema: - default: false - type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - - list and its items are overwritten. - in: query - name: as_new_list - required: false - schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Imports an exception list - tags: - - Security Solution Exceptions API - /api/exception_lists/items: - delete: - operationId: DeleteExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Deletes an exception list item - tags: - - Security Solution Exceptions API - get: - operationId: ReadExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Gets an exception list item - tags: - - Security Solution Exceptions API - post: - operationId: CreateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType - required: - - list_id - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates an exception list item - tags: - - Security Solution Exceptions API - put: - operationId: UpdateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Updates an exception list item - tags: - - Security Solution Exceptions API - /api/exception_lists/items/_find: - get: - operationId: FindExceptionListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - type: array - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - default: [] - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListItemsFilter - type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - type: array - - in: query - name: search - required: false - schema: - type: string - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Finds exception list items - tags: - - Security Solution Exceptions API - /api/exception_lists/summary: - get: - operationId: ReadExceptionListSummary - parameters: - - description: Exception list's identifier generated upon creation - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - - description: Exception list's human readable identifier - in: query - name: list_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - - description: Search filter clause - in: query - name: filter - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Retrieves an exception list summary - tags: - - Security Solution Exceptions API - /api/exceptions/shared: - post: - operationId: CreateSharedExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - required: - - name - - description - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse - description: Internal server error response - summary: Creates a shared exception list - tags: - - Security Solution Exceptions API - /api/lists: - delete: - operationId: DeleteList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - in: query - name: deleteReferences - required: false - schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Deletes a list - tags: - - Security Solution Lists API - get: - operationId: ReadList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Retrieves a list using its id field - tags: - - Security Solution Lists API - patch: - operationId: PatchList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata - name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Patches a list - tags: - - Security Solution Lists API - post: - operationId: CreateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata - name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Creates a list - tags: - - Security Solution Lists API - put: - operationId: UpdateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata - name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - - name - - description - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Updates a list - tags: - - Security Solution Lists API - /api/lists/_find: - get: - operationId: FindLists - parameters: - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListsCursor - data: - items: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Finds lists - tags: - - Security Solution Lists API - /api/lists/index: - delete: - operationId: DeleteListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List data stream not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Deletes list data streams - tags: - - Security Solution Lists API - get: - operationId: ReadListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List data stream(s) not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Get list data stream existence status - tags: - - Security Solution Lists API - post: - operationId: CreateListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Creates necessary list data streams - tags: - - Security Solution Lists API - /api/lists/items: - delete: - operationId: DeleteListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Deletes a list item - tags: - - Security Solution Lists API - get: - operationId: ReadListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Gets a list item - tags: - - Security Solution Lists API - patch: - operationId: PatchListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue - required: - - id - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Patches a list item - tags: - - Security Solution Lists API - post: - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue - required: - - list_id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Creates a list item - tags: - - Security Solution Lists API - put: - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata - value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue - required: - - id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Updates a list item - tags: - - Security Solution Lists API - /api/lists/items/_export: - post: - description: Exports list item values from the specified list - operationId: ExportListItems - parameters: - - description: List's id to export - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Exports list items - tags: - - Security Solution Lists API - /api/lists/items/_find: - get: - operationId: FindListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsFilter - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor - data: - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Finds list items - tags: - - Security Solution Lists API - /api/lists/items/_import: - post: - description: > - Imports a list of items from a `.txt` or `.csv` file. The maximum file - size is 9 million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems - parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type - required: false - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - - in: query - name: serializer - required: false - schema: - type: string - - in: query - name: deserializer - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - enum: - - 'true' - - 'false' - - wait_for - type: string - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Imports list items - tags: - - Security Solution Lists API - /api/lists/privileges: - get: - operationId: ReadListPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemPrivileges - lists: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListPrivileges - required: - - lists - - listItems - - is_authenticated - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse - description: Internal server error response - summary: Gets list privileges - tags: - - Security Solution Lists API - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync saved objects in the default space - tags: - - ml - /api/note: - delete: - operationId: DeleteNote - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds - description: The id of the note to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - description: Indicates the note was successfully deleted. - summary: Deletes a note from a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - get: - description: Gets notes - operationId: GetNotes - parameters: - - in: query - name: documentIds - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DocumentIds' - - in: query - name: page - schema: - nullable: true - type: number - - in: query - name: perPage - schema: - nullable: true - type: number - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: sortField - schema: - nullable: true - type: string - - in: query - name: sortOrder - schema: - nullable: true - type: string - - in: query - name: filter - schema: - nullable: true - type: string - responses: - '200': - description: Indicates the requested notes were returned. - summary: Get all notes for a given document. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - patch: - operationId: PersistNoteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true - type: string - note: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - noteId: - nullable: true - type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true - type: string - required: - - note - description: The note to persist or update along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistNote: - type: object - properties: - code: - type: number - message: - type: string - note: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Note - required: - - code - - message - - note - required: - - persistNote - required: - - data - description: Indicates the note was successfully created. - summary: Persists a note to a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/osquery/live_queries: - get: - operationId: OsqueryFindLiveQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Find live queries - tags: - - Security Solution Osquery API - post: - operationId: OsqueryCreateLiveQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateLiveQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Solution Osquery API - '/api/osquery/live_queries/{id}': - get: - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - - in: query - name: query - schema: - additionalProperties: true - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details - tags: - - Security Solution Osquery API - '/api/osquery/live_queries/{id}/results/{actionId}': - get: - operationId: OsqueryGetLiveQueryResults - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - - in: path - name: actionId - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Solution Osquery API - /api/osquery/packs: - get: - operationId: OsqueryFindPacks - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindPacksRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Find packs - tags: - - Security Solution Osquery API - post: - operationId: OsqueryCreatePacks - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreatePacksRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a packs - tags: - - Security Solution Osquery API - '/api/osquery/packs/{id}': - delete: - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete packs - tags: - - Security Solution Osquery API - get: - operationId: OsqueryGetPacksDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs details - tags: - - Security Solution Osquery API - put: - operationId: OsqueryUpdatePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdatePacksRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update packs - tags: - - Security Solution Osquery API - /api/osquery/saved_queries: - get: - operationId: OsqueryFindSavedQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Find saved queries - tags: - - Security Solution Osquery API - post: - operationId: OsqueryCreateSavedQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Solution Osquery API - '/api/osquery/saved_queries/{id}': - delete: - operationId: OsqueryDeleteSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete saved query - tags: - - Security Solution Osquery API - get: - operationId: OsqueryGetSavedQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Solution Osquery API - put: - operationId: OsqueryUpdateSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update saved query - tags: - - Security Solution Osquery API - /api/pinned_event: - patch: - operationId: PersistPinnedEventRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to persist or update along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent - - type: object - properties: - code: - type: number - message: - type: string - required: - - persistPinnedEventOnTimeline - required: - - data - description: Indicate the event was successfully pinned in the timeline. - summary: Persists a pinned event to a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/saved_objects/_bulk_create: - post: - deprecated: true - operationId: bulkCreateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: 'When true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Create saved objects - tags: - - saved objects - /api/saved_objects/_bulk_delete: - post: - deprecated: true - description: | - WARNING: When you delete a saved object, it cannot be recovered. - operationId: bulkDeleteSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Delete saved objects - tags: - - saved objects - /api/saved_objects/_bulk_get: - post: - deprecated: true - operationId: bulkGetSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Get saved objects - tags: - - saved objects - /api/saved_objects/_bulk_resolve: - post: - deprecated: true - description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. - operationId: bulkResolveSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Resolve saved objects - tags: - - saved objects - /api/saved_objects/_bulk_update: - post: - deprecated: true - description: Update the attributes for multiple Kibana saved objects. - operationId: bulkUpdateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Update saved objects - tags: - - saved objects - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_find: - get: - deprecated: true - description: Retrieve a paginated set of Kibana saved objects. - operationId: findSavedObjects - parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - in: query - name: aggs - schema: - type: string - - description: The default operator to use for the `simple_query_string`. - in: query - name: default_search_operator - schema: - type: string - - description: The fields to return in the attributes key of the response. - in: query - name: fields - schema: - oneOf: - - type: string - - type: array - - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - in: query - name: has_no_reference - schema: - type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - in: query - name: has_no_reference_operator - schema: - type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. - in: query - name: has_reference - schema: - type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - in: query - name: has_reference_operator - schema: - type: string - - description: The page of objects to return. - in: query - name: page - schema: - type: integer - - description: The number of objects to return per page. - in: query - name: per_page - schema: - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. - in: query - name: sort_field - schema: - type: string - - description: The saved object types to include. - in: query - name: type - required: true - schema: - oneOf: - - type: string - - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Search for saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - /api/saved_objects/_resolve_import_errors: - post: - description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: resolveImportErrors - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. - in: query - name: createNewCopies - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request - schema: - type: object - properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. - items: - type: object - properties: - destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. - type: string - id: - description: The saved object ID. - type: string - ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. - type: boolean - overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. - type: boolean - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. - items: - type: object - properties: - from: - type: string - to: - type: string - type: - type: string - type: array - type: - description: The saved object type. - type: string - required: - - type - - id - type: array - required: - - retries - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response - schema: - type: object - properties: - errors: - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. - items: - type: object - type: array - success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve import errors - tags: - - saved objects - '/api/saved_objects/{type}': - post: - deprecated: true - description: Create a Kibana saved object with a randomly generated identifier. - operationId: createSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object - tags: - - saved objects - '/api/saved_objects/{type}/{id}': - get: - deprecated: true - description: Retrieve a single Kibana saved object by identifier. - operationId: getSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Get a saved object - tags: - - saved objects - post: - deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - operationId: createSavedObjectId - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object - tags: - - saved objects - put: - deprecated: true - description: Update the attributes for Kibana saved objects. - operationId: updateSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates the object was not found. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Update a saved object - tags: - - saved objects - '/api/saved_objects/resolve/{type}/{id}': - get: - deprecated: true - description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - operationId: resolveSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve a saved object - tags: - - saved objects - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - The bulk action is applied to all anonymization fields that match the - filter or to the list of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Applies a bulk action to multiple anonymization fields - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: - get: - description: Finds anonymization fields that match the given query. - operationId: FindAnonymizationFields - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Finds anonymization fields that match the given query. - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Creates a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Creates a model response for the given chat conversation. - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a conversation - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Finds conversations that match the given query. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Finds conversations that match the given query. - tags: - - Security AI Assistant API - - Conversations API - '/api/security_ai_assistant/current_user/conversations/{id}': - delete: - description: Deletes a single conversation using the `id` field. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Deletes a single conversation using the `id` field. - tags: - - Security AI Assistant API - - Conversation API - get: - description: Read a single conversation - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Read a single conversation - tags: - - Security AI Assistant API - - Conversations API - put: - description: Update a single conversation - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Update a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - The bulk action is applied to all prompts that match the filter or to - the list of prompts by their IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Applies a bulk action to multiple prompts - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: - get: - description: Finds prompts that match the given query. - operationId: FindPrompts - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Finds prompts that match the given query. - tags: - - Security AI Assistant API - - Prompts API - /api/status: - get: - operationId: /api/status#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /api/timeline: - delete: - operationId: DeleteTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - savedObjectIds: - items: - type: string - type: array - searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines - items: - type: string - type: array - required: - - savedObjectIds - description: The ids of the timelines or timeline templates to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline - required: - - data - description: Indicates the timeline was successfully deleted. - summary: Deletes one or more timelines or timeline templates. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - get: - operationId: GetTimeline - parameters: - - description: The ID of the template timeline to retrieve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to retrieve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - nullable: true - required: - - getOneTimeline - required: - - data - description: Indicates that the (template) timeline was found and returned. - summary: >- - Get an existing saved timeline or timeline template. This API is used to - retrieve an existing saved timeline or timeline template. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - patch: - description: >- - Updates an existing timeline. This API is used to update the title, - description, date range, pinned events, pinned queries, and/or pinned - saved queries of an existing timeline. - operationId: PatchTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline - timelineId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - timelineId - - version - - timeline - description: The timeline updates along with the timeline ID and version. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - timeline - required: - - persistTimeline - required: - - data - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates that the user does not have the required access to create - a draft timeline. - summary: Updates an existing timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - post: - operationId: CreateTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - status: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineStatus - nullable: true - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline - timelineId: - nullable: true - type: string - timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType - nullable: true - version: - nullable: true - type: string - required: - - timeline - description: >- - The required timeline fields used to create a new timeline along with - optional fields that will be created if not provided. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - persistTimeline - required: - - data - description: Indicates the timeline was successfully created. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that there was an error in the timeline creation. - summary: Creates a new timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_draft: - get: - operationId: GetDraftTimelines - parameters: - - in: query - name: timelineType - required: true - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - timeline - required: - - persistTimeline - required: - - data - description: Indicates that the draft timeline was successfully retrieved. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - If a draft timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft timeline. - '409': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - This should never happen, but if a draft timeline was not found and - we attempted to create one, it indicates that there is already a - draft timeline with the given timelineId. - summary: >- - Retrieves the draft timeline for the current user. If the user does not - have a draft timeline, an empty timeline is returned. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - post: - description: > - Retrieves a clean draft timeline. If a draft timeline does not exist, it - is created and returned. - operationId: CleanDraftTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType - required: - - timelineType - description: >- - The type of timeline to create. Valid values are `default` and - `template`. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - required: - - timeline - required: - - persistTimeline - required: - - data - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft timeline. - '409': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that there is already a draft timeline with the given - timelineId. - summary: Retrieves a draft timeline or timeline template. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_export: - post: - operationId: ExportTimelines - parameters: - - description: The name of the file to export - in: query - name: file_name - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array - description: The ids of the timelines to export - required: true - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: NDJSON of the exported timelines - type: string - description: Indicates the timelines were successfully exported - '400': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that the export size limit was exceeded - summary: Exports timelines as an NDJSON file - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_favorite: - patch: - operationId: PersistFavoriteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType - description: The required fields used to favorite a (template) timeline. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistFavorite: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResponse - required: - - persistFavorite - required: - - data - description: Indicates the favorite status was successfully updated. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. - summary: Persists a given users favorite status of a timeline. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_import: - post: - operationId: ImportTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Readable - - type: object - properties: - hapi: - type: object - properties: - filename: - type: string - headers: - type: object - isImmutable: - enum: - - 'true' - - 'false' - type: string - required: - - filename - - headers - required: - - hapi - description: The timelines to import as a readable stream. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult - required: - - data - description: Indicates the import of timelines was successful. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: >- - Indicates the import of timelines was unsuccessful because of an - invalid file extension. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - statusCode: - type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: Indicates the import of timelines was unsuccessful. - summary: Imports timelines. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/_prepackaged: - post: - operationId: InstallPrepackedTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline - type: array - timelinesToInstall: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines - nullable: true - type: array - timelinesToUpdate: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines - description: The timelines to install or update. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult - required: - - data - description: Indicates the installation of prepackaged timelines was successful. - '500': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the installation of prepackaged timelines was - unsuccessful. - summary: Installs prepackaged timelines. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timeline/resolve: - get: - operationId: ResolveTimeline - parameters: - - description: The ID of the template timeline to resolve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to resolve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - nullable: true - required: - - getOneTimeline - required: - - data - description: The (template) timeline has been found - '400': - description: The request is missing parameters - '404': - description: The (template) timeline was not found - summary: Get an existing saved timeline or timeline template. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - /api/timelines: - get: - operationId: GetTimelines - parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. - in: query - name: only_user_favorite - schema: - enum: - - 'true' - - 'false' - nullable: true - type: string - - in: query - name: timeline_type - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' - nullable: true - - in: query - name: sort_field - schema: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SortFieldTimeline - - in: query - name: sort_order - schema: - enum: - - asc - - desc - type: string - - in: query - name: page_size - schema: - nullable: true - type: string - - in: query - name: page_index - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: status - schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineStatus' - nullable: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - customTemplateTimelineCount: - type: number - defaultTimelineCount: - type: number - elasticTemplateTimelineCount: - type: number - favoriteCount: - type: number - templateTimelineCount: - type: number - timelines: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse - type: array - totalCount: - type: number - required: - - timelines - - totalCount - - defaultTimelineCount - - templateTimelineCount - - favoriteCount - - elasticTemplateTimelineCount - - customTemplateTimelineCount - required: - - data - description: Indicates that the (template) timelines were found and returned. - '400': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Bad request. The user supplied invalid data. - summary: >- - This API is used to retrieve a list of existing saved timelines or - timeline templates. - tags: - - Security Solution Timeline API - - 'access:securitySolution' - '/s/{spaceId}/api/observability/slos': - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: 'The page to use for pagination, must be greater or equal than 1' - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs - tags: - - slo - post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - summary: Create an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/_delete_instances': - post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - summary: Batch delete rollup and summary data - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}': - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO - tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/_reset': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/disable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/enable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO - tags: - - slo -components: - examples: - Connectors_create_email_connector_request: - summary: Create an email connector. - value: - config: - from: tester@example.com - hasAuth: true - host: 'https://example.com' - port: 1025 - secure: false - service: other - connector_type_id: .email - name: email-connector-1 - secrets: - password: password - user: username - Connectors_create_email_connector_response: - summary: A new email connector. - value: - config: - clientId: null - from: tester@example.com - hasAuth: true - host: 'https://example.com' - oauthTokenUrl: null - port: 1025 - secure: false - service: other - tenantId: null - connector_type_id: .email - id: 90a82c60-478f-11ee-a343-f98a117c727f - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: email-connector-1 - Connectors_create_index_connector_request: - summary: Create an index connector. - value: - config: - index: test-index - connector_type_id: .index - name: my-connector - Connectors_create_index_connector_response: - summary: A new index connector. - value: - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-connector - Connectors_create_webhook_connector_request: - summary: Create a webhook connector with SSL authentication. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - method: post - url: 'https://example.com' - connector_type_id: .webhook - name: my-webhook-connector - secrets: - crt: QmFnIEF0dH... - key: LS0tLS1CRUdJ... - password: my-passphrase - Connectors_create_webhook_connector_response: - summary: A new webhook connector. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - hasAuth: true - headers: null - method: post - url: 'https://example.com' - verificationMode: full - connector_type_id: .webhook - id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-webhook-connector - Connectors_create_xmatters_connector_request: - summary: Create an xMatters connector with URL authentication. - value: - config: - usesBasic: false - connector_type_id: .xmatters - name: my-xmatters-connector - secrets: - secretsUrl: 'https://example.com?apiKey=xxxxx' - Connectors_create_xmatters_connector_response: - summary: A new xMatters connector. - value: - config: - configUrl: null - usesBasic: false - connector_type_id: .xmatters - id: 4d2d8da0-4d1f-11ee-9367-577408be4681 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-xmatters-connector - Connectors_get_connector_response: - summary: Get connector details. - value: - config: {} - connector_type_id: .server-log - id: df770e30-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my_server_log_connector - Connectors_get_connector_types_generativeai_response: - summary: A list of connector types for the `generativeAI` feature. - value: - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gen-ai - is_system_action_type: false - minimum_license_required: enterprise - name: OpenAI - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .bedrock - is_system_action_type: false - minimum_license_required: enterprise - name: AWS Bedrock - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gemini - is_system_action_type: false - minimum_license_required: enterprise - name: Google Gemini - supported_feature_ids: - - generativeAIForSecurity - Connectors_get_connectors_response: - summary: A list of connectors - value: - - connector_type_id: .email - id: preconfigured-email-connector - is_deprecated: false - is_preconfigured: true - is_system_action: false - name: my-preconfigured-email-notification - referenced_by_count: 0 - - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: e07d0c80-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-index-connector - referenced_by_count: 2 - Connectors_run_cases_webhook_connector_request: - summary: Run a Webhook - Case Management connector to create a case. - value: - params: - subAction: pushToService - subActionParams: - comments: - - comment: A comment about the incident. - commentId: 1 - incident: - description: Description of the incident. - id: caseID - severity: low - status: open - tags: - - tag1 - - tag2 - title: Case title - Connectors_run_cases_webhook_connector_response: - summary: >- - Response from a pushToService action for a Webhook - Case Management - connector. - value: - connector_id: 1824b5b8-c005-4dcc-adac-57f92db46459 - data: - comments: - - commentId: 1 - pushedDate: '2023-12-05T19:43:36.360Z' - id: 100665 - pushedDate: '2023-12-05T19:43:36.360Z' - title: TEST-29034 - url: 'https://example.com/browse/TEST-29034' - status: ok - Connectors_run_email_connector_request: - summary: Send an email message from an email connector. - value: - params: - bcc: - - user1@example.com - cc: - - user2@example.com - - user3@example.com - message: Test email message. - subject: Test message subject - to: - - user4@example.com - Connectors_run_email_connector_response: - summary: Response for sending a message from an email connector. - value: - connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 - data: - accepted: - - user1@example.com - - user2@example.com - - user3@example.com - - user4@example.com - envelope: - from: tester@example.com - to: - - user1@example.com - - user2@example.com - - user3@example.com - - user4@example.com - envelopeTime: 8 - messageId: <08a92d29-642a-0706-750c-de5996bd5cf3@example.com> - messageSize: 729 - messageTime: 3 - rejected: [] - response: 250 Message queued as QzEXKcGJ - status: ok - Connectors_run_index_connector_request: - summary: Run an index connector. - value: - params: - documents: - - id: my_doc_id - message: 'hello, world' - name: my_doc_name - Connectors_run_index_connector_response: - summary: Response from running an index connector. - value: - connector_id: fd38c600-96a5-11ed-bb79-353b74189cba - data: - errors: false - items: - - create: - _id: 4JtvwYUBrcyxt2NnfW3y - _index: my-index - _primary_term: 1 - _seq_no: 0 - _shards: - failed: 0 - successful: 1 - total: 2 - _version: 1 - result: created - status: 201 - took: 135 - status: ok - Connectors_run_jira_connector_request: - summary: Run a Jira connector to retrieve the list of issue types. - value: - params: - subAction: issueTypes - Connectors_run_jira_connector_response: - summary: Response from retrieving the list of issue types for a Jira connector. - value: - connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 - data: - - id: 10024 - name: Improvement - - id: 10006 - name: Task - - id: 10007 - name: Sub-task - - id: 10025 - name: New Feature - - id: 10023 - name: Bug - - id: 10000 - name: Epic - status: ok - Connectors_run_pagerduty_connector_request: - summary: Run a PagerDuty connector to trigger an alert. - value: - params: - customDetails: - my_data_1: test data - eventAction: trigger - links: - - href: 'http://example.com/pagerduty' - text: An example link - summary: A brief event summary - Connectors_run_pagerduty_connector_response: - summary: Response from running a PagerDuty connector. - value: - connector_id: 45de9f70-954f-4608-b12a-db7cf808e49d - data: - dedup_key: 5115e138b26b484a81eaea779faa6016 - message: Event processed - status: success - status: ok - Connectors_run_server_log_connector_request: - summary: Run a server log connector. - value: - params: - level: warn - message: Test warning message. - Connectors_run_server_log_connector_response: - summary: Response from running a server log connector. - value: - connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 - status: ok - Connectors_run_servicenow_itom_connector_request: - summary: Run a ServiceNow ITOM connector to retrieve the list of choices. - value: - params: - subAction: getChoices - subActionParams: - fields: - - severity - - urgency - Connectors_run_servicenow_itom_connector_response: - summary: >- - Response from retrieving the list of choices for a ServiceNow ITOM - connector. - value: - connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698 - data: - - dependent_value: '' - element: severity - label: Critical - value: 1 - - dependent_value: '' - element: severity - label: Major - value: 2 - - dependent_value: '' - element: severity - label: Minor - value: 3 - - dependent_value: '' - element: severity - label: Warning - value: 4 - - dependent_value: '' - element: severity - label: OK - value: 5 - - dependent_value: '' - element: severity - label: Clear - value: 0 - - dependent_value: '' - element: urgency - label: 1 - High - value: 1 - - dependent_value: '' - element: urgency - label: 2 - Medium - value: 2 - - dependent_value: '' - element: urgency - label: 3 - Low - value: 3 - status: ok - Connectors_run_slack_api_connector_request: - summary: >- - Run a Slack connector that uses the web API method to post a message on - a channel. - value: - params: - subAction: postMessage - subActionParams: - channelIds: - - C123ABC456 - text: A test message. - Connectors_run_slack_api_connector_response: - summary: Response from posting a message with a Slack connector. - value: - connector_id: .slack_api - data: - channel: C123ABC456 - message: - app_id: A01BC2D34EF - blocks: - - block_id: /NXe - elements: - - elements: - - text: A test message. - type: text - type: rich_text_section - type: rich_text - bot_id: B12BCDEFGHI - bot_profile: - app_id: A01BC2D34EF - deleted: false - icons: - image_36: 'https://a.slack-edge.com/80588/img/plugins/app/bot_36.png' - id: B12BCDEFGHI - name: test - team_id: T01ABCDE2F - updated: 1672169705 - team: T01ABCDE2F - text: A test message - ts: '1234567890.123456' - type: message - user: U12A345BC6D - ok: true - ts: '1234567890.123456' - status: ok - Connectors_run_swimlane_connector_request: - summary: Run a Swimlane connector to create an incident. - value: - params: - subAction: pushToService - subActionParams: - comments: - - comment: A comment about the incident. - commentId: 1 - incident: - caseId: '1000' - caseName: Case name - description: Description of the incident. - Connectors_run_swimlane_connector_response: - summary: Response from creating a Swimlane incident. - value: - connector_id: a4746470-2f94-11ed-b0e0-87533c532698 - data: - comments: - - commentId: 1 - pushedDate: '2022-09-08T16:52:27.865Z' - id: aKPmBHWzmdRQtx6Mx - pushedDate: '2022-09-08T16:52:27.866Z' - title: TEST-457 - url: >- - https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx - status: ok - Connectors_update_index_connector_request: - summary: Update an index connector. - value: - config: - index: updated-index - name: updated-connector - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: 'emit(doc[''shape_name''].value)' - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: 'emit(doc["foo"].value)' - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: '$0,0.00' - products.base_unit_price: - id: number - params: - pattern: '$0,0.00' - products.min_price: - id: number - params: - pattern: '$0,0.00' - products.price: - id: number - params: - pattern: '$0,0.00' - products.taxful_price: - id: number - params: - pattern: '$0,0.00' - products.taxless_price: - id: number - params: - pattern: '$0,0.00' - taxful_total_price: - id: number - params: - pattern: '$0,0.[00]' - taxless_total_price: - id: number - params: - pattern: '$0,0.00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category - type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name - type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name - type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name - type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer - type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer - type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name - type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: '$0,0.[00]' - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: 'emit(doc["bar"].value)' - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Saved_objects_import_objects_request: - value: - file: file.ndjson - Saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - Saved_objects_key_rotation_response: - summary: Encryption key rotation using default parameters. - value: - failed: 0 - successful: 300 - total: 1000 - Saved_objects_resolve_missing_reference_request: - value: - file: file.ndjson - retries: - - id: my-pattern - overwrite: true - type: index-pattern - - destinationId: another-vis - id: my-vis - overwrite: true - type: visualization - - destinationId: yet-another-canvas - id: my-canvas - overwrite: true - type: canvas - - id: my-dashboard - type: dashboard - Saved_objects_resolve_missing_reference_response: - summary: Resolve missing reference errors. - value: - success: true - successCount: 3 - successResults: - - id: my-vis - meta: - icon: visualizeApp - title: Look at my visualization - type: visualization - - id: my-search - meta: - icon: searchApp - title: Look at my search - type: search - - id: my-dashboard - meta: - icon: dashboardApp - title: Look at my dashboard - type: dashboard - parameters: - Connectors_action_id: - description: An identifier for the action. - in: path - name: actionId - required: true - schema: - example: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad - type: string - Connectors_connector_id: - description: An identifier for the connector. - in: path - name: connectorId - required: true - schema: - example: df770e30-8b8b-11ed-a780-3b746c987a81 - type: string - Connectors_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Saved_objects_saved_object_id: - description: An identifier for the saved object. - in: path - name: id - required: true - schema: - type: string - Saved_objects_saved_object_type: - description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. - in: path - name: type - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - responses: - Connectors_200_actions: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Connectors_action_response_properties' - description: Indicates a successful call. - Connectors_401: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unauthorized response - type: object - description: Authorization information is missing or invalid. - Connectors_404: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not - found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - title: Not found response - type: object - description: Object is not found. - schemas: - Connectors_action_response_properties: - description: The properties vary depending on the action type. - properties: - actionTypeId: - type: string - config: - type: object - id: - type: string - isDeprecated: - description: Indicates whether the action type is deprecated. - type: boolean - isMissingSecrets: - description: Indicates whether secrets are missing for the action. - type: boolean - isPreconfigured: - description: Indicates whether it is a preconfigured action. - type: boolean - name: - type: string - title: Action response properties - type: object - Connectors_config_properties_bedrock: - description: Defines properties for connectors when type is `.bedrock`. - properties: - apiUrl: - description: The Amazon Bedrock request URL. - type: string - defaultModel: - default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' - description: > - The generative artificial intelligence model for Amazon Bedrock to - use. Current support is for the Anthropic Claude models. - type: string - required: - - apiUrl - title: Connector request properties for an Amazon Bedrock connector - type: object - Connectors_config_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - createCommentJson: - description: > - A JSON payload sent to the create comment URL to create a case - comment. You can use variables to add Kibana Cases data to the - payload. The required variable is `case.comment`. Due to Mustache - template variables (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated once the Mustache variables have - been placed when the REST method runs. Manually ensure that the JSON - is valid, disregarding the Mustache variables, so the later - validation will pass. - example: '{"body": {{{case.comment}}}}' - type: string - createCommentMethod: - default: put - description: > - The REST API HTTP request method to create a case comment in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createCommentUrl: - description: > - The REST API URL to create a case comment by ID in the third-party - system. You can use a variable to add the external system ID to the - URL. If you are using the `xpack.actions.allowedHosts setting`, add - the hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.id}}}/comment' - type: string - createIncidentJson: - description: > - A JSON payload sent to the create case URL to create a case. You can - use variables to add case data to the payload. Required variables - are `case.title` and `case.description`. Due to Mustache template - variables (which is the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid to avoid future validation errors; disregard Mustache - variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - createIncidentMethod: - default: post - description: > - The REST API HTTP request method to create a case in the third-party - system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createIncidentResponseKey: - description: >- - The JSON key in the create external case response that contains the - case ID. - type: string - createIncidentUrl: - description: > - The REST API URL to create a case in the third-party system. If you - are using the `xpack.actions.allowedHosts` setting, add the hostname - to the allowed hosts. - type: string - getIncidentResponseExternalTitleKey: - description: >- - The JSON key in get external case response that contains the case - title. - type: string - getIncidentUrl: - description: > - The REST API URL to get the case by ID from the third-party system. - If you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. You can use a variable to add the - external system ID to the URL. Due to Mustache template variables - (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid, disregarding the Mustache variables, so the later validation - will pass. - example: 'https://example.com/issue/{{{external.system.id}}}' - type: string - hasAuth: - default: true - description: >- - If true, a username and password for login type authentication must - be provided. - type: boolean - headers: - description: > - A set of key-value pairs sent as headers with the request URLs for - the create case, update case, get case, and create comment methods. - type: string - updateIncidentJson: - description: > - The JSON payload sent to the update case URL to update the case. You - can use variables to add Kibana Cases data to the payload. Required - variables are `case.title` and `case.description`. Due to Mustache - template variables (which is the text enclosed in triple braces, for - example, `{{{case.title}}}`), the JSON is not validated when you - create the connector. The JSON is validated after the Mustache - variables have been placed when REST method runs. Manually ensure - that the JSON is valid to avoid future validation errors; disregard - Mustache variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - updateIncidentMethod: - default: put - description: > - The REST API HTTP request method to update the case in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - updateIncidentUrl: - description: > - The REST API URL to update the case by ID in the third-party system. - You can use a variable to add the external system ID to the URL. If - you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.ID}}}' - type: string - viewIncidentUrl: - description: > - The URL to view the case in the external system. You can use - variables to add the external system ID or external system title to - the URL. - example: >- - https://testing-jira.atlassian.net/browse/{{{external.system.title}}} - type: string - required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - title: Connector request properties for Webhook - Case Management connector - Connectors_config_properties_d3security: - description: Defines properties for connectors when type is `.d3security`. - properties: - url: - description: > - The D3 Security API request URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a D3 Security connector - type: object - Connectors_config_properties_email: - description: Defines properties for connectors when type is `.email`. - type: object - properties: - clientId: - description: > - The client identifier, which is a part of OAuth 2.0 client - credentials authentication, in GUID format. If `service` is - `exchange_server`, this property is required. - nullable: true - type: string - from: - description: > - The from address for all emails sent by the connector. It must be - specified in `user@host-name` format. - type: string - hasAuth: - default: true - description: > - Specifies whether a user and password are required inside the - secrets configuration. - type: boolean - host: - description: > - The host name of the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: string - oauthTokenUrl: - nullable: true - type: string - port: - description: > - The port to connect to on the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: > - Specifies whether the connection to the service provider will use - TLS. If the `service` is `elastic_cloud` (for Elastic Cloud - notifications) or one of Nodemailer's well-known email service - providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. - enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - type: string - tenantId: - description: > - The tenant identifier, which is part of OAuth 2.0 client credentials - authentication, in GUID format. If `service` is `exchange_server`, - this property is required. - nullable: true - type: string - required: - - from - title: Connector request properties for an email connector - Connectors_config_properties_gemini: - description: Defines properties for connectors when type is `.gemini`. - properties: - apiUrl: - description: The Google Gemini request URL. - type: string - defaultModel: - default: gemini-1.5-pro-001 - description: >- - The generative artificial intelligence model for Google Gemini to - use. - type: string - gcpProjectID: - description: The Google ProjectID that has Vertex AI endpoint enabled. - type: string - gcpRegion: - description: The GCP region where the Vertex AI endpoint enabled. - type: string - required: - - apiUrl - - gcpRegion - - gcpProjectID - title: Connector request properties for an Google Gemini connector - type: object - Connectors_config_properties_genai: - description: Defines properties for connectors when type is `.gen-ai`. - discriminator: - mapping: - Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' - OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' - propertyName: apiProvider - oneOf: - - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' - - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' - title: Connector request properties for an OpenAI connector - Connectors_config_properties_genai_azure: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `Azure OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - Azure OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - required: - - apiProvider - - apiUrl - title: >- - Connector request properties for an OpenAI connector that uses Azure - OpenAI - type: object - Connectors_config_properties_genai_openai: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - defaultModel: - description: The default model to use for requests. - type: string - required: - - apiProvider - - apiUrl - title: Connector request properties for an OpenAI connector - type: object - Connectors_config_properties_index: - description: Defines properties for connectors when type is `.index`. - type: object - properties: - executionTimeField: - default: null - description: A field that indicates when the document was indexed. - nullable: true - type: string - index: - description: The Elasticsearch index to be written to. - type: string - refresh: - default: false - description: > - The refresh policy for the write request, which affects when changes - are made visible to search. Refer to the refresh setting for - Elasticsearch document APIs. - type: boolean - required: - - index - title: Connector request properties for an index connector - Connectors_config_properties_jira: - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - apiUrl: - description: The Jira instance URL. - type: string - projectKey: - description: The Jira project key. - type: string - required: - - apiUrl - - projectKey - title: Connector request properties for a Jira connector - Connectors_config_properties_opsgenie: - description: Defines properties for connectors when type is `.opsgenie`. - type: object - properties: - apiUrl: - description: > - The Opsgenie URL. For example, `https://api.opsgenie.com` or - `https://api.eu.opsgenie.com`. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - apiUrl - title: Connector request properties for an Opsgenie connector - Connectors_config_properties_pagerduty: - description: Defines properties for connectors when type is `.pagerduty`. - properties: - apiUrl: - description: The PagerDuty event URL. - example: 'https://events.pagerduty.com/v2/enqueue' - nullable: true - type: string - title: Connector request properties for a PagerDuty connector - type: object - Connectors_config_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - apiUrl: - description: The IBM Resilient instance URL. - type: string - orgId: - description: The IBM Resilient organization ID. - type: string - required: - - apiUrl - - orgId - title: Connector request properties for a IBM Resilient connector - Connectors_config_properties_sentinelone: - description: Defines properties for connectors when type is `.sentinelone`. - type: object - properties: - url: - description: > - The SentinelOne tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a SentinelOne connector - Connectors_config_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - usesTableApi: - default: true - description: > - Determines whether the connector uses the Table API or the Import - Set API. This property is supported only for ServiceNow ITSM and - ServiceNow SecOps connectors. NOTE: If this property is set to - `false`, the Elastic application should be installed in ServiceNow. - type: boolean - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_servicenow_itom: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_slack_api: - description: Defines properties for connectors when type is `.slack_api`. - properties: - allowedChannels: - description: A list of valid Slack channels. - items: - maxItems: 25 - type: object - properties: - id: - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - type: string - name: - description: The Slack channel name. - minLength: 1 - type: string - required: - - id - - name - type: array - title: Connector request properties for a Slack connector - type: object - Connectors_config_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - apiUrl: - description: The Swimlane instance URL. - type: string - appId: - description: The Swimlane application ID. - type: string - connectorType: - description: >- - The type of connector. Valid values are `all`, `alerts`, and - `cases`. - enum: - - all - - alerts - - cases - type: string - mappings: - description: The field mapping. - properties: - alertIdConfig: - description: Mapping for the alert ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Alert identifier mapping - type: object - caseIdConfig: - description: Mapping for the case ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case identifier mapping - type: object - caseNameConfig: - description: Mapping for the case name. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case name mapping - type: object - commentsConfig: - description: Mapping for the case comments. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case comment mapping - type: object - descriptionConfig: - description: Mapping for the case description. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case description mapping - type: object - ruleNameConfig: - description: Mapping for the name of the alert's rule. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Rule name mapping - type: object - severityConfig: - description: Mapping for the severity. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Severity mapping - type: object - title: Connector mappings properties for a Swimlane connector - type: object - required: - - apiUrl - - appId - - connectorType - title: Connector request properties for a Swimlane connector - Connectors_config_properties_tines: - description: Defines properties for connectors when type is `.tines`. - properties: - url: - description: > - The Tines tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, make sure this hostname is - added to the allowed hosts. - type: string - required: - - url - title: Connector request properties for a Tines connector - type: object - Connectors_config_properties_torq: - description: Defines properties for connectors when type is `.torq`. - properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. - type: string - required: - - webhookIntegrationUrl - title: Connector request properties for a Torq connector - type: object - Connectors_config_properties_webhook: - description: Defines properties for connectors when type is `.webhook`. - properties: - authType: - description: | - The type of authentication to use: basic, SSL, or none. - enum: - - webhook-authentication-basic - - webhook-authentication-ssl - nullable: true - type: string - ca: - description: > - A base64 encoded version of the certificate authority file that the - connector can trust to sign and validate certificates. This option - is available for all authentication types. - type: string - certType: - description: > - If the `authType` is `webhook-authentication-ssl`, specifies whether - the certificate authentication data is in a CRT and key file format - or a PFX file format. - enum: - - ssl-crt-key - - ssl-pfx - type: string - hasAuth: - description: > - If `true`, a user name and password must be provided for login type - authentication. - type: boolean - headers: - description: A set of key-value pairs sent as headers with the request. - nullable: true - type: object - method: - default: post - description: | - The HTTP request method, either `post` or `put`. - enum: - - post - - put - type: string - url: - description: > - The request URL. If you are using the `xpack.actions.allowedHosts` - setting, add the hostname to the allowed hosts. - type: string - verificationMode: - default: full - description: > - Controls the verification of certificates. Use `full` to validate - that the certificate has an issue date within the `not_before` and - `not_after` dates, chains to a trusted certificate authority (CA), - and has a hostname or IP address that matches the names within the - certificate. Use `certificate` to validate the certificate and - verify that it is signed by a trusted authority; this option does - not check the certificate hostname. Use `none` to skip certificate - validation. - enum: - - certificate - - full - - none - type: string - title: Connector request properties for a Webhook connector - type: object - Connectors_config_properties_xmatters: - description: Defines properties for connectors when type is `.xmatters`. - properties: - configUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters. It is - applicable only when `usesBasic` is `true`. - nullable: true - type: string - usesBasic: - default: true - description: >- - Specifies whether the connector uses HTTP basic authentication - (`true`) or URL authentication (`false`). - type: boolean - title: Connector request properties for an xMatters connector - type: object - Connectors_connector_response_properties: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - .cases-webhook: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - .d3security: >- - #/components/schemas/Connectors_connector_response_properties_d3security - .email: '#/components/schemas/Connectors_connector_response_properties_email' - .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' - .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' - .index: '#/components/schemas/Connectors_connector_response_properties_index' - .jira: '#/components/schemas/Connectors_connector_response_properties_jira' - .opsgenie: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - .pagerduty: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - .resilient: >- - #/components/schemas/Connectors_connector_response_properties_resilient - .sentinelone: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - .server-log: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - .servicenow: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - .servicenow-itom: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - .slack: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - .slack_api: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - .swimlane: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - .teams: '#/components/schemas/Connectors_connector_response_properties_teams' - .tines: '#/components/schemas/Connectors_connector_response_properties_tines' - .torq: '#/components/schemas/Connectors_connector_response_properties_torq' - .webhook: >- - #/components/schemas/Connectors_connector_response_properties_webhook - .xmatters: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - propertyName: connector_type_id - oneOf: - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_d3security - - $ref: '#/components/schemas/Connectors_connector_response_properties_email' - - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' - - $ref: '#/components/schemas/Connectors_connector_response_properties_index' - - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_resilient - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' - - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' - - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - title: Connector response properties - Connectors_connector_response_properties_bedrock: - title: Connector response properties for an Amazon Bedrock connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - required: - - config - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_cases_webhook: - title: Connector request properties for a Webhook - Case Management connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_d3security: - title: Connector response properties for a D3 Security connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_email: - title: Connector response properties for an email connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_gemini: - title: Connector response properties for a Google Gemini connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_genai: - title: Connector response properties for an OpenAI connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_index: - title: Connector response properties for an index connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_jira: - title: Connector response properties for a Jira connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_opsgenie: - title: Connector response properties for an Opsgenie connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_pagerduty: - title: Connector response properties for a PagerDuty connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_resilient: - title: Connector response properties for a IBM Resilient connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_sentinelone: - title: Connector response properties for a SentinelOne connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_serverlog: - title: Connector response properties for a server log connector - type: object - properties: - config: - nullable: true - type: object - connector_type_id: - description: The type of connector. - enum: - - .server-log - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow: - title: Connector response properties for a ServiceNow ITSM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_itom: - title: Connector response properties for a ServiceNow ITOM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_sir: - title: Connector response properties for a ServiceNow SecOps connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_api: - title: Connector response properties for a Slack connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_webhook: - title: Connector response properties for a Slack connector - type: object - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_swimlane: - title: Connector response properties for a Swimlane connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_teams: - title: Connector response properties for a Microsoft Teams connector - type: object - properties: - config: - type: object - connector_type_id: - description: The type of connector. - enum: - - .teams - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_tines: - title: Connector response properties for a Tines connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_torq: - title: Connector response properties for a Torq connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_webhook: - title: Connector response properties for a Webhook connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_xmatters: - title: Connector response properties for an xMatters connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_types: - description: >- - The type of connector. For example, `.email`, `.index`, `.jira`, - `.opsgenie`, or `.server-log`. - enum: - - .bedrock - - .gemini - - .cases-webhook - - .d3security - - .email - - .gen-ai - - .index - - .jira - - .opsgenie - - .pagerduty - - .resilient - - .sentinelone - - .servicenow - - .servicenow-itom - - .servicenow-sir - - .server-log - - .slack - - .slack_api - - .swimlane - - .teams - - .tines - - .torq - - .webhook - - .xmatters - example: .server-log - title: Connector types - type: string - Connectors_create_connector_request: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' - .cases-webhook: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' - .email: '#/components/schemas/Connectors_create_connector_request_email' - .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' - .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' - .index: '#/components/schemas/Connectors_create_connector_request_index' - .jira: '#/components/schemas/Connectors_create_connector_request_jira' - .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' - .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' - .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' - .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' - .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' - .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' - .servicenow-itom: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - .slack: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' - .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' - .teams: '#/components/schemas/Connectors_create_connector_request_teams' - .tines: '#/components/schemas/Connectors_create_connector_request_tines' - .torq: '#/components/schemas/Connectors_create_connector_request_torq' - .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' - .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' - propertyName: connector_type_id - oneOf: - - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_create_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_create_connector_request_index' - - $ref: '#/components/schemas/Connectors_create_connector_request_jira' - - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_create_connector_request_teams' - - $ref: '#/components/schemas/Connectors_create_connector_request_tines' - - $ref: '#/components/schemas/Connectors_create_connector_request_torq' - - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' - title: Create connector request body properties - Connectors_create_connector_request_bedrock: - description: >- - The Amazon Bedrock connector uses axios to send a POST request to Amazon - Bedrock. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - example: .bedrock - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - connector_type_id - - name - - secrets - title: Create Amazon Bedrock connector request - type: object - Connectors_create_connector_request_cases_webhook: - description: > - The Webhook - Case Management connector uses axios to send POST, PUT, - and GET requests to a case management RESTful API web service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - connector_type_id - - name - title: Create Webhook - Case Managment connector request - type: object - Connectors_create_connector_request_d3security: - description: > - The connector uses axios to send a POST request to a D3 Security - endpoint. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - example: .d3security - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - connector_type_id - - name - - secrets - title: Create D3 Security connector request - type: object - Connectors_create_connector_request_email: - description: > - The email connector uses the SMTP protocol to send mail messages, using - an integration of Nodemailer. An exception is Microsoft Exchange, which - uses HTTP protocol for sending emails, Send mail. Email message text is - sent as both plain text and html text. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - example: .email - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - connector_type_id - - name - - secrets - title: Create email connector request - type: object - Connectors_create_connector_request_gemini: - description: >- - The Google Gemini connector uses axios to send a POST request to Google - Gemini. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - example: .gemini - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - connector_type_id - - name - - secrets - title: Create Google Gemini connector request - type: object - Connectors_create_connector_request_genai: - description: > - The OpenAI connector uses axios to send a POST request to either OpenAI - or Azure OpenAPI. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - example: .gen-ai - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_genai' - required: - - config - - connector_type_id - - name - - secrets - title: Create OpenAI connector request - type: object - Connectors_create_connector_request_index: - description: The index connector indexes a document into Elasticsearch. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - example: .index - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - config - - connector_type_id - - name - title: Create index connector request - type: object - Connectors_create_connector_request_jira: - description: The Jira connector uses the REST API v2 to create Jira issues. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - example: .jira - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - connector_type_id - - name - - secrets - title: Create Jira connector request - type: object - Connectors_create_connector_request_opsgenie: - description: The Opsgenie connector uses the Opsgenie alert API. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - example: .opsgenie - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - connector_type_id - - name - - secrets - title: Create Opsgenie connector request - type: object - Connectors_create_connector_request_pagerduty: - description: > - The PagerDuty connector uses the v2 Events API to trigger, acknowledge, - and resolve PagerDuty alerts. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - example: .pagerduty - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - connector_type_id - - name - - secrets - title: Create PagerDuty connector request - type: object - Connectors_create_connector_request_resilient: - description: >- - The IBM Resilient connector uses the RESILIENT REST v2 to create IBM - Resilient incidents. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - connector_type_id - - name - - secrets - title: Create IBM Resilient connector request - type: object - Connectors_create_connector_request_sentinelone: - description: > - The SentinelOne connector communicates with SentinelOne Management - Console via REST API. This functionality is in technical preview and may - be changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Create SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - example: .sentinelone - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - connector_type_id - - name - - secrets - x-technical-preview: true - Connectors_create_connector_request_serverlog: - description: This connector writes an entry to the Kibana server log. - properties: - connector_type_id: - description: The type of connector. - enum: - - .server-log - example: .server-log - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - connector_type_id - - name - title: Create server log connector request - type: object - Connectors_create_connector_request_servicenow: - description: > - The ServiceNow ITSM connector uses the import set API to create - ServiceNow incidents. You can use the connector for rule actions and - cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - example: .servicenow - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITSM connector request - type: object - Connectors_create_connector_request_servicenow_itom: - description: > - The ServiceNow ITOM connector uses the event API to create ServiceNow - events. You can use the connector for rule actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - example: .servicenow-itom - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITOM connector request - type: object - Connectors_create_connector_request_servicenow_sir: - description: > - The ServiceNow SecOps connector uses the import set API to create - ServiceNow security incidents. You can use the connector for rule - actions and cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow SecOps connector request - type: object - Connectors_create_connector_request_slack_api: - description: The Slack connector uses an API method to send Slack messages. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - example: .slack_api - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_slack_webhook: - description: The Slack connector uses Slack Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - example: .slack - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_swimlane: - description: >- - The Swimlane connector uses the Swimlane REST API to create Swimlane - records. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - connector_type_id - - name - - secrets - title: Create Swimlane connector request - type: object - Connectors_create_connector_request_teams: - description: The Microsoft Teams connector uses Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .teams - example: .teams - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - connector_type_id - - name - - secrets - title: Create Microsoft Teams connector request - type: object - Connectors_create_connector_request_tines: - description: > - The Tines connector uses Tines Webhook actions to send events via POST - request. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - example: .tines - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - connector_type_id - - name - - secrets - title: Create Tines connector request - type: object - Connectors_create_connector_request_torq: - description: > - The Torq connector uses a Torq webhook to trigger workflows with Kibana - actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - example: .torq - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - connector_type_id - - name - - secrets - title: Create Torq connector request - type: object - Connectors_create_connector_request_webhook: - description: > - The Webhook connector uses axios to send a POST or PUT request to a web - service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - example: .webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - connector_type_id - - name - - secrets - title: Create Webhook connector request - type: object - Connectors_create_connector_request_xmatters: - description: > - The xMatters connector uses the xMatters Workflow for Elastic to send - actionable alerts to on-call xMatters resources. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - example: .xmatters - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - required: - - config - - connector_type_id - - name - - secrets - title: Create xMatters connector request - type: object - Connectors_features: - description: | - The feature that uses the connector. - enum: - - alerting - - cases - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - siem - - uptime - type: string - Connectors_is_deprecated: - description: Indicates whether the connector type is deprecated. - example: false - type: boolean - Connectors_is_missing_secrets: - description: >- - Indicates whether secrets are missing for the connector. Secrets - configuration properties vary depending on the connector type. - example: false - type: boolean - Connectors_is_preconfigured: - description: > - Indicates whether it is a preconfigured connector. If true, the `config` - and `is_missing_secrets` properties are omitted from the response. - example: false - type: boolean - Connectors_is_system_action: - description: Indicates whether the connector is used for system actions. - example: false - type: boolean - Connectors_referenced_by_count: - description: > - Indicates the number of saved objects that reference the connector. If - `is_preconfigured` is true, this value is not calculated. This property - is returned only by the get all connectors API. - example: 2 - type: integer - Connectors_run_connector_params_acknowledge_resolve_pagerduty: - description: Test an action that acknowledges or resolves a PagerDuty alert. - properties: - dedupKey: - description: The deduplication key for the PagerDuty alert. - maxLength: 255 - type: string - eventAction: - description: The type of event. - enum: - - acknowledge - - resolve - type: string - required: - - dedupKey - - eventAction - title: PagerDuty connector parameters - type: object - Connectors_run_connector_params_documents: - description: Test an action that indexes a document into Elasticsearch. - properties: - documents: - description: The documents in JSON format for index connectors. - items: - additionalProperties: true - type: object - type: array - required: - - documents - title: Index connector parameters - type: object - Connectors_run_connector_params_message_email: - anyOf: - - required: - - bcc - - message - - subject - - required: - - cc - - message - - subject - - required: - - to - - message - - subject - description: > - Test an action that sends an email message. There must be at least one - recipient in `to`, `cc`, or `bcc`. - properties: - bcc: - description: > - A list of "blind carbon copy" email addresses. Addresses can be - specified in `user@host-name` format or in name `` - format - items: - type: string - type: array - cc: - description: > - A list of "carbon copy" email addresses. Addresses can be specified - in `user@host-name` format or in name `` format - items: - type: string - type: array - message: - description: The email message text. Markdown format is supported. - type: string - subject: - description: The subject line of the email. - type: string - to: - description: > - A list of email addresses. Addresses can be specified in - `user@host-name` format or in name `` format. - items: - type: string - type: array - title: Email connector parameters - type: object - Connectors_run_connector_params_message_serverlog: - description: Test an action that writes an entry to the Kibana server log. - properties: - level: - default: info - description: The log level of the message for server log connectors. - enum: - - debug - - error - - fatal - - info - - trace - - warn - type: string - message: - description: The message for server log connectors. - type: string - required: - - message - title: Server log connector parameters - type: object - Connectors_run_connector_params_message_slack: - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack`. - properties: - message: - description: >- - The Slack message text, which cannot contain Markdown, images, or - other advanced formatting. - type: string - required: - - message - title: Slack connector parameters - type: object - Connectors_run_connector_params_trigger_pagerduty: - description: Test an action that triggers a PagerDuty alert. - properties: - class: - description: The class or type of the event. - example: cpu load - type: string - component: - description: >- - The component of the source machine that is responsible for the - event. - example: eth0 - type: string - customDetails: - description: Additional details to add to the event. - type: object - dedupKey: - description: > - All actions sharing this key will be associated with the same - PagerDuty alert. This value is used to correlate trigger and - resolution. - maxLength: 255 - type: string - eventAction: - description: The type of event. - enum: - - trigger - type: string - group: - description: The logical grouping of components of a service. - example: app-stack - type: string - links: - description: A list of links to add to the event. - items: - type: object - properties: - href: - description: The URL for the link. - type: string - text: - description: A plain text description of the purpose of the link. - type: string - type: array - severity: - default: info - description: The severity of the event on the affected system. - enum: - - critical - - error - - info - - warning - type: string - source: - description: > - The affected system, such as a hostname or fully qualified domain - name. Defaults to the Kibana saved object id of the action. - type: string - summary: - description: A summery of the event. - maxLength: 1024 - type: string - timestamp: - description: >- - An ISO-8601 timestamp that indicates when the event was detected or - generated. - format: date-time - type: string - required: - - eventAction - title: PagerDuty connector parameters - type: object - Connectors_run_connector_request: - description: The properties vary depending on the connector type. - properties: - params: - oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_params_acknowledge_resolve_pagerduty - - $ref: '#/components/schemas/Connectors_run_connector_params_documents' - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_email - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_serverlog - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_slack - - $ref: >- - #/components/schemas/Connectors_run_connector_params_trigger_pagerduty - - description: Test an action that involves a subaction. - discriminator: - mapping: - addEvent: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - closeAlert: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - closeIncident: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - createAlert: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - fieldsByIssueType: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - getChoices: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - getFields: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - getIncident: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - issue: >- - #/components/schemas/Connectors_run_connector_subaction_issue - issues: >- - #/components/schemas/Connectors_run_connector_subaction_issues - issueTypes: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - pushToService: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - propertyName: subAction - oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issue - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issues - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_postmessage - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_validchannelid - title: Subaction parameters - required: - - params - title: Run connector request body properties - type: object - Connectors_run_connector_subaction_addevent: - description: The `addEvent` subaction for ServiceNow ITOM connectors. - title: The addEvent subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - addEvent - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - additional_info: - description: Additional information about the event. - type: string - description: - description: The details about the event. - type: string - event_class: - description: A specific instance of the source. - type: string - message_key: - description: >- - All actions sharing this key are associated with the same - ServiceNow alert. The default value is `:`. - type: string - metric_name: - description: The name of the metric. - type: string - node: - description: The host that the event was triggered for. - type: string - resource: - description: The name of the resource. - type: string - severity: - description: The severity of the event. - type: string - source: - description: The name of the event source type. - type: string - time_of_event: - description: The time of the event. - type: string - type: - description: The type of event. - type: string - required: - - subAction - Connectors_run_connector_subaction_closealert: - description: The `closeAlert` subaction for Opsgenie connectors. - title: The closeAlert subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - closeAlert - type: string - subActionParams: - type: object - properties: - alias: - description: >- - The unique identifier used for alert deduplication in Opsgenie. - The alias must match the value used when creating the alert. - type: string - note: - description: Additional information for the alert. - type: string - source: - description: The display name for the source of the alert. - type: string - user: - description: The display name for the owner. - type: string - required: - - alias - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_closeincident: - description: The `closeIncident` subaction for ServiceNow ITSM connectors. - title: The closeIncident subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - closeIncident - type: string - subActionParams: - type: object - properties: - incident: - anyOf: - - required: - - correlation_id - - required: - - externalId - type: object - properties: - correlation_id: - default: '{{rule.id}}:{{alert.id}}' - description: > - An identifier that is assigned to the incident when it is - created by the connector. NOTE: If you use the default value - and the rule generates multiple alerts that use the same - alert IDs, the latest open incident for this correlation ID - is closed unless you specify the external ID. - maxLength: 100 - nullable: true - type: string - externalId: - description: >- - The unique identifier (`incidentId`) for the incident in - ServiceNow. - nullable: true - type: string - required: - - incident - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_createalert: - description: The `createAlert` subaction for Opsgenie connectors. - title: The createAlert subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - createAlert - type: string - subActionParams: - type: object - properties: - actions: - description: The custom actions available to the alert. - items: - type: string - type: array - alias: - description: The unique identifier used for alert deduplication in Opsgenie. - type: string - description: - description: >- - A description that provides detailed information about the - alert. - type: string - details: - additionalProperties: true - description: The custom properties of the alert. - example: - key1: value1 - key2: value2 - type: object - entity: - description: >- - The domain of the alert. For example, the application or server - name. - type: string - message: - description: The alert message. - type: string - note: - description: Additional information for the alert. - type: string - priority: - description: The priority level for the alert. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 - type: string - responders: - description: > - The entities to receive notifications about the alert. If `type` - is `user`, either `id` or `username` is required. If `type` is - `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - description: The identifier for the entity. - type: string - name: - description: The name of the entity. - type: string - type: - description: 'The type of responders, in this case `escalation`.' - enum: - - escalation - - schedule - - team - - user - type: string - username: - description: A valid email address for the user. - type: string - type: array - source: - description: The display name for the source of the alert. - type: string - tags: - description: The tags for the alert. - items: - type: string - type: array - user: - description: The display name for the owner. - type: string - visibleTo: - description: >- - The teams and users that the alert will be visible to without - sending a notification. Only one of `id`, `name`, or `username` - is required. - items: - type: object - properties: - id: - description: The identifier for the entity. - type: string - name: - description: The name of the entity. - type: string - type: - description: Valid values are `team` and `user`. - enum: - - team - - user - type: string - username: - description: >- - The user name. This property is required only when the - `type` is `user`. - type: string - required: - - type - type: array - required: - - message - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_fieldsbyissuetype: - description: The `fieldsByIssueType` subaction for Jira connectors. - title: The fieldsByIssueType subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - fieldsByIssueType - type: string - subActionParams: - type: object - properties: - id: - description: The Jira issue type identifier. - example: 10024 - type: string - required: - - id - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_getchoices: - description: >- - The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors. - title: The getChoices subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - getChoices - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - fields: - description: An array of fields. - items: - type: string - type: array - required: - - fields - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_getfields: - description: >- - The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. - title: The getFields subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - getFields - type: string - required: - - subAction - Connectors_run_connector_subaction_getincident: - description: >- - The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. - properties: - subAction: - description: The action to test. - enum: - - getIncident - type: string - subActionParams: - type: object - properties: - externalId: - description: >- - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. - example: 71778 - type: string - required: - - externalId - required: - - subAction - - subActionParams - title: The getIncident subaction - type: object - Connectors_run_connector_subaction_issue: - description: The `issue` subaction for Jira connectors. - title: The issue subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - issue - type: string - subActionParams: - type: object - properties: - id: - description: The Jira issue identifier. - example: 71778 - type: string - required: - - id - required: - - subAction - Connectors_run_connector_subaction_issues: - description: The `issues` subaction for Jira connectors. - title: The issues subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - issues - type: string - subActionParams: - type: object - properties: - title: - description: The title of the Jira issue. - type: string - required: - - title - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_issuetypes: - description: The `issueTypes` subaction for Jira connectors. - title: The issueTypes subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - issueTypes - type: string - required: - - subAction - Connectors_run_connector_subaction_postmessage: - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack_api`. - properties: - subAction: - description: The action to test. - enum: - - postMessage - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - channelIds: - description: > - The Slack channel identifier, which must be one of the - `allowedChannels` in the connector configuration. - items: - type: string - maxItems: 1 - type: array - channels: - deprecated: true - description: | - The name of a channel that your Slack app has access to. - items: - type: string - maxItems: 1 - type: array - text: - description: > - The Slack message text. If it is a Slack webhook connector, the - text cannot contain Markdown, images, or other advanced - formatting. If it is a Slack web API connector, it can contain - either plain text or block kit messages. - minLength: 1 - type: string - required: - - subAction - - subActionParams - title: The postMessage subaction - type: object - Connectors_run_connector_subaction_pushtoservice: - description: >- - The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow - SecOps, Swimlane, and Webhook - Case Management connectors. - title: The pushToService subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - pushToService - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - comments: - description: >- - Additional information that is sent to Jira, ServiceNow ITSM, - ServiceNow SecOps, or Swimlane. - items: - type: object - properties: - comment: - description: >- - A comment related to the incident. For example, describe - how to troubleshoot the issue. - type: string - commentId: - description: A unique identifier for the comment. - type: integer - type: array - incident: - description: >- - Information necessary to create or update a Jira, ServiceNow - ITSM, ServiveNow SecOps, or Swimlane incident. - type: object - properties: - alertId: - description: The alert identifier for Swimlane connectors. - type: string - caseId: - description: >- - The case identifier for the incident for Swimlane - connectors. - type: string - caseName: - description: The case name for the incident for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - correlation_display: - description: >- - A descriptive label of the alert for correlation purposes - for ServiceNow ITSM and ServiceNow SecOps connectors. - type: string - correlation_id: - description: > - The correlation identifier for the security incident for - ServiceNow ITSM and ServiveNow SecOps connectors. Connectors - using the same correlation ID are associated with the same - ServiceNow incident. This value determines whether a new - ServiceNow incident is created or an existing one is - updated. Modifying this value is optional; if not modified, - the rule ID and alert ID are combined as `{{ruleID}}:{{alert - ID}}` to form the correlation ID value in ServiceNow. The - maximum character length for this value is 100 characters. - NOTE: Using the default configuration of `{{ruleID}}:{{alert - ID}}` ensures that ServiceNow creates a separate incident - record for every generated alert that uses a unique alert - ID. If the rule generates multiple alerts that use the same - alert IDs, ServiceNow creates and continually updates a - single incident record for the alert. - type: string - description: - description: >- - The description of the incident for Jira, ServiceNow ITSM, - ServiceNow SecOps, Swimlane, and Webhook - Case Management - connectors. - type: string - dest_ip: - description: > - A list of destination IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - externalId: - description: > - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. If present, the incident is updated. Otherwise, - a new incident is created. - type: string - id: - description: >- - The external case identifier for Webhook - Case Management - connectors. - type: string - impact: - description: The impact of the incident for ServiceNow ITSM connectors. - type: string - issueType: - description: >- - The type of incident for Jira connectors. For example, - 10006. To obtain the list of valid values, set `subAction` - to `issueTypes`. - type: integer - labels: - description: > - The labels for the incident for Jira connectors. NOTE: - Labels cannot contain spaces. - items: - type: string - type: array - malware_hash: - description: >- - A list of malware hashes related to the security incident - for ServiceNow SecOps connectors. The hashes are added as - observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - malware_url: - description: >- - A list of malware URLs related to the security incident for - ServiceNow SecOps connectors. The URLs are added as - observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - type: string - otherFields: - additionalProperties: true - description: > - Custom field identifiers and their values for Jira - connectors. - maxProperties: 20 - type: object - parent: - description: >- - The ID or key of the parent issue for Jira connectors. - Applies only to `Sub-task` types of issues. - type: string - priority: - description: >- - The priority of the incident in Jira and ServiceNow SecOps - connectors. - type: string - ruleName: - description: The rule name for Swimlane connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM and - Swimlane connectors. - type: string - short_description: - description: > - A short description of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. It is used for searching the - contents of the knowledge base. - type: string - source_ip: - description: >- - A list of source IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - status: - description: >- - The status of the incident for Webhook - Case Management - connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - summary: - description: A summary of the incident for Jira connectors. - type: string - tags: - description: A list of tags for Webhook - Case Management connectors. - items: - type: string - type: array - title: - description: > - A title for the incident for Jira and Webhook - Case - Management connectors. It is used for searching the contents - of the knowledge base. - type: string - urgency: - description: The urgency of the incident for ServiceNow ITSM connectors. - type: string - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_validchannelid: - description: > - Retrieves information about a valid Slack channel identifier. It is - applicable only when the connector type is `.slack_api`. - properties: - subAction: - description: The action to test. - enum: - - validChannelId - type: string - subActionParams: - type: object - properties: - channelId: - description: The Slack channel identifier. - example: C123ABC456 - type: string - required: - - channelId - required: - - subAction - - subActionParams - title: The validChannelId subaction - type: object - Connectors_secrets_properties_bedrock: - description: Defines secrets for connectors when type is `.bedrock`. - properties: - accessKey: - description: The AWS access key for authentication. - type: string - secret: - description: The AWS secret for authentication. - type: string - required: - - accessKey - - secret - title: Connector secrets properties for an Amazon Bedrock connector - type: object - Connectors_secrets_properties_cases_webhook: - title: Connector secrets properties for Webhook - Case Management connector - type: object - properties: - password: - description: >- - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - user: - description: >- - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - Connectors_secrets_properties_d3security: - description: Defines secrets for connectors when type is `.d3security`. - type: object - properties: - token: - description: The D3 Security token. - type: string - required: - - token - title: Connector secrets properties for a D3 Security connector - Connectors_secrets_properties_email: - description: Defines secrets for connectors when type is `.email`. - properties: - clientSecret: - description: > - The Microsoft Exchange Client secret for OAuth 2.0 client - credentials authentication. It must be URL-encoded. If `service` is - `exchange_server`, this property is required. - type: string - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - title: Connector secrets properties for an email connector - type: object - Connectors_secrets_properties_gemini: - description: Defines secrets for connectors when type is `.gemini`. - properties: - credentialsJSON: - description: >- - The service account credentials JSON file. The service account - should have Vertex AI user IAM role assigned to it. - type: string - required: - - credentialsJSON - title: Connector secrets properties for a Google Gemini connector - type: object - Connectors_secrets_properties_genai: - description: Defines secrets for connectors when type is `.gen-ai`. - properties: - apiKey: - description: The OpenAI API key. - type: string - title: Connector secrets properties for an OpenAI connector - type: object - Connectors_secrets_properties_jira: - description: Defines secrets for connectors when type is `.jira`. - type: object - properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. - type: string - email: - description: The account email for HTTP Basic authentication. - type: string - required: - - apiToken - - email - title: Connector secrets properties for a Jira connector - Connectors_secrets_properties_opsgenie: - description: Defines secrets for connectors when type is `.opsgenie`. - type: object - properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. - type: string - required: - - apiKey - title: Connector secrets properties for an Opsgenie connector - Connectors_secrets_properties_pagerduty: - description: Defines secrets for connectors when type is `.pagerduty`. - properties: - routingKey: - description: > - A 32 character PagerDuty Integration Key for an integration on a - service. - type: string - required: - - routingKey - title: Connector secrets properties for a PagerDuty connector - type: object - Connectors_secrets_properties_resilient: - description: Defines secrets for connectors when type is `.resilient`. - type: object - properties: - apiKeyId: - description: The authentication key ID for HTTP Basic authentication. - type: string - apiKeySecret: - description: The authentication key secret for HTTP Basic authentication. - type: string - required: - - apiKeyId - - apiKeySecret - title: Connector secrets properties for IBM Resilient connector - Connectors_secrets_properties_sentinelone: - description: Defines secrets for connectors when type is `.sentinelone`. - properties: - token: - description: The A SentinelOne API token. - type: string - required: - - token - title: Connector secrets properties for a SentinelOne connector - type: object - Connectors_secrets_properties_servicenow: - description: >- - Defines secrets for connectors when type is `.servicenow`, - `.servicenow-sir`, or `.servicenow-itom`. - properties: - clientSecret: - description: >- - The client secret assigned to your OAuth application. This property - is required when `isOAuth` is `true`. - type: string - password: - description: >- - The password for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - privateKey: - description: >- - The RSA private key that you created for use in ServiceNow. This - property is required when `isOAuth` is `true`. - type: string - privateKeyPassword: - description: >- - The password for the RSA private key. This property is required when - `isOAuth` is `true` and you set a password on your private key. - type: string - username: - description: >- - The username for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - title: >- - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors - type: object - Connectors_secrets_properties_slack_api: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - token: - description: Slack bot user OAuth token. - type: string - required: - - token - title: Connector secrets properties for a Web API Slack connector - Connectors_secrets_properties_slack_webhook: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - webhookUrl: - description: Slack webhook url. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Webhook Slack connector - Connectors_secrets_properties_swimlane: - description: Defines secrets for connectors when type is `.swimlane`. - properties: - apiToken: - description: Swimlane API authentication token. - type: string - title: Connector secrets properties for a Swimlane connector - type: object - Connectors_secrets_properties_teams: - description: Defines secrets for connectors when type is `.teams`. - properties: - webhookUrl: - description: > - The URL of the incoming webhook. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Microsoft Teams connector - type: object - Connectors_secrets_properties_tines: - description: Defines secrets for connectors when type is `.tines`. - properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. - type: string - required: - - email - - token - title: Connector secrets properties for a Tines connector - type: object - Connectors_secrets_properties_torq: - description: Defines secrets for connectors when type is `.torq`. - properties: - token: - description: The secret of the webhook authentication header. - type: string - required: - - token - title: Connector secrets properties for a Torq connector - type: object - Connectors_secrets_properties_webhook: - description: Defines secrets for connectors when type is `.webhook`. - properties: - crt: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT - file. - type: string - key: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the KEY file. - type: string - password: - description: > - The password for HTTP basic authentication or the passphrase for the - SSL certificate files. If `hasAuth` is set to `true` and `authType` - is `webhook-authentication-basic`, this property is required. - type: string - pfx: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. - type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - title: Connector secrets properties for a Webhook connector - type: object - Connectors_secrets_properties_xmatters: - description: Defines secrets for connectors when type is `.xmatters`. - properties: - password: - description: > - A user name for HTTP basic authentication. It is applicable only - when `usesBasic` is `true`. - type: string - secretsUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters with the - API key included in the URL. It is applicable only when `usesBasic` - is `false`. - type: string - user: - description: > - A password for HTTP basic authentication. It is applicable only when - `usesBasic` is `true`. - type: string - title: Connector secrets properties for an xMatters connector - type: object - Connectors_update_connector_request: - description: The properties vary depending on the connector type. - oneOf: - - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_update_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_update_connector_request_index' - - $ref: '#/components/schemas/Connectors_update_connector_request_jira' - - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_servicenow_itom - - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_update_connector_request_teams' - - $ref: '#/components/schemas/Connectors_update_connector_request_tines' - - $ref: '#/components/schemas/Connectors_update_connector_request_torq' - - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' - title: Update connector request body properties - Connectors_update_connector_request_bedrock: - title: Update Amazon Bedrock connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - name - Connectors_update_connector_request_cases_webhook: - title: Update Webhook - Case Managment connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - name - Connectors_update_connector_request_d3security: - title: Update D3 Security connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - name - - secrets - Connectors_update_connector_request_email: - title: Update email connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - name - Connectors_update_connector_request_gemini: - title: Update Google Gemini connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - name - Connectors_update_connector_request_index: - title: Update index connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - name: - description: The display name for the connector. - type: string - required: - - config - - name - Connectors_update_connector_request_jira: - title: Update Jira connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - name - - secrets - Connectors_update_connector_request_opsgenie: - title: Update Opsgenie connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - name - - secrets - Connectors_update_connector_request_pagerduty: - title: Update PagerDuty connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - name - - secrets - Connectors_update_connector_request_resilient: - title: Update IBM Resilient connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - name - - secrets - Connectors_update_connector_request_sentinelone: - title: Update SentinelOne connector request - type: object - properties: + - slo +components: + examples: + Connectors_create_email_connector_request: + summary: Create an email connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - name: - description: The display name for the connector. - type: string + from: tester@example.com + hasAuth: true + host: 'https://example.com' + port: 1025 + secure: false + service: other + connector_type_id: .email + name: email-connector-1 secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - name - - secrets - Connectors_update_connector_request_serverlog: - title: Update server log connector request - type: object - properties: - name: - description: The display name for the connector. - type: string - required: - - name - Connectors_update_connector_request_servicenow: - title: Update ServiceNow ITSM connector or ServiceNow SecOps request - type: object - properties: + password: password + user: username + Connectors_create_email_connector_response: + summary: A new email connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request - type: object - properties: + clientId: null + from: tester@example.com + hasAuth: true + host: 'https://example.com' + oauthTokenUrl: null + port: 1025 + secure: false + service: other + tenantId: null + connector_type_id: .email + id: 90a82c60-478f-11ee-a343-f98a117c727f + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: email-connector-1 + Connectors_create_index_connector_request: + summary: Create an index connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_slack_api: - title: Update Slack connector request - type: object - properties: + index: test-index + connector_type_id: .index + name: my-connector + Connectors_create_index_connector_response: + summary: A new index connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - name - - secrets - Connectors_update_connector_request_slack_webhook: - title: Update Slack connector request - type: object - properties: - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - name - - secrets - Connectors_update_connector_request_swimlane: - title: Update Swimlane connector request - type: object - properties: + executionTimeField: null + index: test-index + refresh: false + connector_type_id: .index + id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-connector + Connectors_create_webhook_connector_request: + summary: Create a webhook connector with SSL authentication. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - name - - secrets - Connectors_update_connector_request_teams: - title: Update Microsoft Teams connector request - type: object - properties: - name: - description: The display name for the connector. - type: string + authType: webhook-authentication-ssl + certType: ssl-crt-key + method: post + url: 'https://example.com' + connector_type_id: .webhook + name: my-webhook-connector secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - name - - secrets - Connectors_update_connector_request_tines: - title: Update Tines connector request - type: object - properties: + crt: QmFnIEF0dH... + key: LS0tLS1CRUdJ... + password: my-passphrase + Connectors_create_webhook_connector_response: + summary: A new webhook connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - name - - secrets - Connectors_update_connector_request_torq: - title: Update Torq connector request - type: object - properties: + authType: webhook-authentication-ssl + certType: ssl-crt-key + hasAuth: true + headers: null + method: post + url: 'https://example.com' + verificationMode: full + connector_type_id: .webhook + id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-webhook-connector + Connectors_create_xmatters_connector_request: + summary: Create an xMatters connector with URL authentication. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - name: - description: The display name for the connector. - type: string + usesBasic: false + connector_type_id: .xmatters + name: my-xmatters-connector secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - name - - secrets - Connectors_update_connector_request_webhook: - title: Update Webhook connector request - type: object - properties: + secretsUrl: 'https://example.com?apiKey=xxxxx' + Connectors_create_xmatters_connector_response: + summary: A new xMatters connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - name - - secrets - Connectors_update_connector_request_xmatters: - title: Update xMatters connector request - type: object - properties: + configUrl: null + usesBasic: false + connector_type_id: .xmatters + id: 4d2d8da0-4d1f-11ee-9367-577408be4681 + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-xmatters-connector + Connectors_get_connector_response: + summary: Get connector details. + value: + config: {} + connector_type_id: .server-log + id: df770e30-8b8b-11ed-a780-3b746c987a81 + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my_server_log_connector + Connectors_get_connector_types_generativeai_response: + summary: A list of connector types for the `generativeAI` feature. + value: + - enabled: true + enabled_in_config: true + enabled_in_license: true + id: .gen-ai + is_system_action_type: false + minimum_license_required: enterprise + name: OpenAI + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - enabled: true + enabled_in_config: true + enabled_in_license: true + id: .bedrock + is_system_action_type: false + minimum_license_required: enterprise + name: AWS Bedrock + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - enabled: true + enabled_in_config: true + enabled_in_license: true + id: .gemini + is_system_action_type: false + minimum_license_required: enterprise + name: Google Gemini + supported_feature_ids: + - generativeAIForSecurity + Connectors_get_connectors_response: + summary: A list of connectors + value: + - connector_type_id: .email + id: preconfigured-email-connector + is_deprecated: false + is_preconfigured: true + is_system_action: false + name: my-preconfigured-email-notification + referenced_by_count: 0 + - config: + executionTimeField: null + index: test-index + refresh: false + connector_type_id: .index + id: e07d0c80-8b8b-11ed-a780-3b746c987a81 + is_deprecated: false + is_missing_secrets: false + is_preconfigured: false + is_system_action: false + name: my-index-connector + referenced_by_count: 2 + Connectors_run_cases_webhook_connector_request: + summary: Run a Webhook - Case Management connector to create a case. + value: + params: + subAction: pushToService + subActionParams: + comments: + - comment: A comment about the incident. + commentId: 1 + incident: + description: Description of the incident. + id: caseID + severity: low + status: open + tags: + - tag1 + - tag2 + title: Case title + Connectors_run_cases_webhook_connector_response: + summary: >- + Response from a pushToService action for a Webhook - Case Management + connector. + value: + connector_id: 1824b5b8-c005-4dcc-adac-57f92db46459 + data: + comments: + - commentId: 1 + pushedDate: '2023-12-05T19:43:36.360Z' + id: 100665 + pushedDate: '2023-12-05T19:43:36.360Z' + title: TEST-29034 + url: 'https://example.com/browse/TEST-29034' + status: ok + Connectors_run_email_connector_request: + summary: Send an email message from an email connector. + value: + params: + bcc: + - user1@example.com + cc: + - user2@example.com + - user3@example.com + message: Test email message. + subject: Test message subject + to: + - user4@example.com + Connectors_run_email_connector_response: + summary: Response for sending a message from an email connector. + value: + connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 + data: + accepted: + - user1@example.com + - user2@example.com + - user3@example.com + - user4@example.com + envelope: + from: tester@example.com + to: + - user1@example.com + - user2@example.com + - user3@example.com + - user4@example.com + envelopeTime: 8 + messageId: <08a92d29-642a-0706-750c-de5996bd5cf3@example.com> + messageSize: 729 + messageTime: 3 + rejected: [] + response: 250 Message queued as QzEXKcGJ + status: ok + Connectors_run_index_connector_request: + summary: Run an index connector. + value: + params: + documents: + - id: my_doc_id + message: 'hello, world' + name: my_doc_name + Connectors_run_index_connector_response: + summary: Response from running an index connector. + value: + connector_id: fd38c600-96a5-11ed-bb79-353b74189cba + data: + errors: false + items: + - create: + _id: 4JtvwYUBrcyxt2NnfW3y + _index: my-index + _primary_term: 1 + _seq_no: 0 + _shards: + failed: 0 + successful: 1 + total: 2 + _version: 1 + result: created + status: 201 + took: 135 + status: ok + Connectors_run_jira_connector_request: + summary: Run a Jira connector to retrieve the list of issue types. + value: + params: + subAction: issueTypes + Connectors_run_jira_connector_response: + summary: Response from retrieving the list of issue types for a Jira connector. + value: + connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 + data: + - id: 10024 + name: Improvement + - id: 10006 + name: Task + - id: 10007 + name: Sub-task + - id: 10025 + name: New Feature + - id: 10023 + name: Bug + - id: 10000 + name: Epic + status: ok + Connectors_run_pagerduty_connector_request: + summary: Run a PagerDuty connector to trigger an alert. + value: + params: + customDetails: + my_data_1: test data + eventAction: trigger + links: + - href: 'http://example.com/pagerduty' + text: An example link + summary: A brief event summary + Connectors_run_pagerduty_connector_response: + summary: Response from running a PagerDuty connector. + value: + connector_id: 45de9f70-954f-4608-b12a-db7cf808e49d + data: + dedup_key: 5115e138b26b484a81eaea779faa6016 + message: Event processed + status: success + status: ok + Connectors_run_server_log_connector_request: + summary: Run a server log connector. + value: + params: + level: warn + message: Test warning message. + Connectors_run_server_log_connector_response: + summary: Response from running a server log connector. + value: + connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 + status: ok + Connectors_run_servicenow_itom_connector_request: + summary: Run a ServiceNow ITOM connector to retrieve the list of choices. + value: + params: + subAction: getChoices + subActionParams: + fields: + - severity + - urgency + Connectors_run_servicenow_itom_connector_response: + summary: >- + Response from retrieving the list of choices for a ServiceNow ITOM + connector. + value: + connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698 + data: + - dependent_value: '' + element: severity + label: Critical + value: 1 + - dependent_value: '' + element: severity + label: Major + value: 2 + - dependent_value: '' + element: severity + label: Minor + value: 3 + - dependent_value: '' + element: severity + label: Warning + value: 4 + - dependent_value: '' + element: severity + label: OK + value: 5 + - dependent_value: '' + element: severity + label: Clear + value: 0 + - dependent_value: '' + element: urgency + label: 1 - High + value: 1 + - dependent_value: '' + element: urgency + label: 2 - Medium + value: 2 + - dependent_value: '' + element: urgency + label: 3 - Low + value: 3 + status: ok + Connectors_run_slack_api_connector_request: + summary: >- + Run a Slack connector that uses the web API method to post a message on + a channel. + value: + params: + subAction: postMessage + subActionParams: + channelIds: + - C123ABC456 + text: A test message. + Connectors_run_slack_api_connector_response: + summary: Response from posting a message with a Slack connector. + value: + connector_id: .slack_api + data: + channel: C123ABC456 + message: + app_id: A01BC2D34EF + blocks: + - block_id: /NXe + elements: + - elements: + - text: A test message. + type: text + type: rich_text_section + type: rich_text + bot_id: B12BCDEFGHI + bot_profile: + app_id: A01BC2D34EF + deleted: false + icons: + image_36: 'https://a.slack-edge.com/80588/img/plugins/app/bot_36.png' + id: B12BCDEFGHI + name: test + team_id: T01ABCDE2F + updated: 1672169705 + team: T01ABCDE2F + text: A test message + ts: '1234567890.123456' + type: message + user: U12A345BC6D + ok: true + ts: '1234567890.123456' + status: ok + Connectors_run_swimlane_connector_request: + summary: Run a Swimlane connector to create an incident. + value: + params: + subAction: pushToService + subActionParams: + comments: + - comment: A comment about the incident. + commentId: 1 + incident: + caseId: '1000' + caseName: Case name + description: Description of the incident. + Connectors_run_swimlane_connector_response: + summary: Response from creating a Swimlane incident. + value: + connector_id: a4746470-2f94-11ed-b0e0-87533c532698 + data: + comments: + - commentId: 1 + pushedDate: '2022-09-08T16:52:27.865Z' + id: aKPmBHWzmdRQtx6Mx + pushedDate: '2022-09-08T16:52:27.866Z' + title: TEST-457 + url: >- + https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx + status: ok + Connectors_update_index_connector_request: + summary: Update an index connector. + value: config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - required: - - config - - name - - secrets - Data_views_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: - type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: + index: updated-index + name: updated-connector + Data_views_create_data_view_request: + summary: Create a data view with runtime fields. + value: + data_view: + name: My Logstash data view + runtimeFieldMap: + runtime_shape_name: + script: + source: 'emit(doc[''shape_name''].value)' + type: keyword + title: logstash-* + Data_views_create_runtime_field_request: + summary: Create a runtime field. + value: + name: runtimeFoo + runtimeField: + script: + source: 'emit(doc["foo"].value)' + type: long + Data_views_get_data_view_response: + summary: >- + The get data view API returns a JSON object that contains information + about the data view. + value: + data_view: + allowNoIndex: false + fieldAttrs: + products.manufacturer: + count: 1 + products.price: + count: 1 + products.product_name: + count: 1 + total_quantity: + count: 1 + fieldFormats: + products.base_price: + id: number + params: + pattern: '$0,0.00' + products.base_unit_price: + id: number + params: + pattern: '$0,0.00' + products.min_price: + id: number + params: + pattern: '$0,0.00' + products.price: + id: number + params: + pattern: '$0,0.00' + products.taxful_price: + id: number + params: + pattern: '$0,0.00' + products.taxless_price: + id: number + params: + pattern: '$0,0.00' + taxful_total_price: + id: number + params: + pattern: '$0,0.[00]' + taxless_total_price: + id: number + params: + pattern: '$0,0.00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category + type: string + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_full_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_full_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_full_name + type: string + customer_gender: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_gender + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_last_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_last_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_last_name + type: string + customer_phone: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_phone + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: day_of_week + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week_i: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + email: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: email + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + event.dataset: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: event.dataset + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.city_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.city_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.continent_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.continent_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.country_iso_code: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.country_iso_code + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.region_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: manufacturer + type: string + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: order_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products._id.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products._id + type: string + products.base_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category + type: string + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: products.created_on + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + products.discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.discount_percentage: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_percentage + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.manufacturer: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.manufacturer + type: string + products.min_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.min_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.price: + aggregatable: true + count: 1 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_id: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + isMapped: true + name: products.product_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_name: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.product_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.product_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.product_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.product_name + type: string + products.quantity: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: products.quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.tax_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.tax_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxful_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.taxful_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxless_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.taxless_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.unit_discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.unit_discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + taxful_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.[00]' + isMapped: true + name: taxful_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + taxless_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: taxless_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_quantity: + aggregatable: true + count: 1 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_unique_products: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_unique_products + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + type: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: + summary: >- + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + value: + data_view: + allowNoIndex: false + fieldAttrs: {} + fieldFormats: + AvgTicketPrice: + id: number + params: + pattern: '$0,0.[00]' + hour_of_day: + id: number + params: + pattern: '00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: The data view name. + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: '$0,0.[00]' + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: The data view name. + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. - type: object - properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: - type: object - properties: - source: - description: Script for the runtime field. + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - description: Mapping type of the runtime field. - type: string - required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object - properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. - type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. - type: string - toId: - description: New saved object reference value to replace the old value. - type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: 'The timestamp field name, which you use for time-based data views.' - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: 'When set to `rollup`, identifies the rollup data views.' - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request - type: object - properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean - required: - - data_view - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. - type: object - properties: - status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall - required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. - type: object - properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: FlightDelayMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelayType: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightDelayType + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. - type: string - version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. + FlightNum: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightNum + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeHour: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightTimeHour + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeMin: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: FlightTimeMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + hour_of_day: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + params: + pattern: '00' + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Origin: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Origin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional + OriginAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. + OriginCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. + OriginCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date - required: - - name - - uuid - - version - - status - - metrics - Machine_learning_APIs_mlSync200Response: - properties: - datafeedsAdded: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. - type: object - datafeedsRemoved: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. - type: object - savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated - savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted - title: Successful sync API response - type: object - Machine_learning_APIs_mlSync4xxResponse: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful sync API response - type: object - Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for anomaly detection jobs - type: object - Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for datafeeds - type: object - Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for data frame analytics jobs - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: 'If saved objects are missing for trained models, they are created.' - type: object - title: Sync API response for created saved objects - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. - type: object - title: Sync API response for deleted saved objects - type: object - Machine_learning_APIs_mlSyncResponseSuccess: - description: The success or failure of the synchronization. - type: boolean - Machine_learning_APIs_mlSyncResponseTrainedModels: + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: 'emit(doc["bar"].value)' + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Saved_objects_import_objects_request: + value: + file: file.ndjson + Saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + Saved_objects_key_rotation_response: + summary: Encryption key rotation using default parameters. + value: + failed: 0 + successful: 300 + total: 1000 + Saved_objects_resolve_missing_reference_request: + value: + file: file.ndjson + retries: + - id: my-pattern + overwrite: true + type: index-pattern + - destinationId: another-vis + id: my-vis + overwrite: true + type: visualization + - destinationId: yet-another-canvas + id: my-canvas + overwrite: true + type: canvas + - id: my-dashboard + type: dashboard + Saved_objects_resolve_missing_reference_response: + summary: Resolve missing reference errors. + value: + success: true + successCount: 3 + successResults: + - id: my-vis + meta: + icon: visualizeApp + title: Look at my visualization + type: visualization + - id: my-search + meta: + icon: searchApp + title: Look at my search + type: search + - id: my-dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + type: dashboard + parameters: + Connectors_action_id: + description: An identifier for the action. + in: path + name: actionId + required: true + schema: + example: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad + type: string + Connectors_connector_id: + description: An identifier for the connector. + in: path + name: connectorId + required: true + schema: + example: df770e30-8b8b-11ed-a780-3b746c987a81 + type: string + Connectors_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Machine_learning_APIs_simulateParam: description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for trained models - type: object - Saved_objects_400_response: - title: Bad request - type: object - properties: - error: - enum: - - Bad Request - type: string - message: - type: string - statusCode: - enum: - - 400 - type: integer - required: - - error - - message - - statusCode - Saved_objects_attributes: - description: > - The data that you want to create. WARNING: When you create saved - objects, attributes are not validated, which allows you to pass - arbitrary and ill-formed data into the API that can break Kibana. Make - sure any data that you send to the API is properly formed. - type: object - Saved_objects_initial_namespaces: - description: > - Identifiers for the spaces in which this object is created. If this is - provided, the object is created only in the explicitly defined spaces. - If this is not provided, the object is created in the current space - (default behavior). For shareable object types (registered with - `namespaceType: 'multiple'`), this option can be used to specify one or - more spaces, including the "All spaces" identifier ('*'). For isolated - object types (registered with `namespaceType: 'single'` or - `namespaceType: 'multiple-isolated'`), this option can only be used to - specify a single space, and the "All spaces" identifier ('*') is not - allowed. For global object types (`registered with `namespaceType: - agnostic`), this option cannot be used. - type: array - Saved_objects_references: - description: > - Objects with `name`, `id`, and `type` properties that describe the other - saved objects that this object references. Use `name` in attributes to - refer to the other saved object, but never the `id`, which can update - automatically during migrations or import and export. - type: array - Security_AI_Assistant_API_AnonymizationFieldCreateProps: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - field: - type: string - required: - - field - Security_AI_Assistant_API_AnonymizationFieldDetailsInError: - type: object - properties: - id: - type: string - name: - type: string - required: - - id - Security_AI_Assistant_API_AnonymizationFieldResponse: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - createdAt: - type: string - createdBy: - type: string - field: - type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - namespace: - description: Kibana space - type: string - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: - type: string - updatedBy: - type: string - required: - - id - - field - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason: - enum: - - ANONYMIZATION_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult: - type: object + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Saved_objects_saved_object_id: + description: An identifier for the saved object. + in: path + name: id + required: true + schema: + type: string + Saved_objects_saved_object_type: + description: >- + Valid options include `visualization`, `dashboard`, `search`, + `index-pattern`, `config`. + in: path + name: type + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Connectors_200_actions: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Connectors_action_response_properties' + description: Indicates a successful call. + Connectors_401: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + properties: + error: + enum: + - Unauthorized + example: Unauthorized + type: string + message: + type: string + statusCode: + enum: + - 401 + example: 401 + type: integer + title: Unauthorized response + type: object + description: Authorization information is missing or invalid. + Connectors_404: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not + found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + title: Not found response + type: object + description: Object is not found. + schemas: + Connectors_action_response_properties: + description: The properties vary depending on the action type. properties: - id: - type: string - name: + actionTypeId: type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason - required: - - id - - skip_reason - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse: - type: object - properties: - anonymization_fields_count: - type: integer - attributes: + config: type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: + id: type: string - status_code: - type: integer - success: + isDeprecated: + description: Indicates whether the action type is deprecated. type: boolean - required: - - attributes - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults: - type: object - properties: - created: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult - type: array - updated: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_AnonymizationFieldUpdateProps: - type: object - properties: - allowed: + isMissingSecrets: + description: Indicates whether secrets are missing for the action. type: boolean - anonymized: + isPreconfigured: + description: Indicates whether it is a preconfigured action. type: boolean - id: + name: type: string - required: - - id - Security_AI_Assistant_API_ApiConfig: + title: Action response properties type: object + Connectors_config_properties_bedrock: + description: Defines properties for connectors when type is `.bedrock`. properties: - actionTypeId: - description: action type id - type: string - connectorId: - description: connector id - type: string - defaultSystemPromptId: - description: defaultSystemPromptId + apiUrl: + description: The Amazon Bedrock request URL. type: string - model: - description: model + defaultModel: + default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' + description: > + The generative artificial intelligence model for Amazon Bedrock to + use. Current support is for the Anthropic Claude models. type: string - provider: - $ref: '#/components/schemas/Security_AI_Assistant_API_Provider' - description: Provider required: - - connectorId - - actionTypeId - Security_AI_Assistant_API_BulkCrudActionSummary: + - apiUrl + title: Connector request properties for an Amazon Bedrock connector type: object - properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer - required: - - failed - - skipped - - succeeded - - total - Security_AI_Assistant_API_ChatCompleteProps: + Connectors_config_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. type: object properties: - connectorId: + createCommentJson: + description: > + A JSON payload sent to the create comment URL to create a case + comment. You can use variables to add Kibana Cases data to the + payload. The required variable is `case.comment`. Due to Mustache + template variables (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated once the Mustache variables have + been placed when the REST method runs. Manually ensure that the JSON + is valid, disregarding the Mustache variables, so the later + validation will pass. + example: '{"body": {{{case.comment}}}}' type: string - conversationId: + createCommentMethod: + default: put + description: > + The REST API HTTP request method to create a case comment in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - isStream: - type: boolean - langSmithApiKey: + createCommentUrl: + description: > + The REST API URL to create a case comment by ID in the third-party + system. You can use a variable to add the external system ID to the + URL. If you are using the `xpack.actions.allowedHosts setting`, add + the hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.id}}}/comment' + type: string + createIncidentJson: + description: > + A JSON payload sent to the create case URL to create a case. You can + use variables to add case data to the payload. Required variables + are `case.title` and `case.description`. Due to Mustache template + variables (which is the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid to avoid future validation errors; disregard Mustache + variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} type: string - langSmithProject: + createIncidentMethod: + default: post + description: > + The REST API HTTP request method to create a case in the third-party + system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - messages: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessage' - type: array - model: + createIncidentResponseKey: + description: >- + The JSON key in the create external case response that contains the + case ID. + type: string + createIncidentUrl: + description: > + The REST API URL to create a case in the third-party system. If you + are using the `xpack.actions.allowedHosts` setting, add the hostname + to the allowed hosts. + type: string + getIncidentResponseExternalTitleKey: + description: >- + The JSON key in get external case response that contains the case + title. + type: string + getIncidentUrl: + description: > + The REST API URL to get the case by ID from the third-party system. + If you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. You can use a variable to add the + external system ID to the URL. Due to Mustache template variables + (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid, disregarding the Mustache variables, so the later validation + will pass. + example: 'https://example.com/issue/{{{external.system.id}}}' type: string - persist: + hasAuth: + default: true + description: >- + If true, a username and password for login type authentication must + be provided. type: boolean - promptId: + headers: + description: > + A set of key-value pairs sent as headers with the request URLs for + the create case, update case, get case, and create comment methods. + type: string + updateIncidentJson: + description: > + The JSON payload sent to the update case URL to update the case. You + can use variables to add Kibana Cases data to the payload. Required + variables are `case.title` and `case.description`. Due to Mustache + template variables (which is the text enclosed in triple braces, for + example, `{{{case.title}}}`), the JSON is not validated when you + create the connector. The JSON is validated after the Mustache + variables have been placed when REST method runs. Manually ensure + that the JSON is valid to avoid future validation errors; disregard + Mustache variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} + type: string + updateIncidentMethod: + default: put + description: > + The REST API HTTP request method to update the case in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put + type: string + updateIncidentUrl: + description: > + The REST API URL to update the case by ID in the third-party system. + You can use a variable to add the external system ID to the URL. If + you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.ID}}}' type: string - responseLanguage: + viewIncidentUrl: + description: > + The URL to view the case in the external system. You can use + variables to add the external system ID or external system title to + the URL. + example: >- + https://testing-jira.atlassian.net/browse/{{{external.system.title}}} type: string required: - - messages - - persist - - connectorId - Security_AI_Assistant_API_ChatMessage: - description: AI assistant message. - type: object + - createIncidentJson + - createIncidentResponseKey + - createIncidentUrl + - getIncidentResponseExternalTitleKey + - getIncidentUrl + - updateIncidentJson + - updateIncidentUrl + - viewIncidentUrl + title: Connector request properties for Webhook - Case Management connector + Connectors_config_properties_d3security: + description: Defines properties for connectors when type is `.d3security`. properties: - content: - description: Message content. + url: + description: > + The D3 Security API request URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - data: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageData' - description: ECS object to attach to the context of the message. - fields_to_anonymize: - items: - type: string - type: array - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessageRole' - description: Message role. required: - - role - Security_AI_Assistant_API_ChatMessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_ConversationCategory: - description: The conversation category. - enum: - - assistant - - insights - type: string - Security_AI_Assistant_API_ConversationConfidence: - description: The conversation confidence. - enum: - - low - - medium - - high - type: string - Security_AI_Assistant_API_ConversationCreateProps: + - url + title: Connector request properties for a D3 Security connector + type: object + Connectors_config_properties_email: + description: Defines properties for connectors when type is `.email`. type: object properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. + clientId: + description: > + The client identifier, which is a part of OAuth 2.0 client + credentials authentication, in GUID format. If `service` is + `exchange_server`, this property is required. + nullable: true + type: string + from: + description: > + The from address for all emails sent by the connector. It must be + specified in `user@host-name` format. + type: string + hasAuth: + default: true + description: > + Specifies whether a user and password are required inside the + secrets configuration. type: boolean - id: - description: The conversation id. + host: + description: > + The host name of the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: string + oauthTokenUrl: + nullable: true type: string - isDefault: - description: Is default conversation. + port: + description: > + The port to connect to on the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: integer + secure: + description: > + Specifies whether the connection to the service provider will use + TLS. If the `service` is `elastic_cloud` (for Elastic Cloud + notifications) or one of Nodemailer's well-known email service + providers, this property is ignored. type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - title: - description: The conversation title. + service: + description: | + The name of the email service. + enum: + - elastic_cloud + - exchange_server + - gmail + - other + - outlook365 + - ses + type: string + tenantId: + description: > + The tenant identifier, which is part of OAuth 2.0 client credentials + authentication, in GUID format. If `service` is `exchange_server`, + this property is required. + nullable: true type: string required: - - title - Security_AI_Assistant_API_ConversationResponse: - type: object + - from + title: Connector request properties for an email connector + Connectors_config_properties_gemini: + description: Defines properties for connectors when type is `.gemini`. properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - createdAt: - description: The last time conversation was updated. + apiUrl: + description: The Google Gemini request URL. type: string - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - description: Is default conversation. - type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - namespace: - description: Kibana space + defaultModel: + default: gemini-1.5-pro-001 + description: >- + The generative artificial intelligence model for Google Gemini to + use. type: string - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - title: - description: The conversation title. + gcpProjectID: + description: The Google ProjectID that has Vertex AI endpoint enabled. type: string - updatedAt: - description: The last time conversation was updated. + gcpRegion: + description: The GCP region where the Vertex AI endpoint enabled. type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array required: - - id - - title - - createdAt - - users - - namespace - - category - Security_AI_Assistant_API_ConversationSummary: + - apiUrl + - gcpRegion + - gcpProjectID + title: Connector request properties for an Google Gemini connector type: object + Connectors_config_properties_genai: + description: Defines properties for connectors when type is `.gen-ai`. + discriminator: + mapping: + Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' + OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' + propertyName: apiProvider + oneOf: + - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' + - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' + title: Connector request properties for an OpenAI connector + Connectors_config_properties_genai_azure: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `Azure OpenAI'. properties: - confidence: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationConfidence - description: >- - How confident you are about this being a correct and useful - learning. - content: - description: Summary text of the conversation over time. + apiProvider: + description: The OpenAI API provider. + enum: + - Azure OpenAI type: string - public: - description: Define if summary is marked as publicly available. - type: boolean - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp summary was updated. - Security_AI_Assistant_API_ConversationUpdateProps: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - title: - description: The conversation title. + apiUrl: + description: The OpenAI API endpoint. type: string required: - - id - Security_AI_Assistant_API_FindAnonymizationFieldsSortField: - enum: - - created_at - - anonymized - - allowed - - field - - updated_at - type: string - Security_AI_Assistant_API_FindConversationsSortField: - enum: - - created_at - - is_default - - title - - updated_at - type: string - Security_AI_Assistant_API_FindPromptsSortField: - enum: - - created_at - - is_default - - name - - updated_at - type: string - Security_AI_Assistant_API_Message: - description: AI assistant conversation message. + - apiProvider + - apiUrl + title: >- + Connector request properties for an OpenAI connector that uses Azure + OpenAI type: object + Connectors_config_properties_genai_openai: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `OpenAI'. properties: - content: - description: Message content. + apiProvider: + description: The OpenAI API provider. + enum: + - OpenAI + type: string + apiUrl: + description: The OpenAI API endpoint. + type: string + defaultModel: + description: The default model to use for requests. type: string - isError: - description: Is error message. - type: boolean - reader: - $ref: '#/components/schemas/Security_AI_Assistant_API_Reader' - description: Message content. - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageRole' - description: Message role. - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp message was sent or received. - traceData: - $ref: '#/components/schemas/Security_AI_Assistant_API_TraceData' - description: trace Data required: - - timestamp - - content - - role - Security_AI_Assistant_API_MessageData: - additionalProperties: true + - apiProvider + - apiUrl + title: Connector request properties for an OpenAI connector type: object - Security_AI_Assistant_API_MessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_AI_Assistant_API_NormalizedAnonymizationFieldError: + Connectors_config_properties_index: + description: Defines properties for connectors when type is `.index`. type: object properties: - anonymization_fields: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError - type: array - err_code: + executionTimeField: + default: null + description: A field that indicates when the document was indexed. + nullable: true type: string - message: + index: + description: The Elasticsearch index to be written to. type: string - status_code: - type: integer + refresh: + default: false + description: > + The refresh policy for the write request, which affects when changes + are made visible to search. Refer to the refresh setting for + Elasticsearch document APIs. + type: boolean required: - - message - - status_code - - anonymization_fields - Security_AI_Assistant_API_NormalizedPromptError: + - index + title: Connector request properties for an index connector + Connectors_config_properties_jira: + description: Defines properties for connectors when type is `.jira`. type: object properties: - err_code: + apiUrl: + description: The Jira instance URL. type: string - message: + projectKey: + description: The Jira project key. type: string - prompts: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError - type: array - status_code: - type: integer required: - - message - - status_code - - prompts - Security_AI_Assistant_API_PromptCreateProps: + - apiUrl + - projectKey + title: Connector request properties for a Jira connector + Connectors_config_properties_opsgenie: + description: Defines properties for connectors when type is `.opsgenie`. type: object properties: - categories: - items: - type: string - type: array - color: + apiUrl: + description: > + The Opsgenie URL. For example, `https://api.opsgenie.com` or + `https://api.eu.opsgenie.com`. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - consumer: + required: + - apiUrl + title: Connector request properties for an Opsgenie connector + Connectors_config_properties_pagerduty: + description: Defines properties for connectors when type is `.pagerduty`. + properties: + apiUrl: + description: The PagerDuty event URL. + example: 'https://events.pagerduty.com/v2/enqueue' + nullable: true type: string - content: + title: Connector request properties for a PagerDuty connector + type: object + Connectors_config_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + apiUrl: + description: The IBM Resilient instance URL. type: string - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - name: + orgId: + description: The IBM Resilient organization ID. type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' required: - - name - - content - - promptType - Security_AI_Assistant_API_PromptDetailsInError: + - apiUrl + - orgId + title: Connector request properties for a IBM Resilient connector + Connectors_config_properties_sentinelone: + description: Defines properties for connectors when type is `.sentinelone`. type: object properties: - id: - type: string - name: + url: + description: > + The SentinelOne tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string required: - - id - Security_AI_Assistant_API_PromptResponse: + - url + title: Connector request properties for a SentinelOne connector + Connectors_config_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. type: object properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - createdAt: + apiUrl: + description: The ServiceNow instance URL. type: string - createdBy: + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - type: boolean - isNewConversationDefault: + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). type: boolean - name: - type: string - namespace: - description: Kibana space - type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: - type: string - updatedBy: - type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id - - name - - promptType - - content - Security_AI_Assistant_API_PromptsBulkActionSkipReason: - enum: - - PROMPT_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_PromptsBulkActionSkipResult: - type: object - properties: - id: + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. type: string - name: + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason + usesTableApi: + default: true + description: > + Determines whether the connector uses the Table API or the Import + Set API. This property is supported only for ServiceNow ITSM and + ServiceNow SecOps connectors. NOTE: If this property is set to + `false`, the Elastic application should be installed in ServiceNow. + type: boolean required: - - id - - skip_reason - Security_AI_Assistant_API_PromptsBulkCrudActionResponse: + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_servicenow_itom: + description: Defines properties for connectors when type is `.servicenow`. type: object properties: - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: + apiUrl: + description: The ServiceNow instance URL. type: string - prompts_count: - type: integer - status_code: - type: integer - success: + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. + type: string + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. + type: string required: - - attributes - Security_AI_Assistant_API_PromptsBulkCrudActionResults: - type: object + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_slack_api: + description: Defines properties for connectors when type is `.slack_api`. properties: - created: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult - type: array - updated: + allowedChannels: + description: A list of valid Slack channels. items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' + maxItems: 25 + type: object + properties: + id: + description: The Slack channel ID. + example: C123ABC456 + minLength: 1 + type: string + name: + description: The Slack channel name. + minLength: 1 + type: string + required: + - id + - name type: array - required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_PromptType: - description: Prompt type - enum: - - system - - quick - type: string - Security_AI_Assistant_API_PromptUpdateProps: + title: Connector request properties for a Slack connector + type: object + Connectors_config_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. type: object properties: - categories: - items: - type: string - type: array - color: + apiUrl: + description: The Swimlane instance URL. type: string - consumer: + appId: + description: The Swimlane application ID. type: string - content: + connectorType: + description: >- + The type of connector. Valid values are `all`, `alerts`, and + `cases`. + enum: + - all + - alerts + - cases type: string - id: + mappings: + description: The field mapping. + properties: + alertIdConfig: + description: Mapping for the alert ID. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Alert identifier mapping + type: object + caseIdConfig: + description: Mapping for the case ID. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case identifier mapping + type: object + caseNameConfig: + description: Mapping for the case name. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case name mapping + type: object + commentsConfig: + description: Mapping for the case comments. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case comment mapping + type: object + descriptionConfig: + description: Mapping for the case description. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case description mapping + type: object + ruleNameConfig: + description: Mapping for the name of the alert's rule. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Rule name mapping + type: object + severityConfig: + description: Mapping for the severity. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Severity mapping + type: object + title: Connector mappings properties for a Swimlane connector + type: object + required: + - apiUrl + - appId + - connectorType + title: Connector request properties for a Swimlane connector + Connectors_config_properties_tines: + description: Defines properties for connectors when type is `.tines`. + properties: + url: + description: > + The Tines tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, make sure this hostname is + added to the allowed hosts. type: string - isDefault: - type: boolean - isNewConversationDefault: - type: boolean required: - - id - Security_AI_Assistant_API_Provider: - description: Provider - enum: - - OpenAI - - Azure OpenAI - type: string - Security_AI_Assistant_API_Reader: - additionalProperties: true - type: object - Security_AI_Assistant_API_Replacements: - additionalProperties: - type: string - description: Replacements object used to anonymize/deanomymize messsages - type: object - Security_AI_Assistant_API_SortOrder: - enum: - - asc - - desc - type: string - Security_AI_Assistant_API_TraceData: - description: trace Data + - url + title: Connector request properties for a Tines connector type: object + Connectors_config_properties_torq: + description: Defines properties for connectors when type is `.torq`. properties: - traceId: - description: 'Could be any string, not necessarily a UUID' - type: string - transactionId: - description: 'Could be any string, not necessarily a UUID' + webhookIntegrationUrl: + description: The endpoint URL of the Elastic Security integration in Torq. type: string - Security_AI_Assistant_API_User: - description: 'Could be any string, not necessarily a UUID' + required: + - webhookIntegrationUrl + title: Connector request properties for a Torq connector type: object + Connectors_config_properties_webhook: + description: Defines properties for connectors when type is `.webhook`. properties: - id: - description: User id + authType: + description: | + The type of authentication to use: basic, SSL, or none. + enum: + - webhook-authentication-basic + - webhook-authentication-ssl + nullable: true type: string - name: - description: User name + ca: + description: > + A base64 encoded version of the certificate authority file that the + connector can trust to sign and validate certificates. This option + is available for all authentication types. type: string - Security_Solution_Detections_API_AlertAssignees: - type: object - properties: - add: - description: A list of users ids to assign. - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: array - remove: - description: A list of users ids to unassign. - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: array - required: - - add - - remove - Security_Solution_Detections_API_AlertIds: - description: A list of alerts ids. - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - minItems: 1 - type: array - Security_Solution_Detections_API_AlertsIndex: - deprecated: true - description: (deprecated) Has no effect. - type: string - Security_Solution_Detections_API_AlertsIndexMigrationError: - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - type: string - required: - - message - - status_code - index: + certType: + description: > + If the `authType` is `webhook-authentication-ssl`, specifies whether + the certificate authentication data is in a CRT and key file format + or a PFX file format. + enum: + - ssl-crt-key + - ssl-pfx type: string - required: - - index - - error - Security_Solution_Detections_API_AlertsIndexMigrationSuccess: - type: object - properties: - index: + hasAuth: + description: > + If `true`, a user name and password must be provided for login type + authentication. + type: boolean + headers: + description: A set of key-value pairs sent as headers with the request. + nullable: true + type: object + method: + default: post + description: | + The HTTP request method, either `post` or `put`. + enum: + - post + - put type: string - migration_id: + url: + description: > + The request URL. If you are using the `xpack.actions.allowedHosts` + setting, add the hostname to the allowed hosts. type: string - migration_index: + verificationMode: + default: full + description: > + Controls the verification of certificates. Use `full` to validate + that the certificate has an issue date within the `not_before` and + `not_after` dates, chains to a trusted certificate authority (CA), + and has a hostname or IP address that matches the names within the + certificate. Use `certificate` to validate the certificate and + verify that it is signed by a trusted authority; this option does + not check the certificate hostname. Use `none` to skip certificate + validation. + enum: + - certificate + - full + - none type: string - required: - - index - - migration_id - - migration_index - Security_Solution_Detections_API_AlertsIndexNamespace: - description: Has no effect. - type: string - Security_Solution_Detections_API_AlertsReindexOptions: + title: Connector request properties for a Webhook connector type: object + Connectors_config_properties_xmatters: + description: Defines properties for connectors when type is `.xmatters`. properties: - requests_per_second: - minimum: 1 - type: integer - size: - minimum: 1 - type: integer - slices: - minimum: 1 - type: integer - Security_Solution_Detections_API_AlertsSort: + configUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters. It is + applicable only when `usesBasic` is `true`. + nullable: true + type: string + usesBasic: + default: true + description: >- + Specifies whether the connector uses HTTP basic authentication + (`true`) or URL authentication (`false`). + type: boolean + title: Connector request properties for an xMatters connector + type: object + Connectors_connector_response_properties: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + .cases-webhook: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + .d3security: >- + #/components/schemas/Connectors_connector_response_properties_d3security + .email: '#/components/schemas/Connectors_connector_response_properties_email' + .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' + .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' + .index: '#/components/schemas/Connectors_connector_response_properties_index' + .jira: '#/components/schemas/Connectors_connector_response_properties_jira' + .opsgenie: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + .pagerduty: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + .resilient: >- + #/components/schemas/Connectors_connector_response_properties_resilient + .sentinelone: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + .server-log: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + .servicenow: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + .servicenow-itom: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + .slack: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + .slack_api: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + .swimlane: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + .teams: '#/components/schemas/Connectors_connector_response_properties_teams' + .tines: '#/components/schemas/Connectors_connector_response_properties_tines' + .torq: '#/components/schemas/Connectors_connector_response_properties_torq' + .webhook: >- + #/components/schemas/Connectors_connector_response_properties_webhook + .xmatters: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + propertyName: connector_type_id oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations - - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations - type: array - Security_Solution_Detections_API_AlertsSortCombinations: - anyOf: - - type: string - - additionalProperties: true - type: object - Security_Solution_Detections_API_AlertStatus: - enum: - - open - - closed - - acknowledged - - in-progress - type: string - Security_Solution_Detections_API_AlertSuppression: + #/components/schemas/Connectors_connector_response_properties_bedrock + - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_d3security + - $ref: '#/components/schemas/Connectors_connector_response_properties_email' + - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' + - $ref: '#/components/schemas/Connectors_connector_response_properties_index' + - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_resilient + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' + - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' + - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + title: Connector response properties + Connectors_connector_response_properties_bedrock: + title: Connector response properties for an Amazon Bedrock connector type: object properties: - duration: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration - group_by: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionGroupBy - missing_fields_strategy: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. + enum: + - .bedrock + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string required: - - group_by - Security_Solution_Detections_API_AlertSuppressionDuration: + - config + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_cases_webhook: + title: Connector request properties for a Webhook - Case Management connector type: object properties: - unit: + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. enum: - - s - - m - - h + - .cases-webhook type: string - value: - minimum: 1 - type: integer + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - value - - unit - Security_Solution_Detections_API_AlertSuppressionGroupBy: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy: - description: >- - Describes how alerts will be generated for documents with missing - suppress by fields: - - doNotSuppress - per each document a separate alert will be created - - suppress - only alert will be created per suppress by bucket - enum: - - doNotSuppress - - suppress - type: string - Security_Solution_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_AlertTags: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTag' - type: array - Security_Solution_Detections_API_AlertVersion: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_d3security: + title: Connector response properties for a D3 Security connector type: object properties: - count: - type: integer - version: - type: integer + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. + enum: + - .d3security + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - version - - count - Security_Solution_Detections_API_AnomalyThreshold: - description: Anomaly threshold - minimum: 0 - type: integer - Security_Solution_Detections_API_BuildingBlockType: - description: >- - Determines if the rule acts as a building block. By default, - building-block alerts are not displayed in the UI. These rules are used - as a foundation for other rules that do generate alerts. Its value must - be default. - type: string - Security_Solution_Detections_API_BulkActionEditPayload: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTags - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTimeline - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadRuleActions - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadSchedule - Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_email: + title: Connector response properties for an email connector type: object properties: - overwrite_data_views: - type: boolean - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. enum: - - add_index_patterns - - delete_index_patterns - - set_index_patterns + - .email type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_gemini: + title: Connector response properties for a Google Gemini connector type: object properties: - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. enum: - - add_investigation_fields - - delete_investigation_fields - - set_investigation_fields + - .gemini type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadRuleActions: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_genai: + title: Connector response properties for an OpenAI connector type: object properties: - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. enum: - - add_rule_actions - - set_rule_actions + - .gen-ai type: string - value: - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleAction - type: array - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThrottleForBulkActions - required: - - actions + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadSchedule: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_index: + title: Connector response properties for an index connector type: object properties: - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. enum: - - set_schedule + - .index type: string - value: - type: object - properties: - interval: - description: >- - Interval in which the rule runs. For example, `"1h"` means the - rule runs every hour. - example: 1h - pattern: '^[1-9]\d*[smh]$' - type: string - lookback: - description: Lookback time for the rule - example: 1h - pattern: '^[1-9]\d*[smh]$' - type: string - required: - - interval - - lookback + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadTags: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_jira: + title: Connector response properties for a Jira connector type: object properties: - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. enum: - - add_tags - - delete_tags - - set_tags + - .jira + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - value: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleTagArray' + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - value - Security_Solution_Detections_API_BulkActionEditPayloadTimeline: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_opsgenie: + title: Connector response properties for an Opsgenie connector type: object properties: - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. enum: - - set_timeline + - .opsgenie type: string - value: - type: object - properties: - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - required: - - timeline_id - - timeline_title - required: - - type - - value - Security_Solution_Detections_API_BulkActionsDryRunErrCode: - enum: - - IMMUTABLE - - MACHINE_LEARNING_AUTH - - MACHINE_LEARNING_INDEX_PATTERN - - ESQL_INDEX_PATTERN - - MANUAL_RULE_RUN_FEATURE - - MANUAL_RULE_RUN_DISABLED_RULE - type: string - Security_Solution_Detections_API_BulkActionSkipResult: - type: object - properties: id: + description: The identifier for the connector. type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: + description: The display name for the connector. type: string - skip_reason: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditSkipReason + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: + - connector_type_id - id - - skip_reason - Security_Solution_Detections_API_BulkCrudRulesResponse: - items: - oneOf: - - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - - $ref: '#/components/schemas/Security_Solution_Detections_API_ErrorSchema' - type: array - Security_Solution_Detections_API_BulkDeleteRules: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_pagerduty: + title: Connector response properties for a PagerDuty connector type: object properties: - action: + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. enum: - - delete + - .pagerduty type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - Security_Solution_Detections_API_BulkDisableRules: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_resilient: + title: Connector response properties for a IBM Resilient connector type: object properties: - action: + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. enum: - - disable + - .resilient type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - Security_Solution_Detections_API_BulkDuplicateRules: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_sentinelone: + title: Connector response properties for a SentinelOne connector type: object properties: - action: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. enum: - - duplicate + - .sentinelone type: string - duplicate: - type: object - properties: - include_exceptions: - description: Whether to copy exceptions from the original rule - type: boolean - include_expired_exceptions: - description: Whether to copy expired exceptions from the original rule - type: boolean - required: - - include_exceptions - - include_expired_exceptions - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - Security_Solution_Detections_API_BulkEditActionResponse: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_serverlog: + title: Connector response properties for a server log connector type: object properties: - attributes: + config: + nullable: true type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleError - type: array - results: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResults - summary: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionSummary - required: - - results - - summary - message: + connector_type_id: + description: The type of connector. + enum: + - .server-log type: string - rules_count: - type: integer - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_Solution_Detections_API_BulkEditActionResults: - type: object - properties: - created: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - type: array - deleted: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionSkipResult - type: array - updated: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - type: array - required: - - updated - - created - - deleted - - skipped - Security_Solution_Detections_API_BulkEditActionSummary: - type: object - properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - failed - - skipped - - succeeded - - total - Security_Solution_Detections_API_BulkEditRules: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow: + title: Connector response properties for a ServiceNow ITSM connector type: object properties: - action: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. enum: - - edit + - .servicenow type: string - edit: - description: Array of objects containing the edit operations - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayload - minItems: 1 - type: array - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - - edit - Security_Solution_Detections_API_BulkEditSkipReason: - enum: - - RULE_NOT_MODIFIED - type: string - Security_Solution_Detections_API_BulkEnableRules: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_itom: + title: Connector response properties for a ServiceNow ITOM connector type: object properties: - action: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. enum: - - enable + - .servicenow-itom type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - Security_Solution_Detections_API_BulkExportActionResponse: - type: string - Security_Solution_Detections_API_BulkExportRules: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_sir: + title: Connector response properties for a ServiceNow SecOps connector type: object properties: - action: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. enum: - - export + - .servicenow-sir type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - Security_Solution_Detections_API_BulkManualRuleRun: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_api: + title: Connector response properties for a Slack connector type: object properties: - action: + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. enum: - - run + - .slack_api type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules + id: + description: The identifier for the connector. type: string - run: - type: object - properties: - end_date: - description: End date of the manual rule run - type: string - start_date: - description: Start date of the manual rule run - type: string - required: - - start_date + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - - run - Security_Solution_Detections_API_ConcurrentSearches: - minimum: 1 - type: integer - Security_Solution_Detections_API_DataViewId: - type: string - Security_Solution_Detections_API_DefaultParams: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_webhook: + title: Connector response properties for a Slack connector type: object properties: - command: + connector_type_id: + description: The type of connector. enum: - - isolate + - .slack type: string - comment: + id: + description: The identifier for the connector. type: string - required: - - command - Security_Solution_Detections_API_EcsMapping: - additionalProperties: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array - type: object - Security_Solution_Detections_API_EndpointResponseAction: - type: object - properties: - action_type_id: - enum: - - .endpoint + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - params: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_DefaultParams - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ProcessesParams + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action_type_id - - params - Security_Solution_Detections_API_EqlOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - event_category_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EventCategoryOverride - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - tiebreaker_field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TiebreakerField - timestamp_field: - $ref: '#/components/schemas/Security_Solution_Detections_API_TimestampField' - Security_Solution_Detections_API_EqlQueryLanguage: - enum: - - eql - type: string - Security_Solution_Detections_API_EqlRequiredFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_swimlane: + title: Connector response properties for a Swimlane connector type: object properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage - description: Query language to use - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: + description: The type of connector. enum: - - eql + - .swimlane type: string - required: - - type - - query - - language - Security_Solution_Detections_API_EqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleResponseFields - Security_Solution_Detections_API_EqlRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_EqlRulePatchFields: - allOf: - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage - description: Query language to use - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type - enum: - - eql - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchFields - Security_Solution_Detections_API_EqlRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_ErrorSchema: - additionalProperties: false + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_teams: + title: Connector response properties for a Microsoft Teams connector type: object properties: - error: + config: type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message - id: + connector_type_id: + description: The type of connector. + enum: + - .teams type: string - item_id: - minLength: 1 + id: + description: The identifier for the connector. type: string - list_id: - minLength: 1 + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - error - Security_Solution_Detections_API_EsqlQueryLanguage: - enum: - - esql - type: string - Security_Solution_Detections_API_EsqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleResponseFields - Security_Solution_Detections_API_EsqlRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EsqlRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - Security_Solution_Detections_API_EsqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: ESQL query to execute - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - type: - description: Rule type - enum: - - esql - type: string - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - Security_Solution_Detections_API_EsqlRuleRequiredFields: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_tines: + title: Connector response properties for a Tines connector type: object properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - description: ESQL query to execute - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + description: The type of connector. enum: - - esql + - .tines + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - language - - query - Security_Solution_Detections_API_EsqlRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EventCategoryOverride: - type: string - Security_Solution_Detections_API_ExceptionListType: - description: The exception type - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Solution_Detections_API_ExternalRuleSource: - description: >- - Type of rule source for externally sourced rules, i.e. rules that have - an external source, such as the Elastic Prebuilt rules repo. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_torq: + title: Connector response properties for a Torq connector type: object properties: - is_customized: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsExternalRuleCustomized - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: + description: The type of connector. enum: - - external + - .torq + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - - is_customized - Security_Solution_Detections_API_FindRulesSortField: - enum: - - created_at - - createdAt - - enabled - - execution_summary.last_execution.date - - execution_summary.last_execution.metrics.execution_gap_duration_s - - execution_summary.last_execution.metrics.total_indexing_duration_ms - - execution_summary.last_execution.metrics.total_search_duration_ms - - execution_summary.last_execution.status + - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - risk_score - - riskScore - - severity - - updated_at - - updatedAt - type: string - Security_Solution_Detections_API_HistoryWindowStart: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_IndexMigrationStatus: + Connectors_connector_response_properties_webhook: + title: Connector response properties for a Webhook connector type: object properties: - index: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - is_outdated: - type: boolean - migrations: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MigrationStatus - type: array - signal_versions: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertVersion' - type: array - version: - type: integer + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + description: The type of connector. + enum: + - .webhook + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - index - - version - - signal_versions - - migrations - - is_outdated - Security_Solution_Detections_API_IndexPatternArray: - items: - type: string - type: array - Security_Solution_Detections_API_InternalRuleSource: - description: >- - Type of rule source for internally sourced rules, i.e. created within - the Kibana apps. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_xmatters: + title: Connector response properties for an xMatters connector type: object properties: - type: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: + description: The type of connector. enum: - - internal + - .xmatters type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - Security_Solution_Detections_API_InvestigationFields: - description: > - Schema for fields relating to investigation fields. These are user - defined fields we use to highlight - - in various features in the UI such as alert details flyout and - exceptions auto-population from alert. - - Added in PR #163235 - - Right now we only have a single field but anticipate adding more related - fields to store various - - configuration states such as `override` - where a user might say if they - want only these fields to - - display, or if they want these fields + the fields we select. When - expanding this field, it may look - - something like: - - ```typescript - - const investigationFields = z.object({ - field_names: NonEmptyArray(NonEmptyString), - override: z.boolean().optional(), - }); - - ``` - type: object - properties: - field_names: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - minItems: 1 - type: array - required: - - field_names - Security_Solution_Detections_API_InvestigationGuide: - description: Notes to help investigate alerts produced by the rule. - type: string - Security_Solution_Detections_API_IsExternalRuleCustomized: - description: >- - Determines whether an external/prebuilt rule has been customized by the - user (i.e. any of its fields have been modified and diverged from the - base value). - type: boolean - Security_Solution_Detections_API_IsRuleEnabled: - description: Determines whether the rule is enabled. - type: boolean - Security_Solution_Detections_API_IsRuleImmutable: - deprecated: true + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_types: description: >- - This field determines whether the rule is a prebuilt Elastic rule. It - will be replaced with the `rule_source` field. - type: boolean - Security_Solution_Detections_API_ItemsPerSearch: - minimum: 1 - type: integer - Security_Solution_Detections_API_KqlQueryLanguage: + The type of connector. For example, `.email`, `.index`, `.jira`, + `.opsgenie`, or `.server-log`. enum: - - kuery - - lucene + - .bedrock + - .gemini + - .cases-webhook + - .d3security + - .email + - .gen-ai + - .index + - .jira + - .opsgenie + - .pagerduty + - .resilient + - .sentinelone + - .servicenow + - .servicenow-itom + - .servicenow-sir + - .server-log + - .slack + - .slack_api + - .swimlane + - .teams + - .tines + - .torq + - .webhook + - .xmatters + example: .server-log + title: Connector types type: string - Security_Solution_Detections_API_MachineLearningJobId: - description: Machine learning job ID + Connectors_create_connector_request: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' + .cases-webhook: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' + .email: '#/components/schemas/Connectors_create_connector_request_email' + .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' + .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' + .index: '#/components/schemas/Connectors_create_connector_request_index' + .jira: '#/components/schemas/Connectors_create_connector_request_jira' + .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' + .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' + .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' + .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' + .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' + .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' + .servicenow-itom: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + .slack: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' + .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' + .teams: '#/components/schemas/Connectors_create_connector_request_teams' + .tines: '#/components/schemas/Connectors_create_connector_request_tines' + .torq: '#/components/schemas/Connectors_create_connector_request_torq' + .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' + .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' + propertyName: connector_type_id oneOf: - - type: string - - items: - type: string - minItems: 1 - type: array - Security_Solution_Detections_API_MachineLearningRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleResponseFields - Security_Solution_Detections_API_MachineLearningRuleCreateFields: - allOf: + #/components/schemas/Connectors_create_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_create_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_create_connector_request_index' + - $ref: '#/components/schemas/Connectors_create_connector_request_jira' + - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields + #/components/schemas/Connectors_create_connector_request_servicenow_itom - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity + #/components/schemas/Connectors_create_connector_request_servicenow_sir + - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MachineLearningRuleOptionalFields: - type: object + #/components/schemas/Connectors_create_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_create_connector_request_teams' + - $ref: '#/components/schemas/Connectors_create_connector_request_tines' + - $ref: '#/components/schemas/Connectors_create_connector_request_torq' + - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' + title: Create connector request body properties + Connectors_create_connector_request_bedrock: + description: >- + The Amazon Bedrock connector uses axios to send a POST request to Amazon + Bedrock. properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - Security_Solution_Detections_API_MachineLearningRulePatchFields: - allOf: - - type: object - properties: - anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold - machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId - type: - description: Rule type - enum: - - machine_learning - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchFields - Security_Solution_Detections_API_MachineLearningRuleRequiredFields: + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. + enum: + - .bedrock + example: .bedrock + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' + required: + - config + - connector_type_id + - name + - secrets + title: Create Amazon Bedrock connector request type: object + Connectors_create_connector_request_cases_webhook: + description: > + The Webhook - Case Management connector uses axios to send POST, PUT, + and GET requests to a case management RESTful API web service. properties: - anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold - machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. enum: - - machine_learning + - .cases-webhook + example: .cases-webhook + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' required: - - type - - machine_learning_job_id - - anomaly_threshold - Security_Solution_Detections_API_MachineLearningRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MaxSignals: - minimum: 1 - type: integer - Security_Solution_Detections_API_MigrationCleanupResult: + - config + - connector_type_id + - name + title: Create Webhook - Case Managment connector request type: object + Connectors_create_connector_request_d3security: + description: > + The connector uses axios to send a POST request to a D3 Security + endpoint. properties: - destinationIndex: - type: string - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - message - - status_code - id: - type: string - sourceIndex: - type: string - status: + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. enum: - - success - - failure - - pending - type: string - updated: - format: date-time + - .d3security + example: .d3security type: string - version: + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - id - - destinationIndex - - status - - sourceIndex - - version - - updated - Security_Solution_Detections_API_MigrationFinalizationResult: + - config + - connector_type_id + - name + - secrets + title: Create D3 Security connector request type: object + Connectors_create_connector_request_email: + description: > + The email connector uses the SMTP protocol to send mail messages, using + an integration of Nodemailer. An exception is Microsoft Exchange, which + uses HTTP protocol for sending emails, Send mail. Email message text is + sent as both plain text and html text. properties: - completed: - type: boolean - destinationIndex: - type: string - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - message - - status_code - id: - type: string - sourceIndex: - type: string - status: + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. enum: - - success - - failure - - pending - type: string - updated: - format: date-time + - .email + example: .email type: string - version: + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - - id - - completed - - destinationIndex - - status - - sourceIndex - - version - - updated - Security_Solution_Detections_API_MigrationStatus: + - config + - connector_type_id + - name + - secrets + title: Create email connector request type: object + Connectors_create_connector_request_gemini: + description: >- + The Google Gemini connector uses axios to send a POST request to Google + Gemini. properties: - id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - status: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. enum: - - success - - failure - - pending + - .gemini + example: .gemini type: string - updated: - format: date-time + name: + description: The display name for the connector. + example: my-connector type: string - version: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - - id - - status - - version - - updated - Security_Solution_Detections_API_NewTermsFields: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Solution_Detections_API_NewTermsRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleResponseFields - Security_Solution_Detections_API_NewTermsRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NewTermsRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_NewTermsRuleOptionalFields: + - config + - connector_type_id + - name + - secrets + title: Create Google Gemini connector request type: object + Connectors_create_connector_request_genai: + description: > + The OpenAI connector uses axios to send a POST request to either OpenAI + or Azure OpenAPI. properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - Security_Solution_Detections_API_NewTermsRulePatchFields: - allOf: - - type: object - properties: - history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart - new_terms_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsFields - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchFields - Security_Solution_Detections_API_NewTermsRuleRequiredFields: + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. + enum: + - .gen-ai + example: .gen-ai + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_genai' + required: + - config + - connector_type_id + - name + - secrets + title: Create OpenAI connector request type: object + Connectors_create_connector_request_index: + description: The index connector indexes a document into Elasticsearch. properties: - history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart - new_terms_fields: - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. enum: - - new_terms + - .index + example: .index + type: string + name: + description: The display name for the connector. + example: my-connector type: string required: - - type - - query - - new_terms_fields - - history_window_start - Security_Solution_Detections_API_NewTermsRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_NewTermsRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Detections_API_NormalizedRuleAction: - additionalProperties: false + - config + - connector_type_id + - name + title: Create index connector request type: object + Connectors_create_connector_request_jira: + description: The Jira connector uses the REST API v2 to create Jira issues. properties: - alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter - frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency - group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup - id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' - params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. + enum: + - .jira + example: .jira + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - id - - params - Security_Solution_Detections_API_NormalizedRuleError: + - config + - connector_type_id + - name + - secrets + title: Create Jira connector request type: object + Connectors_create_connector_request_opsgenie: + description: The Opsgenie connector uses the Opsgenie alert API. properties: - err_code: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionsDryRunErrCode - message: + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. + enum: + - .opsgenie + example: .opsgenie type: string - rules: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDetailsInError - type: array - status_code: - type: integer + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - message - - status_code - - rules - Security_Solution_Detections_API_OsqueryParams: + - config + - connector_type_id + - name + - secrets + title: Create Opsgenie connector request type: object + Connectors_create_connector_request_pagerduty: + description: > + The PagerDuty connector uses the v2 Events API to trigger, acknowledge, + and resolve PagerDuty alerts. properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' - pack_id: + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. + enum: + - .pagerduty + example: .pagerduty type: string - queries: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryQuery' - type: array - query: + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' + required: + - config + - connector_type_id + - name + - secrets + title: Create PagerDuty connector request + type: object + Connectors_create_connector_request_resilient: + description: >- + The IBM Resilient connector uses the RESILIENT REST v2 to create IBM + Resilient incidents. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. + enum: + - .resilient + example: .resilient type: string - saved_query_id: + name: + description: The display name for the connector. + example: my-connector type: string - timeout: - type: number - Security_Solution_Detections_API_OsqueryQuery: + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' + required: + - config + - connector_type_id + - name + - secrets + title: Create IBM Resilient connector request + type: object + Connectors_create_connector_request_sentinelone: + description: > + The SentinelOne connector communicates with SentinelOne Management + Console via REST API. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Create SentinelOne connector request type: object properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' - id: - description: Query ID + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. + enum: + - .sentinelone + example: .sentinelone type: string - platform: + name: + description: The display name for the connector. + example: my-connector type: string - query: - description: Query to run + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' + required: + - config + - connector_type_id + - name + - secrets + x-technical-preview: true + Connectors_create_connector_request_serverlog: + description: This connector writes an entry to the Kibana server log. + properties: + connector_type_id: + description: The type of connector. + enum: + - .server-log + example: .server-log type: string - removed: - type: boolean - snapshot: - type: boolean - version: - description: Query version + name: + description: The display name for the connector. + example: my-connector type: string required: - - id - - query - Security_Solution_Detections_API_OsqueryResponseAction: + - connector_type_id + - name + title: Create server log connector request type: object + Connectors_create_connector_request_servicenow: + description: > + The ServiceNow ITSM connector uses the import set API to create + ServiceNow incidents. You can use the connector for rule actions and + cases. properties: - action_type_id: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. enum: - - .osquery + - .servicenow + example: .servicenow type: string - params: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryParams' + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - action_type_id - - params - Security_Solution_Detections_API_PlatformErrorResponse: + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow ITSM connector request type: object + Connectors_create_connector_request_servicenow_itom: + description: > + The ServiceNow ITOM connector uses the event API to create ServiceNow + events. You can use the connector for rule actions. properties: - error: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-itom + example: .servicenow-itom type: string - message: + name: + description: The display name for the connector. + example: my-connector type: string - statusCode: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - statusCode - - error - - message - Security_Solution_Detections_API_ProcessesParams: + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow ITOM connector request type: object + Connectors_create_connector_request_servicenow_sir: + description: > + The ServiceNow SecOps connector uses the import set API to create + ServiceNow security incidents. You can use the connector for rule + actions and cases. properties: - command: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. enum: - - kill-process - - suspend-process + - .servicenow-sir + example: .servicenow-sir type: string - comment: + name: + description: The display name for the connector. + example: my-connector type: string - config: - type: object - properties: - field: - description: Field to use instead of process.pid - type: string - overwrite: - default: true - description: Whether to overwrite field with process.pid - type: boolean - required: - - field + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - command - config - Security_Solution_Detections_API_QueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleResponseFields - Security_Solution_Detections_API_QueryRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_QueryRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - Security_Solution_Detections_API_QueryRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - response_actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction - type: array - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_QueryRulePatchFields: - allOf: - - type: object - properties: - type: - description: Rule type - enum: - - query - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchFields - Security_Solution_Detections_API_QueryRuleRequiredFields: + - connector_type_id + - name + - secrets + title: Create ServiceNow SecOps connector request type: object + Connectors_create_connector_request_slack_api: + description: The Slack connector uses an API method to send Slack messages. properties: - type: - description: Rule type + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. enum: - - query + - .slack_api + example: .slack_api type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' required: - - type - Security_Solution_Detections_API_QueryRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - required: - - query - - language - Security_Solution_Detections_API_QueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_RelatedIntegration: - description: > - Related integration is a potential dependency of a rule. It's assumed - that if the user installs - - one of the related integrations of a rule, the rule might start to work - properly because it will - - have source events (generated by this integration) potentially matching - the rule's query. - - - NOTE: Proper work is not guaranteed, because a related integration, if - installed, can be - - configured differently or generate data that is not necessarily relevant - for this rule. - - - Related integration is a combination of a Fleet package and (optionally) - one of the - - package's "integrations" that this package contains. It is represented - by 3 properties: - - - - `package`: name of the package (required, unique id) - - - `version`: version of the package (required, semver-compatible) - - - `integration`: name of the integration of this package (optional, id - within the package) - - - There are Fleet packages like `windows` that contain only one - integration; in this case, - - `integration` should be unspecified. There are also packages like `aws` - and `azure` that contain - - several integrations; in this case, `integration` should be specified. - - - @example - - const x: RelatedIntegration = { - package: 'windows', - version: '1.5.x', - }; - - - @example - - const x: RelatedIntegration = { - package: 'azure', - version: '~1.1.6', - integration: 'activitylogs', - }; - type: object - properties: - integration: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - package: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - version: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - required: - - package - - version - Security_Solution_Detections_API_RelatedIntegrationArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegration - type: array - Security_Solution_Detections_API_RequiredField: - description: > - Describes an Elasticsearch field that is needed for the rule to - function. - - - Almost all types of Security rules check source event documents for a - match to some kind of - - query or filter. If a document has certain field with certain values, - then it's a match and - - the rule will generate an alert. - - - Required field is an event field that must be present in the source - indices of a given rule. - - - @example - - const standardEcsField: RequiredField = { - name: 'event.action', - type: 'keyword', - ecs: true, - }; - - - @example - - const nonEcsField: RequiredField = { - name: 'winlog.event_data.AttributeLDAPDisplayName', - type: 'keyword', - ecs: false, - }; + - connector_type_id + - name + - secrets + title: Create Slack connector request type: object + Connectors_create_connector_request_slack_webhook: + description: The Slack connector uses Slack Incoming Webhooks. properties: - ecs: - description: Whether the field is an ECS field - type: boolean + connector_type_id: + description: The type of connector. + enum: + - .slack + example: .slack + type: string name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Type of the Elasticsearch field + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' required: + - connector_type_id - name - - type - - ecs - Security_Solution_Detections_API_RequiredFieldArray: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RequiredField' - type: array - Security_Solution_Detections_API_RequiredFieldInput: - description: >- - Input parameters to create a RequiredField. Does not include the `ecs` - field, because `ecs` is calculated on the backend based on the field - name and type. + - secrets + title: Create Slack connector request type: object + Connectors_create_connector_request_swimlane: + description: >- + The Swimlane connector uses the Swimlane REST API to create Swimlane + records. properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: + description: The type of connector. + enum: + - .swimlane + example: .swimlane + type: string name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: Type of an Elasticsearch field + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' required: + - config + - connector_type_id - name - - type - Security_Solution_Detections_API_ResponseAction: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_OsqueryResponseAction - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EndpointResponseAction - Security_Solution_Detections_API_ResponseFields: + - secrets + title: Create Swimlane connector request type: object + Connectors_create_connector_request_teams: + description: The Microsoft Teams connector uses Incoming Webhooks. properties: - created_at: - format: date-time - type: string - created_by: - type: string - execution_summary: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionSummary - id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' - immutable: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleImmutable - required_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldArray - revision: - minimum: 0 - type: integer - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_source: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleSource' - updated_at: - format: date-time + connector_type_id: + description: The type of connector. + enum: + - .teams + example: .teams type: string - updated_by: + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' required: - - id - - rule_id - - immutable - - updated_at - - updated_by - - created_at - - created_by - - revision - - related_integrations - - required_fields - Security_Solution_Detections_API_RiskScore: - description: Risk score (0 to 100) - maximum: 100 - minimum: 0 - type: integer - Security_Solution_Detections_API_RiskScoreMapping: - description: >- - Overrides generated alerts' risk_score with a value from the source - event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - value: - type: string - required: - - field - - operator - - value - type: array - Security_Solution_Detections_API_RuleAction: + - connector_type_id + - name + - secrets + title: Create Microsoft Teams connector request type: object + Connectors_create_connector_request_tines: + description: > + The Tines connector uses Tines Webhook actions to send events via POST + request. properties: - action_type_id: - description: The action type used for sending notifications. + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + description: The type of connector. + enum: + - .tines + example: .tines type: string - alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter - frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency - group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup - id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' - params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams - uuid: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - - action_type_id - - id - - params - Security_Solution_Detections_API_RuleActionAlertsFilter: - additionalProperties: true - type: object - Security_Solution_Detections_API_RuleActionFrequency: - description: >- - The action frequency defines when the action runs (for example, only on - rule execution or at specific time intervals). + - config + - connector_type_id + - name + - secrets + title: Create Tines connector request type: object + Connectors_create_connector_request_torq: + description: > + The Torq connector uses a Torq webhook to trigger workflows with Kibana + actions. properties: - notifyWhen: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionNotifyWhen - summary: - description: >- - Action summary indicates whether we will send a summary notification - about all the generate alerts or notification per individual alert - type: boolean - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - nullable: true - required: - - summary - - notifyWhen - - throttle - Security_Solution_Detections_API_RuleActionGroup: - description: >- - Optionally groups actions by use cases. Use `default` for alert - notifications. - type: string - Security_Solution_Detections_API_RuleActionId: - description: The connector ID. - type: string - Security_Solution_Detections_API_RuleActionNotifyWhen: - description: >- - The condition for throttling the notification: `onActionGroupChange`, - `onActiveAlert`, or `onThrottleInterval` - enum: - - onActiveAlert - - onThrottleInterval - - onActionGroupChange - type: string - Security_Solution_Detections_API_RuleActionParams: - additionalProperties: true - description: >- - Object containing the allowed connector fields, which varies according - to the connector type. - type: object - Security_Solution_Detections_API_RuleActionThrottle: - description: Defines how often rule actions are taken. - oneOf: - - enum: - - no_actions - - rule + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: + description: The type of connector. + enum: + - .torq + example: .torq type: string - - description: 'Time interval in seconds, minutes, hours, or days.' - example: 1h - pattern: '^[1-9]\d*[smhd]$' + name: + description: The display name for the connector. + example: my-connector type: string - Security_Solution_Detections_API_RuleAuthorArray: - items: - type: string - type: array - Security_Solution_Detections_API_RuleCreateProps: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps - discriminator: - propertyName: type - Security_Solution_Detections_API_RuleDescription: - minLength: 1 - type: string - Security_Solution_Detections_API_RuleDetailsInError: + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' + required: + - config + - connector_type_id + - name + - secrets + title: Create Torq connector request type: object + Connectors_create_connector_request_webhook: + description: > + The Webhook connector uses axios to send a POST or PUT request to a web + service. properties: - id: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + description: The type of connector. + enum: + - .webhook + example: .webhook type: string name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' required: - - id - Security_Solution_Detections_API_RuleExceptionList: + - config + - connector_type_id + - name + - secrets + title: Create Webhook connector request type: object + Connectors_create_connector_request_xmatters: + description: > + The xMatters connector uses the xMatters Workflow for Elastic to send + actionable alerts to on-call xMatters resources. properties: - id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: ID of the exception container - list_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - description: List ID of the exception container - namespace_type: - description: Determines the exceptions validity in rule's Kibana space + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: + description: The type of connector. enum: - - agnostic - - single + - .xmatters + example: .xmatters type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExceptionListType + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' required: - - id - - list_id - - type - - namespace_type - Security_Solution_Detections_API_RuleExecutionMetrics: + - config + - connector_type_id + - name + - secrets + title: Create xMatters connector request type: object - properties: - execution_gap_duration_s: - description: Duration in seconds of execution gap - minimum: 0 - type: integer - total_enrichment_duration_ms: - description: >- - Total time spent enriching documents during current rule execution - cycle - minimum: 0 - type: integer - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during current rule execution - cycle - minimum: 0 - type: integer - total_search_duration_ms: - description: >- - Total time spent performing ES searches as measured by Kibana; - includes network latency and time spent serializing/deserializing - request/response - minimum: 0 - type: integer - Security_Solution_Detections_API_RuleExecutionStatus: - description: >- - Custom execution status of Security rules that is different from the - status used in the Alerting Framework. We merge our custom status with - the Framework's status to determine the resulting status of a rule. - - - going to run - @deprecated Replaced by the 'running' status but left - for backwards compatibility with rule execution events already written - to Event Log in the prior versions of Kibana. Don't use when writing - rule status changes. - - - running - Rule execution started but not reached any intermediate or - final status. - - - partial failure - Rule can partially fail for various reasons either - in the middle of an execution (in this case we update its status right - away) or in the end of it. So currently this status can be both - intermediate and final at the same time. A typical reason for a partial - failure: not all the indices that the rule searches over actually exist. - - - failed - Rule failed to execute due to unhandled exception or a reason - defined in the business logic of its executor function. - - - succeeded - Rule executed successfully without any issues. Note: this - status is just an indication of a rule's "health". The rule might or - might not generate any alerts despite of it. + Connectors_features: + description: | + The feature that uses the connector. enum: - - going to run - - running - - partial failure - - failed - - succeeded + - alerting + - cases + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - siem + - uptime type: string - Security_Solution_Detections_API_RuleExecutionStatusOrder: + Connectors_is_deprecated: + description: Indicates whether the connector type is deprecated. + example: false + type: boolean + Connectors_is_missing_secrets: + description: >- + Indicates whether secrets are missing for the connector. Secrets + configuration properties vary depending on the connector type. + example: false + type: boolean + Connectors_is_preconfigured: + description: > + Indicates whether it is a preconfigured connector. If true, the `config` + and `is_missing_secrets` properties are omitted from the response. + example: false + type: boolean + Connectors_is_system_action: + description: Indicates whether the connector is used for system actions. + example: false + type: boolean + Connectors_referenced_by_count: + description: > + Indicates the number of saved objects that reference the connector. If + `is_preconfigured` is true, this value is not calculated. This property + is returned only by the get all connectors API. + example: 2 type: integer - Security_Solution_Detections_API_RuleExecutionSummary: + Connectors_run_connector_params_acknowledge_resolve_pagerduty: + description: Test an action that acknowledges or resolves a PagerDuty alert. + properties: + dedupKey: + description: The deduplication key for the PagerDuty alert. + maxLength: 255 + type: string + eventAction: + description: The type of event. + enum: + - acknowledge + - resolve + type: string + required: + - dedupKey + - eventAction + title: PagerDuty connector parameters type: object + Connectors_run_connector_params_documents: + description: Test an action that indexes a document into Elasticsearch. properties: - last_execution: - type: object - properties: - date: - description: Date of the last execution - format: date-time - type: string - message: - type: string - metrics: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionMetrics - status: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatus - description: Status of the last execution - status_order: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatusOrder - required: - - date - - status - - status_order - - message - - metrics + documents: + description: The documents in JSON format for index connectors. + items: + additionalProperties: true + type: object + type: array required: - - last_execution - Security_Solution_Detections_API_RuleFalsePositiveArray: - items: - type: string - type: array - Security_Solution_Detections_API_RuleFilterArray: - items: {} - type: array - Security_Solution_Detections_API_RuleInterval: - description: >- - Frequency of rule execution, using a date math range. For example, "1h" - means the rule runs every hour. Defaults to 5m (5 minutes). - type: string - Security_Solution_Detections_API_RuleIntervalFrom: - description: >- - Time from which data is analyzed each time the rule runs, using a date - math range. For example, now-4200s means the rule analyzes data from 70 - minutes before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). - format: date-math - type: string - Security_Solution_Detections_API_RuleIntervalTo: - type: string - Security_Solution_Detections_API_RuleLicense: - description: The rule's license. - type: string - Security_Solution_Detections_API_RuleMetadata: - additionalProperties: true + - documents + title: Index connector parameters type: object - Security_Solution_Detections_API_RuleName: - minLength: 1 - type: string - Security_Solution_Detections_API_RuleNameOverride: - description: Sets the source field for the alert's signal.rule.name value - type: string - Security_Solution_Detections_API_RuleObjectId: - $ref: '#/components/schemas/Security_Solution_Detections_API_UUID' - Security_Solution_Detections_API_RulePatchProps: + Connectors_run_connector_params_message_email: anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRulePatchProps - Security_Solution_Detections_API_RulePreviewLogs: - type: object + - required: + - bcc + - message + - subject + - required: + - cc + - message + - subject + - required: + - to + - message + - subject + description: > + Test an action that sends an email message. There must be at least one + recipient in `to`, `cc`, or `bcc`. properties: - duration: - description: Execution duration in milliseconds - type: integer - errors: + bcc: + description: > + A list of "blind carbon copy" email addresses. Addresses can be + specified in `user@host-name` format or in name `` + format items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + type: string type: array - startedAt: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - warnings: + cc: + description: > + A list of "carbon copy" email addresses. Addresses can be specified + in `user@host-name` format or in name `` format items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + type: string type: array - required: - - errors - - warnings - - duration - Security_Solution_Detections_API_RulePreviewParams: - type: object - properties: - invocationCount: - type: integer - timeframeEnd: - format: date-time + message: + description: The email message text. Markdown format is supported. type: string - required: - - invocationCount - - timeframeEnd - Security_Solution_Detections_API_RuleQuery: - type: string - Security_Solution_Detections_API_RuleReferenceArray: - items: - type: string - type: array - Security_Solution_Detections_API_RuleResponse: - anyOf: - - $ref: '#/components/schemas/Security_Solution_Detections_API_EqlRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_QueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdRule' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRule - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRule - - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_EsqlRule' - discriminator: - propertyName: type - Security_Solution_Detections_API_RuleSignatureId: - description: 'Could be any string, not necessarily a UUID' - type: string - Security_Solution_Detections_API_RuleSource: - description: >- - Discriminated union that determines whether the rule is internally - sourced (created within the Kibana app) or has an external source, such - as the Elastic Prebuilt rules repo. - discriminator: - propertyName: type - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExternalRuleSource - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InternalRuleSource - Security_Solution_Detections_API_RuleTagArray: - description: >- - String array containing words and phrases to help categorize, filter, - and search rules. Defaults to an empty array. - items: - type: string - type: array - Security_Solution_Detections_API_RuleUpdateProps: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleUpdateProps - discriminator: - propertyName: type - Security_Solution_Detections_API_RuleVersion: - description: The rule's version number. - minimum: 1 - type: integer - Security_Solution_Detections_API_SavedObjectResolveAliasPurpose: - enum: - - savedObjectConversion - - savedObjectImport - type: string - Security_Solution_Detections_API_SavedObjectResolveAliasTargetId: - type: string - Security_Solution_Detections_API_SavedObjectResolveOutcome: - enum: - - exactMatch - - aliasMatch - - conflict - type: string - Security_Solution_Detections_API_SavedQueryId: - type: string - Security_Solution_Detections_API_SavedQueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleResponseFields - Security_Solution_Detections_API_SavedQueryRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SavedQueryRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_SavedQueryRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - response_actions: + subject: + description: The subject line of the email. + type: string + to: + description: > + A list of email addresses. Addresses can be specified in + `user@host-name` format or in name `` format. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + type: string type: array - Security_Solution_Detections_API_SavedQueryRulePatchFields: - allOf: - - type: object - properties: - saved_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryId - type: - description: Rule type - enum: - - saved_query - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchFields - Security_Solution_Detections_API_SavedQueryRuleRequiredFields: + title: Email connector parameters type: object + Connectors_run_connector_params_message_serverlog: + description: Test an action that writes an entry to the Kibana server log. properties: - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - type: - description: Rule type + level: + default: info + description: The log level of the message for server log connectors. enum: - - saved_query + - debug + - error + - fatal + - info + - trace + - warn type: string - required: - - type - - saved_id - Security_Solution_Detections_API_SavedQueryRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_SavedQueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SetAlertsStatusByIds: + message: + description: The message for server log connectors. + type: string + required: + - message + title: Server log connector parameters type: object + Connectors_run_connector_params_message_slack: + description: > + Test an action that sends a message to Slack. It is applicable only when + the connector type is `.slack`. properties: - signal_ids: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - minItems: 1 - type: array - status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + message: + description: >- + The Slack message text, which cannot contain Markdown, images, or + other advanced formatting. + type: string required: - - signal_ids - - status - Security_Solution_Detections_API_SetAlertsStatusByQuery: + - message + title: Slack connector parameters type: object + Connectors_run_connector_params_trigger_pagerduty: + description: Test an action that triggers a PagerDuty alert. properties: - conflicts: - default: abort - enum: - - abort - - proceed + class: + description: The class or type of the event. + example: cpu load type: string - query: - additionalProperties: true + component: + description: >- + The component of the source machine that is responsible for the + event. + example: eth0 + type: string + customDetails: + description: Additional details to add to the event. type: object - status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + dedupKey: + description: > + All actions sharing this key will be associated with the same + PagerDuty alert. This value is used to correlate trigger and + resolution. + maxLength: 255 + type: string + eventAction: + description: The type of event. + enum: + - trigger + type: string + group: + description: The logical grouping of components of a service. + example: app-stack + type: string + links: + description: A list of links to add to the event. + items: + type: object + properties: + href: + description: The URL for the link. + type: string + text: + description: A plain text description of the purpose of the link. + type: string + type: array + severity: + default: info + description: The severity of the event on the affected system. + enum: + - critical + - error + - info + - warning + type: string + source: + description: > + The affected system, such as a hostname or fully qualified domain + name. Defaults to the Kibana saved object id of the action. + type: string + summary: + description: A summery of the event. + maxLength: 1024 + type: string + timestamp: + description: >- + An ISO-8601 timestamp that indicates when the event was detected or + generated. + format: date-time + type: string required: - - query - - status - Security_Solution_Detections_API_SetAlertTags: + - eventAction + title: PagerDuty connector parameters type: object + Connectors_run_connector_request: + description: The properties vary depending on the connector type. properties: - tags_to_add: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' - tags_to_remove: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' + params: + oneOf: + - $ref: >- + #/components/schemas/Connectors_run_connector_params_acknowledge_resolve_pagerduty + - $ref: '#/components/schemas/Connectors_run_connector_params_documents' + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_email + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_serverlog + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_slack + - $ref: >- + #/components/schemas/Connectors_run_connector_params_trigger_pagerduty + - description: Test an action that involves a subaction. + discriminator: + mapping: + addEvent: >- + #/components/schemas/Connectors_run_connector_subaction_addevent + closeAlert: >- + #/components/schemas/Connectors_run_connector_subaction_closealert + closeIncident: >- + #/components/schemas/Connectors_run_connector_subaction_closeincident + createAlert: >- + #/components/schemas/Connectors_run_connector_subaction_createalert + fieldsByIssueType: >- + #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype + getChoices: >- + #/components/schemas/Connectors_run_connector_subaction_getchoices + getFields: >- + #/components/schemas/Connectors_run_connector_subaction_getfields + getIncident: >- + #/components/schemas/Connectors_run_connector_subaction_getincident + issue: >- + #/components/schemas/Connectors_run_connector_subaction_issue + issues: >- + #/components/schemas/Connectors_run_connector_subaction_issues + issueTypes: >- + #/components/schemas/Connectors_run_connector_subaction_issuetypes + pushToService: >- + #/components/schemas/Connectors_run_connector_subaction_pushtoservice + propertyName: subAction + oneOf: + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_addevent + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_closealert + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_closeincident + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_createalert + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getchoices + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getfields + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getincident + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issue + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issues + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issuetypes + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_postmessage + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_pushtoservice + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_validchannelid + title: Subaction parameters required: - - tags_to_add - - tags_to_remove - Security_Solution_Detections_API_SetupGuide: - type: string - Security_Solution_Detections_API_Severity: - description: Severity of the rule - enum: - - low - - medium - - high - - critical - type: string - Security_Solution_Detections_API_SeverityMapping: - description: Overrides generated alerts' severity with values from the source event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - value: - type: string - required: - - field - - operator - - severity - - value - type: array - Security_Solution_Detections_API_SiemErrorResponse: + - params + title: Run connector request body properties + type: object + Connectors_run_connector_subaction_addevent: + description: The `addEvent` subaction for ServiceNow ITOM connectors. + title: The addEvent subaction type: object properties: - message: + subAction: + description: The action to test. + enum: + - addEvent type: string - status_code: - type: integer + subActionParams: + description: The set of configuration properties for the action. + type: object + properties: + additional_info: + description: Additional information about the event. + type: string + description: + description: The details about the event. + type: string + event_class: + description: A specific instance of the source. + type: string + message_key: + description: >- + All actions sharing this key are associated with the same + ServiceNow alert. The default value is `:`. + type: string + metric_name: + description: The name of the metric. + type: string + node: + description: The host that the event was triggered for. + type: string + resource: + description: The name of the resource. + type: string + severity: + description: The severity of the event. + type: string + source: + description: The name of the event source type. + type: string + time_of_event: + description: The time of the event. + type: string + type: + description: The type of event. + type: string required: - - status_code - - message - Security_Solution_Detections_API_SkippedAlertsIndexMigration: + - subAction + Connectors_run_connector_subaction_closealert: + description: The `closeAlert` subaction for Opsgenie connectors. + title: The closeAlert subaction type: object properties: - index: + subAction: + description: The action to test. + enum: + - closeAlert type: string + subActionParams: + type: object + properties: + alias: + description: >- + The unique identifier used for alert deduplication in Opsgenie. + The alias must match the value used when creating the alert. + type: string + note: + description: Additional information for the alert. + type: string + source: + description: The display name for the source of the alert. + type: string + user: + description: The display name for the owner. + type: string + required: + - alias required: - - index - Security_Solution_Detections_API_SortOrder: - enum: - - asc - - desc - type: string - Security_Solution_Detections_API_Threat: + - subAction + - subActionParams + Connectors_run_connector_subaction_closeincident: + description: The `closeIncident` subaction for ServiceNow ITSM connectors. + title: The closeIncident subaction type: object properties: - framework: - description: Relevant attack framework + subAction: + description: The action to test. + enum: + - closeIncident type: string - tactic: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatTactic' - technique: - description: Array containing information on the attack techniques (optional) - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatTechnique - type: array - required: - - framework - - tactic - Security_Solution_Detections_API_ThreatArray: - items: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threat' - type: array - Security_Solution_Detections_API_ThreatFilters: - items: - description: >- - Query and filter context array used to filter documents from the - Elasticsearch index containing the threat values - type: array - Security_Solution_Detections_API_ThreatIndex: - items: - type: string - type: array - Security_Solution_Detections_API_ThreatIndicatorPath: - description: >- - Defines the path to the threat indicator in the indicator documents - (optional) - type: string - Security_Solution_Detections_API_ThreatMapping: - items: - type: object - properties: - entries: - items: + subActionParams: + type: object + properties: + incident: + anyOf: + - required: + - correlation_id + - required: + - externalId type: object properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - type: - enum: - - mapping + correlation_id: + default: '{{rule.id}}:{{alert.id}}' + description: > + An identifier that is assigned to the incident when it is + created by the connector. NOTE: If you use the default value + and the rule generates multiple alerts that use the same + alert IDs, the latest open incident for this correlation ID + is closed unless you specify the external ID. + maxLength: 100 + nullable: true + type: string + externalId: + description: >- + The unique identifier (`incidentId`) for the incident in + ServiceNow. + nullable: true type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString - required: - - field - - type - - value - type: array - required: - - entries - minItems: 1 - type: array - Security_Solution_Detections_API_ThreatMatchRule: - allOf: - - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleResponseFields - Security_Solution_Detections_API_ThreatMatchRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRuleCreateProps: - allOf: - - type: object + - incident + required: + - subAction + - subActionParams + Connectors_run_connector_subaction_createalert: + description: The `createAlert` subaction for Opsgenie connectors. + title: The createAlert subaction + type: object + properties: + subAction: + description: The action to test. + enum: + - createAlert + type: string + subActionParams: + type: object properties: actions: + description: The custom actions available to the alert. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + type: string type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + alias: + description: The unique identifier used for alert deduplication in Opsgenie. + type: string description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + description: >- + A description that provides detailed information about the + alert. + type: string + details: + additionalProperties: true + description: The custom properties of the alert. + example: + key1: value1 + key2: value2 + type: object + entity: + description: >- + The domain of the alert. For example, the application or server + name. + type: string + message: + description: The alert message. + type: string note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields: - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - concurrent_searches: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ConcurrentSearches - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - items_per_search: - $ref: '#/components/schemas/Security_Solution_Detections_API_ItemsPerSearch' - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - threat_filters: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatFilters' - threat_indicator_path: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndicatorPath - threat_language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threat_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndex - threat_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMapping - threat_query: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatQuery - type: - description: Rule type + description: Additional information for the alert. + type: string + priority: + description: The priority level for the alert. enum: - - threat_match + - P1 + - P2 + - P3 + - P4 + - P5 type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRulePatchProps: - allOf: - - type: object - properties: - actions: + responders: + description: > + The entities to receive notifications about the alert. If `type` + is `user`, either `id` or `username` is required. If `type` is + `team`, either `id` or `name` is required. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + type: object + properties: + id: + description: The identifier for the entity. + type: string + name: + description: The name of the entity. + type: string + type: + description: 'The type of responders, in this case `escalation`.' + enum: + - escalation + - schedule + - team + - user + type: string + username: + description: A valid email address for the user. + type: string type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: + source: + description: The display name for the source of the alert. + type: string + tags: + description: The tags for the alert. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + type: string type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: + user: + description: The display name for the owner. + type: string + visibleTo: + description: >- + The teams and users that the alert will be visible to without + sending a notification. Only one of `id`, `name`, or `username` + is required. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + type: object + properties: + id: + description: The identifier for the entity. + type: string + name: + description: The name of the entity. + type: string + type: + description: Valid values are `team` and `user`. + enum: + - team + - user + type: string + username: + description: >- + The user name. This property is required only when the + `type` is `user`. + type: string + required: + - type type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchFields - Security_Solution_Detections_API_ThreatMatchRuleRequiredFields: + required: + - message + required: + - subAction + - subActionParams + Connectors_run_connector_subaction_fieldsbyissuetype: + description: The `fieldsByIssueType` subaction for Jira connectors. + title: The fieldsByIssueType subaction type: object properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatQuery' - type: - description: Rule type + subAction: + description: The action to test. enum: - - threat_match + - fieldsByIssueType type: string - required: - - type - - query - - threat_query - - threat_mapping - - threat_index - Security_Solution_Detections_API_ThreatMatchRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_ThreatMatchRuleUpdateProps: - allOf: - - type: object + subActionParams: + type: object properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + description: The Jira issue type identifier. + example: 10024 + type: string required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatQuery: - description: Query to run - type: string - Security_Solution_Detections_API_ThreatSubtechnique: + - id + required: + - subAction + - subActionParams + Connectors_run_connector_subaction_getchoices: + description: >- + The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors. + title: The getChoices subaction type: object properties: - id: - description: Subtechnique ID - type: string - name: - description: Subtechnique name - type: string - reference: - description: Subtechnique reference + subAction: + description: The action to test. + enum: + - getChoices type: string + subActionParams: + description: The set of configuration properties for the action. + type: object + properties: + fields: + description: An array of fields. + items: + type: string + type: array + required: + - fields required: - - id - - name - - reference - Security_Solution_Detections_API_ThreatTactic: + - subAction + - subActionParams + Connectors_run_connector_subaction_getfields: + description: >- + The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow + SecOps connectors. + title: The getFields subaction type: object properties: - id: - description: Tactic ID - type: string - name: - description: Tactic name - type: string - reference: - description: Tactic reference + subAction: + description: The action to test. + enum: + - getFields type: string required: - - id - - name - - reference - Security_Solution_Detections_API_ThreatTechnique: - type: object + - subAction + Connectors_run_connector_subaction_getincident: + description: >- + The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow + SecOps connectors. properties: - id: - description: Technique ID - type: string - name: - description: Technique name - type: string - reference: - description: Technique reference + subAction: + description: The action to test. + enum: + - getIncident type: string - subtechnique: - description: Array containing more specific information on the attack technique - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatSubtechnique - type: array + subActionParams: + type: object + properties: + externalId: + description: >- + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue + identifier. + example: 71778 + type: string + required: + - externalId required: - - id - - name - - reference - Security_Solution_Detections_API_Threshold: + - subAction + - subActionParams + title: The getIncident subaction type: object - properties: - cardinality: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdCardinality - field: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdField' - value: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdValue' - required: - - field - - value - Security_Solution_Detections_API_ThresholdAlertSuppression: + Connectors_run_connector_subaction_issue: + description: The `issue` subaction for Jira connectors. + title: The issue subaction type: object properties: - duration: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration - required: - - duration - Security_Solution_Detections_API_ThresholdCardinality: - items: - type: object - properties: - field: - type: string - value: - minimum: 0 - type: integer - required: - - field - - value - type: array - Security_Solution_Detections_API_ThresholdField: - description: Field to aggregate on - oneOf: - - type: string - - items: - type: string - type: array - Security_Solution_Detections_API_ThresholdRule: - allOf: - - type: object + subAction: + description: The action to test. + enum: + - issue + type: string + subActionParams: + type: object properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + id: + description: The Jira issue identifier. + example: 71778 + type: string required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleResponseFields - Security_Solution_Detections_API_ThresholdRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRuleCreateProps: - allOf: - - type: object + - id + required: + - subAction + Connectors_run_connector_subaction_issues: + description: The `issues` subaction for Jira connectors. + title: The issues subaction + type: object + properties: + subAction: + description: The action to test. + enum: + - issues + type: string + subActionParams: + type: object properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + title: + description: The title of the Jira issue. + type: string required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdRuleDefaultableFields: + - title + required: + - subAction + - subActionParams + Connectors_run_connector_subaction_issuetypes: + description: The `issueTypes` subaction for Jira connectors. + title: The issueTypes subaction type: object properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThresholdRuleOptionalFields: - type: object + subAction: + description: The action to test. + enum: + - issueTypes + type: string + required: + - subAction + Connectors_run_connector_subaction_postmessage: + description: > + Test an action that sends a message to Slack. It is applicable only when + the connector type is `.slack_api`. properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdAlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' - filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray - index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray - saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_ThresholdRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRulePatchProps: - allOf: - - type: object + subAction: + description: The action to test. + enum: + - postMessage + type: string + subActionParams: + description: The set of configuration properties for the action. + type: object properties: - actions: + channelIds: + description: > + The Slack channel identifier, which must be one of the + `allowedChannels` in the connector configuration. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + type: string + maxItems: 1 type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: + channels: + deprecated: true + description: | + The name of a channel that your Slack app has access to. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + type: string + maxItems: 1 type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: + text: + description: > + The Slack message text. If it is a Slack webhook connector, the + text cannot contain Markdown, images, or other advanced + formatting. If it is a Slack web API connector, it can contain + either plain text or block kit messages. + minLength: 1 + type: string + required: + - subAction + - subActionParams + title: The postMessage subaction + type: object + Connectors_run_connector_subaction_pushtoservice: + description: >- + The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow + SecOps, Swimlane, and Webhook - Case Management connectors. + title: The pushToService subaction + type: object + properties: + subAction: + description: The action to test. + enum: + - pushToService + type: string + subActionParams: + description: The set of configuration properties for the action. + type: object + properties: + comments: + description: >- + Additional information that is sent to Jira, ServiceNow ITSM, + ServiceNow SecOps, or Swimlane. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + type: object + properties: + comment: + description: >- + A comment related to the incident. For example, describe + how to troubleshoot the issue. + type: string + commentId: + description: A unique identifier for the comment. + type: integer type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchFields - Security_Solution_Detections_API_ThresholdRuleRequiredFields: - type: object + incident: + description: >- + Information necessary to create or update a Jira, ServiceNow + ITSM, ServiveNow SecOps, or Swimlane incident. + type: object + properties: + alertId: + description: The alert identifier for Swimlane connectors. + type: string + caseId: + description: >- + The case identifier for the incident for Swimlane + connectors. + type: string + caseName: + description: The case name for the incident for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + correlation_display: + description: >- + A descriptive label of the alert for correlation purposes + for ServiceNow ITSM and ServiceNow SecOps connectors. + type: string + correlation_id: + description: > + The correlation identifier for the security incident for + ServiceNow ITSM and ServiveNow SecOps connectors. Connectors + using the same correlation ID are associated with the same + ServiceNow incident. This value determines whether a new + ServiceNow incident is created or an existing one is + updated. Modifying this value is optional; if not modified, + the rule ID and alert ID are combined as `{{ruleID}}:{{alert + ID}}` to form the correlation ID value in ServiceNow. The + maximum character length for this value is 100 characters. + NOTE: Using the default configuration of `{{ruleID}}:{{alert + ID}}` ensures that ServiceNow creates a separate incident + record for every generated alert that uses a unique alert + ID. If the rule generates multiple alerts that use the same + alert IDs, ServiceNow creates and continually updates a + single incident record for the alert. + type: string + description: + description: >- + The description of the incident for Jira, ServiceNow ITSM, + ServiceNow SecOps, Swimlane, and Webhook - Case Management + connectors. + type: string + dest_ip: + description: > + A list of destination IP addresses related to the security + incident for ServiceNow SecOps connectors. The IPs are added + as observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + externalId: + description: > + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue + identifier. If present, the incident is updated. Otherwise, + a new incident is created. + type: string + id: + description: >- + The external case identifier for Webhook - Case Management + connectors. + type: string + impact: + description: The impact of the incident for ServiceNow ITSM connectors. + type: string + issueType: + description: >- + The type of incident for Jira connectors. For example, + 10006. To obtain the list of valid values, set `subAction` + to `issueTypes`. + type: integer + labels: + description: > + The labels for the incident for Jira connectors. NOTE: + Labels cannot contain spaces. + items: + type: string + type: array + malware_hash: + description: >- + A list of malware hashes related to the security incident + for ServiceNow SecOps connectors. The hashes are added as + observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + malware_url: + description: >- + A list of malware URLs related to the security incident for + ServiceNow SecOps connectors. The URLs are added as + observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + type: string + otherFields: + additionalProperties: true + description: > + Custom field identifiers and their values for Jira + connectors. + maxProperties: 20 + type: object + parent: + description: >- + The ID or key of the parent issue for Jira connectors. + Applies only to `Sub-task` types of issues. + type: string + priority: + description: >- + The priority of the incident in Jira and ServiceNow SecOps + connectors. + type: string + ruleName: + description: The rule name for Swimlane connectors. + type: string + severity: + description: >- + The severity of the incident for ServiceNow ITSM and + Swimlane connectors. + type: string + short_description: + description: > + A short description of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. It is used for searching the + contents of the knowledge base. + type: string + source_ip: + description: >- + A list of source IP addresses related to the security + incident for ServiceNow SecOps connectors. The IPs are added + as observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + status: + description: >- + The status of the incident for Webhook - Case Management + connectors. + type: string + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + summary: + description: A summary of the incident for Jira connectors. + type: string + tags: + description: A list of tags for Webhook - Case Management connectors. + items: + type: string + type: array + title: + description: > + A title for the incident for Jira and Webhook - Case + Management connectors. It is used for searching the contents + of the knowledge base. + type: string + urgency: + description: The urgency of the incident for ServiceNow ITSM connectors. + type: string + required: + - subAction + - subActionParams + Connectors_run_connector_subaction_validchannelid: + description: > + Retrieves information about a valid Slack channel identifier. It is + applicable only when the connector type is `.slack_api`. properties: - query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' - type: - description: Rule type + subAction: + description: The action to test. enum: - - threshold + - validChannelId type: string - required: - - type - - query - - threshold - Security_Solution_Detections_API_ThresholdRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields - - type: object - properties: - language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - required: - - language - Security_Solution_Detections_API_ThresholdRuleUpdateProps: - allOf: - - type: object + subActionParams: + type: object properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray - building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType - description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription - enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled - exceptions_list: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray - from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom - id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId - interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval - investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields - license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense - max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' - meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata - name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace - note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide - outcome: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex - references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray - related_integrations: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput - type: array - risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' - risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping - rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId - rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride - setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' - severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping - tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray - threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray - throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle - timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId - timeline_title: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo - version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + channelId: + description: The Slack channel identifier. + example: C123ABC456 + type: string required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdValue: - description: Threshold value - minimum: 1 - type: integer - Security_Solution_Detections_API_ThrottleForBulkActions: - description: >- - The condition for throttling the notification: 'rule', 'no_actions', or - time duration - enum: - - rule - - 1h - - 1d - - 7d - type: string - Security_Solution_Detections_API_TiebreakerField: - description: Sets a secondary field for sorting events - type: string - Security_Solution_Detections_API_TimelineTemplateId: - description: Timeline template ID - type: string - Security_Solution_Detections_API_TimelineTemplateTitle: - description: Timeline template title - type: string - Security_Solution_Detections_API_TimestampField: - description: Contains the event timestamp used for sorting a sequence of events - type: string - Security_Solution_Detections_API_TimestampOverride: - description: Sets the time field used to query indices - type: string - Security_Solution_Detections_API_TimestampOverrideFallbackDisabled: - description: Disables the fallback to the event's @timestamp field - type: boolean - Security_Solution_Detections_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Solution_Detections_API_WarningSchema: + - channelId + required: + - subAction + - subActionParams + title: The validChannelId subaction type: object + Connectors_secrets_properties_bedrock: + description: Defines secrets for connectors when type is `.bedrock`. properties: - actionPath: - type: string - buttonLabel: - type: string - message: + accessKey: + description: The AWS access key for authentication. type: string - type: + secret: + description: The AWS secret for authentication. type: string required: - - type - - message - - actionPath - Security_Solution_Endpoint_Exceptions_API_EndpointList: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionList - - additionalProperties: false - type: object - Security_Solution_Endpoint_Exceptions_API_EndpointListItem: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItem - Security_Solution_Endpoint_Exceptions_API_ExceptionList: + - accessKey + - secret + title: Connector secrets properties for an Amazon Bedrock connector + type: object + Connectors_secrets_properties_cases_webhook: + title: Connector secrets properties for Webhook - Case Management connector type: object properties: - _version: - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListId - immutable: - type: boolean - list_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListType - updated_at: - format: date-time + password: + description: >- + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - updated_by: + user: + description: >- + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - version: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion - required: - - id - - list_id - - type - - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription: - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Endpoint_Exceptions_API_ExceptionListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItem: + Connectors_secrets_properties_d3security: + description: Defines secrets for connectors when type is `.d3security`. type: object properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId - item_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType - updated_at: - format: date-time - type: string - updated_by: + token: + description: The D3 Security token. type: string required: - - id - - item_id - - list_id - - type - - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment: - type: object + - token + title: Connector secrets properties for a D3 Security connector + Connectors_secrets_properties_email: + description: Defines secrets for connectors when type is `.email`. properties: - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - created_at: - format: date-time + clientSecret: + description: > + The Microsoft Exchange Client secret for OAuth 2.0 client + credentials authentication. It must be URL-encoded. If `service` is + `exchange_server`, this property is required. type: string - created_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - updated_at: - format: date-time + password: + description: > + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - updated_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - required: - - id - - comment - - created_at - - created_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists: - type: object - properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - exists + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - required: - - type - - field - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList: + title: Connector secrets properties for an email connector type: object + Connectors_secrets_properties_gemini: + description: Defines secrets for connectors when type is `.gemini`. properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - list: - type: object - properties: - id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListId - type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListType - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - list + credentialsJSON: + description: >- + The service account credentials JSON file. The service account + should have Vertex AI user IAM role assigned to it. type: string required: - - type - - field - - list - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: + - credentialsJSON + title: Connector secrets properties for a Google Gemini connector type: object + Connectors_secrets_properties_genai: + description: Defines secrets for connectors when type is `.gen-ai`. properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match + apiKey: + description: The OpenAI API key. type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - required: - - type - - field - - value - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: + title: Connector secrets properties for an OpenAI connector + type: object + Connectors_secrets_properties_jira: + description: Defines secrets for connectors when type is `.jira`. type: object properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any + apiToken: + description: The Jira API authentication token for HTTP basic authentication. + type: string + email: + description: The account email for HTTP Basic authentication. type: string - value: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - minItems: 1 - type: array required: - - type - - field - - value - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: + - apiToken + - email + title: Connector secrets properties for a Jira connector + Connectors_secrets_properties_opsgenie: + description: Defines secrets for connectors when type is `.opsgenie`. type: object properties: - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - operator: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard + apiKey: + description: The Opsgenie API authentication key for HTTP Basic authentication. type: string - value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString required: - - type - - field - - value - - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested: - type: object + - apiKey + title: Connector secrets properties for an Opsgenie connector + Connectors_secrets_properties_pagerduty: + description: Defines secrets for connectors when type is `.pagerduty`. properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - type: - enum: - - nested + routingKey: + description: > + A 32 character PagerDuty Integration Key for an integration on a + service. type: string required: - - type - - field - - entries - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta: - additionalProperties: true + - routingKey + title: Connector secrets properties for a PagerDuty connector type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListName: - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Solution_Endpoint_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse: + Connectors_secrets_properties_resilient: + description: Defines secrets for connectors when type is `.resilient`. type: object properties: - error: + apiKeyId: + description: The authentication key ID for HTTP Basic authentication. type: string - message: + apiKeySecret: + description: The authentication key secret for HTTP Basic authentication. type: string - statusCode: - type: integer required: - - statusCode - - error - - message - Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse: - type: object + - apiKeyId + - apiKeySecret + title: Connector secrets properties for IBM Resilient connector + Connectors_secrets_properties_sentinelone: + description: Defines secrets for connectors when type is `.sentinelone`. properties: - message: + token: + description: The A SentinelOne API token. type: string - status_code: - type: integer required: - - status_code - - message - Security_Solution_Endpoint_Management_API_ActionLogRequestQuery: + - token + title: Connector secrets properties for a SentinelOne connector type: object + Connectors_secrets_properties_servicenow: + description: >- + Defines secrets for connectors when type is `.servicenow`, + `.servicenow-sir`, or `.servicenow-itom`. properties: - end_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate - page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' - page_size: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PageSize - start_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate - Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse: + clientSecret: + description: >- + The client secret assigned to your OAuth application. This property + is required when `isOAuth` is `true`. + type: string + password: + description: >- + The password for HTTP basic authentication. This property is + required when `isOAuth` is `false`. + type: string + privateKey: + description: >- + The RSA private key that you created for use in ServiceNow. This + property is required when `isOAuth` is `true`. + type: string + privateKeyPassword: + description: >- + The password for the RSA private key. This property is required when + `isOAuth` is `true` and you set a password on your private key. + type: string + username: + description: >- + The username for HTTP basic authentication. This property is + required when `isOAuth` is `false`. + type: string + title: >- + Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors + type: object + Connectors_secrets_properties_slack_api: + description: Defines secrets for connectors when type is `.slack`. type: object properties: - body: - type: object - properties: - data: - type: object - properties: - canEncrypt: - type: boolean - required: - - data + token: + description: Slack bot user OAuth token. + type: string required: - - body - Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse: + - token + title: Connector secrets properties for a Web API Slack connector + Connectors_secrets_properties_slack_webhook: + description: Defines secrets for connectors when type is `.slack`. type: object properties: - body: - type: object - properties: - data: - type: object - properties: - agent_id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId - pending_actions: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionsSchema - required: - - agent_id - - pending_actions - required: - - data + webhookUrl: + description: Slack webhook url. + type: string required: - - body - Security_Solution_Endpoint_Management_API_AgentId: - description: Agent ID - type: string - Security_Solution_Endpoint_Management_API_AgentIds: - minLength: 1 - oneOf: - - items: - minLength: 1 - type: string - maxItems: 50 - minItems: 1 - type: array - - minLength: 1 + - webhookUrl + title: Connector secrets properties for a Webhook Slack connector + Connectors_secrets_properties_swimlane: + description: Defines secrets for connectors when type is `.swimlane`. + properties: + apiToken: + description: Swimlane API authentication token. type: string - Security_Solution_Endpoint_Management_API_AgentTypes: - enum: - - endpoint - - sentinel_one - - crowdstrike - type: string - Security_Solution_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. - items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NonEmptyString - minItems: 1 - type: array - Security_Solution_Endpoint_Management_API_CaseIds: - description: Case IDs to be updated (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Solution_Endpoint_Management_API_Command: - description: The command to be executed (cannot be an empty string) - enum: - - isolate - - unisolate - - kill-process - - suspend-process - - running-processes - - get-file - - execute - - upload - - scan - minLength: 1 - type: string - Security_Solution_Endpoint_Management_API_Commands: - items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Command' - type: array - Security_Solution_Endpoint_Management_API_Comment: - description: Optional comment - type: string - Security_Solution_Endpoint_Management_API_EndDate: - description: End date - type: string - Security_Solution_Endpoint_Management_API_EndpointIds: - description: List of endpoint IDs (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - command: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Command - timeout: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Timeout - required: - - command - required: - - parameters - Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery: + title: Connector secrets properties for a Swimlane connector type: object + Connectors_secrets_properties_teams: + description: Defines secrets for connectors when type is `.teams`. properties: - agentIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds - agentTypes: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - commands: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Commands - endDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate - page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate - types: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Types' - userIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UserIds - withOutputs: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_WithOutputs - Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_KillOrSuspendActionSchema: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - type: object - properties: - pid: - minimum: 1 - type: integer - - type: object - properties: - entity_id: - minLength: 1 - type: string - required: - - parameters - Security_Solution_Endpoint_Management_API_ListRequestQuery: + webhookUrl: + description: > + The URL of the incoming webhook. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string + required: + - webhookUrl + title: Connector secrets properties for a Microsoft Teams connector type: object + Connectors_secrets_properties_tines: + description: Defines secrets for connectors when type is `.tines`. properties: - hostStatuses: - items: - enum: - - healthy - - offline - - updating - - inactive - - unenrolled - type: string - type: array - kuery: - nullable: true - type: string - page: - default: 0 - description: Page number - minimum: 0 - type: integer - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - sortDirection: - enum: - - asc - - desc - nullable: true + email: + description: The email used to sign in to Tines. type: string - sortField: - enum: - - enrolled_at - - metadata.host.hostname - - host_status - - metadata.Endpoint.policy.applied.name - - metadata.Endpoint.policy.applied.status - - metadata.host.os.name - - metadata.host.ip - - metadata.agent.version - - last_checkin + token: + description: The Tines API token. type: string required: - - hostStatuses - Security_Solution_Endpoint_Management_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Endpoint_Management_API_NoParametersRequestSchema: + - email + - token + title: Connector secrets properties for a Tines connector type: object + Connectors_secrets_properties_torq: + description: Defines secrets for connectors when type is `.torq`. properties: - body: - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids + token: + description: The secret of the webhook authentication header. + type: string required: - - body - Security_Solution_Endpoint_Management_API_Page: - default: 1 - description: Page number - minimum: 1 - type: integer - Security_Solution_Endpoint_Management_API_PageSize: - default: 10 - description: Number of items per page - maximum: 100 - minimum: 1 - type: integer - Security_Solution_Endpoint_Management_API_Parameters: - description: Optional parameters object - type: object - Security_Solution_Endpoint_Management_API_PendingActionDataType: - type: integer - Security_Solution_Endpoint_Management_API_PendingActionsSchema: - oneOf: - - type: object - properties: - execute: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - get-file: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - isolate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - kill-process: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - running-processes: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - scan: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - suspend-process: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - unisolate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - upload: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType - - additionalProperties: true - type: object - Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse: + - token + title: Connector secrets properties for a Torq connector type: object + Connectors_secrets_properties_webhook: + description: Defines secrets for connectors when type is `.webhook`. properties: - note: + crt: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT + file. type: string - Security_Solution_Endpoint_Management_API_ScanRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Solution_Endpoint_Management_API_StartDate: - description: Start date - type: string - Security_Solution_Endpoint_Management_API_SuccessResponse: - type: object - properties: {} - Security_Solution_Endpoint_Management_API_Timeout: - description: The maximum timeout value in milliseconds (optional) - minimum: 1 - type: integer - Security_Solution_Endpoint_Management_API_Type: - description: Type of response action - enum: - - automated - - manual - type: string - Security_Solution_Endpoint_Management_API_Types: - description: List of types of response actions - items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Type' - maxLength: 2 - minLength: 1 - type: array - Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_UploadRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters - required: - - endpoint_ids - - type: object - properties: - file: - format: binary - type: string - parameters: - type: object - properties: - overwrite: - default: false - type: boolean - required: - - parameters - - file - Security_Solution_Endpoint_Management_API_UserIds: - description: User IDs - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 + key: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the KEY file. type: string - Security_Solution_Endpoint_Management_API_WithOutputs: - description: Shows detailed outputs for an action response - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 + password: + description: > + The password for HTTP basic authentication or the passphrase for the + SSL certificate files. If `hasAuth` is set to `true` and `authType` + is `webhook-authentication-basic`, this property is required. + type: string + pfx: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + type: string + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true` and `authType` is `webhook-authentication-basic`, this + property is required. type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: + title: Connector secrets properties for a Webhook connector type: object + Connectors_secrets_properties_xmatters: + description: Defines secrets for connectors when type is `.xmatters`. properties: - index: - type: integer - message: + password: + description: > + A user name for HTTP basic authentication. It is applicable only + when `usesBasic` is `true`. type: string - required: - - message - - index - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats: + secretsUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters with the + API key included in the URL. It is applicable only when `usesBasic` + is `false`. + type: string + user: + description: > + A password for HTTP basic authentication. It is applicable only when + `usesBasic` is `true`. + type: string + title: Connector secrets properties for an xMatters connector type: object - properties: - failed: - type: integer - successful: - type: integer - total: - type: integer - required: - - successful - - failed - - total - Security_Solution_Entity_Analytics_API_AssetCriticalityLevel: - description: The criticality level of the asset. - enum: - - low_impact - - medium_impact - - high_impact - - extreme_impact - type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityRecord: - allOf: + Connectors_update_connector_request: + description: The properties vary depending on the connector type. + oneOf: + - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - '@timestamp': - description: The time the record was created or updated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - required: - - '@timestamp' - Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts: + #/components/schemas/Connectors_update_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_update_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_update_connector_request_index' + - $ref: '#/components/schemas/Connectors_update_connector_request_jira' + - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_servicenow_itom + - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_update_connector_request_teams' + - $ref: '#/components/schemas/Connectors_update_connector_request_tines' + - $ref: '#/components/schemas/Connectors_update_connector_request_torq' + - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' + title: Update connector request body properties + Connectors_update_connector_request_bedrock: + title: Update Amazon Bedrock connector request type: object properties: - id_field: - $ref: '#/components/schemas/Security_Solution_Entity_Analytics_API_IdField' - description: The field representing the ID. - example: host.name - id_value: - description: The ID value of the asset. + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' required: - - id_value - - id_field - Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord: - allOf: - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts - - type: object - properties: - criticality_level: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality_level - Security_Solution_Entity_Analytics_API_IdField: - enum: - - host.name - - user.name - type: string - Security_Solution_Exceptions_API_CreateExceptionListItemComment: + - config + - name + Connectors_update_connector_request_cases_webhook: + title: Update Webhook - Case Managment connector request type: object properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' required: - - comment - Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemComment - type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment: + - config + - name + Connectors_update_connector_request_d3security: + title: Update D3 Security connector request type: object properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - comment - Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment - type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps: + - config + - name + - secrets + Connectors_update_connector_request_email: + title: Update email connector request type: object properties: - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + config: + $ref: '#/components/schemas/Connectors_config_properties_email' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - - type + - config - name - - description - - entries - Security_Solution_Exceptions_API_ExceptionList: + Connectors_update_connector_request_gemini: + title: Update Google Gemini connector request type: object properties: - _version: - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - immutable: - type: boolean - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType - updated_at: - format: date-time + description: The display name for the connector. type: string - updated_by: + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' + required: + - config + - name + Connectors_update_connector_request_index: + title: Update index connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + name: + description: The display name for the connector. type: string - version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion required: - - id - - list_id - - type + - config - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Exceptions_API_ExceptionListDescription: - type: string - Security_Solution_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItem: + Connectors_update_connector_request_jira: + title: Update Jira connector request type: object properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType - updated_at: - format: date-time - type: string - updated_by: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - id - - item_id - - list_id - - type + - config - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Exceptions_API_ExceptionListItemComment: + - secrets + Connectors_update_connector_request_opsgenie: + title: Update Opsgenie connector request type: object properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - created_at: - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - updated_at: - format: date-time + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + name: + description: The display name for the connector. type: string - updated_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - id - - comment - - created_at - - created_by - Security_Solution_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemComment - type: array - Security_Solution_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Solution_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Solution_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntry - type: array - Security_Solution_Exceptions_API_ExceptionListItemEntryExists: + - config + - name + - secrets + Connectors_update_connector_request_pagerduty: + title: Update PagerDuty connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - exists + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - type - - field - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryList: + - config + - name + - secrets + Connectors_update_connector_request_resilient: + title: Update IBM Resilient connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListType' - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - list + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' required: - - type - - field - - list - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatch: + - config + - name + - secrets + Connectors_update_connector_request_sentinelone: + title: Update SentinelOne connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + name: + description: The display name for the connector. type: string - value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' required: - - type - - field - - value - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny: + - config + - name + - secrets + Connectors_update_connector_request_serverlog: + title: Update server log connector request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any + name: + description: The display name for the connector. type: string - value: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString - minItems: 1 - type: array required: - - type - - field - - value - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard: + - name + Connectors_update_connector_request_servicenow: + title: Update ServiceNow ITSM connector or ServiceNow SecOps request type: object properties: - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + name: + description: The display name for the connector. type: string - value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - type - - field - - value - - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryNested: + - config + - name + - secrets + Connectors_update_connector_request_servicenow_itom: + title: Create ServiceNow ITOM connector request type: object properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - type: - enum: - - nested + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - type - - field - - entries - Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Solution_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Solution_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Exceptions_API_ExceptionListItemTags: - items: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - type: array - Security_Solution_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Solution_Exceptions_API_ExceptionListMeta: - additionalProperties: true - type: object - Security_Solution_Exceptions_API_ExceptionListName: - type: string - Security_Solution_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Solution_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType - type: array - Security_Solution_Exceptions_API_ExceptionListsImportBulkError: + - config + - name + - secrets + Connectors_update_connector_request_slack_api: + title: Update Slack connector request type: object properties: - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId - item_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' required: - - error - Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkError - type: array - Security_Solution_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Solution_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Solution_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Solution_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Solution_Exceptions_API_FindExceptionListItemsFilter: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_FindExceptionListsFilter: - type: string - Security_Solution_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Solution_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Exceptions_API_PlatformErrorResponse: + - name + - secrets + Connectors_update_connector_request_slack_webhook: + title: Update Slack connector request type: object properties: - error: - type: string - message: + name: + description: The display name for the connector. type: string - statusCode: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' required: - - statusCode - - error - - message - Security_Solution_Exceptions_API_RuleId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_UUID' - Security_Solution_Exceptions_API_SiemErrorResponse: + - name + - secrets + Connectors_update_connector_request_swimlane: + title: Update Swimlane connector request type: object properties: - message: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + name: + description: The display name for the connector. + example: my-connector type: string - status_code: - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' required: - - status_code - - message - Security_Solution_Exceptions_API_UpdateExceptionListItemComment: + - config + - name + - secrets + Connectors_update_connector_request_teams: + title: Update Microsoft Teams connector request type: object properties: - comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' required: - - comment - Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemComment - type: array - Security_Solution_Exceptions_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Solution_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListItemsFilter: - type: string - Security_Solution_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListsFilter: - type: string - Security_Solution_Lists_API_List: + - name + - secrets + Connectors_update_connector_request_tines: + title: Update Tines connector request type: object properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - immutable: - type: boolean - meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListMetadata' + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' - serializer: - type: string - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - updated_at: - format: date-time - type: string - updated_by: + description: The display name for the connector. type: string - version: - minimum: 1 - type: integer + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - - id - - type + - config - name - - description - - immutable - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItem: + - secrets + Connectors_update_connector_request_torq: + title: Update Torq connector request type: object properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - deserializer: + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + name: + description: The display name for the connector. type: string - id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemMetadata' - serializer: + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' + required: + - config + - name + - secrets + Connectors_update_connector_request_webhook: + title: Update Webhook connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + name: + description: The display name for the connector. type: string - tie_breaker_id: + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + required: + - config + - name + - secrets + Connectors_update_connector_request_xmatters: + title: Update xMatters connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + name: + description: The display name for the connector. type: string - type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' - updated_at: - format: date-time + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + required: + - config + - name + - secrets + Data_views_400_response: + title: Bad request + type: object + properties: + error: + example: Bad Request type: string - updated_by: + message: type: string - value: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemValue' + statusCode: + example: 400 + type: number required: - - id - - type - - list_id - - value - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Solution_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItemMetadata: - additionalProperties: true + - statusCode + - error + - message + Data_views_404_response: type: object - Security_Solution_Lists_API_ListItemPrivileges: + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request type: object properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean + data_view: + description: The data view object. type: object - has_all_requested: + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - username: - type: string required: - - username - - has_all_requested - - cluster - - index - - application - Security_Solution_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListMetadata: - additionalProperties: true - type: object - Security_Solution_Lists_API_ListName: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListPrivileges: + - data_view + Data_views_data_view_response_object: + title: Data view response properties type: object properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean - type: object - has_all_requested: - type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object + data_view: type: object - username: - type: string - required: - - username - - has_all_requested - - cluster - - index - - application - Security_Solution_Lists_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Solution_Lists_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Solution_Lists_API_PlatformErrorResponse: + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. type: object properties: - error: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 type: string - message: + customLabel: + description: Custom label for the field. type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Solution_Lists_API_SiemErrorResponse: + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. type: object properties: - message: + script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. type: string - status_code: - type: integer required: - - status_code - - message - Security_Solution_Osquery_API_ArrayQueries: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. items: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueriesItem' + type: object + properties: + value: + type: string + required: + - value type: array - Security_Solution_Osquery_API_ArrayQueriesItem: - type: object - properties: - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_CreateLiveQueryRequestBody: + Data_views_swap_data_view_request_object: + title: Data view reference swap request type: object properties: - agent_all: + delete: + description: Deletes referenced saved object if all references are removed. type: boolean - agent_ids: - items: - type: string - type: array - agent_platforms: - items: - type: string - type: array - agent_policy_ids: - items: - type: string - type: array - alert_ids: - items: - type: string - type: array - case_ids: - items: - type: string - type: array - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - event_ids: - items: - type: string - type: array - metadata: - nullable: true - type: object - pack_id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackIdOrUndefined' - queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueries' - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' - saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined - Security_Solution_Osquery_API_CreatePacksRequestBody: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined - name: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackName' - policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined - queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_CreateSavedQueryRequestBody: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - interval: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_DefaultSuccessResponse: - type: object - properties: {} - Security_Solution_Osquery_API_Description: - type: string - Security_Solution_Osquery_API_DescriptionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Description' - nullable: true - Security_Solution_Osquery_API_ECSMapping: - additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMappingItem' - type: object - Security_Solution_Osquery_API_ECSMappingItem: - type: object - properties: - field: - type: string - value: + forId: + description: Limit the affected saved objects to one or more by identifier. oneOf: - type: string - items: type: string type: array - Security_Solution_Osquery_API_ECSMappingOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMapping' - nullable: true - Security_Solution_Osquery_API_Enabled: - type: boolean - Security_Solution_Osquery_API_EnabledOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Enabled' - nullable: true - Security_Solution_Osquery_API_FindLiveQueryRequestQuery: - type: object - properties: - kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindPacksRequestQuery: - type: object - properties: - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindSavedQueryRequestQuery: - type: object - properties: - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery: - type: object - properties: - kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' - pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined - sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' - sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_Id: - type: string - Security_Solution_Osquery_API_Interval: - type: string - Security_Solution_Osquery_API_IntervalOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' - nullable: true - Security_Solution_Osquery_API_KueryOrUndefined: - nullable: true - type: string - Security_Solution_Osquery_API_ObjectQueries: - additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueriesItem' - type: object - Security_Solution_Osquery_API_ObjectQueriesItem: - type: object - properties: - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_PackId: - type: string - Security_Solution_Osquery_API_PackIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - nullable: true - Security_Solution_Osquery_API_PackName: - type: string - Security_Solution_Osquery_API_PageOrUndefined: - nullable: true - type: integer - Security_Solution_Osquery_API_PageSizeOrUndefined: - nullable: true - type: integer - Security_Solution_Osquery_API_Platform: - type: string - Security_Solution_Osquery_API_PlatformOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Platform' - nullable: true - Security_Solution_Osquery_API_PolicyIds: - items: - type: string - type: array - Security_Solution_Osquery_API_PolicyIdsOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PolicyIds' - nullable: true - Security_Solution_Osquery_API_Query: - type: string - Security_Solution_Osquery_API_QueryOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' - nullable: true - Security_Solution_Osquery_API_Removed: - type: boolean - Security_Solution_Osquery_API_RemovedOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Removed' - nullable: true - Security_Solution_Osquery_API_SavedQueryId: - type: string - Security_Solution_Osquery_API_SavedQueryIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - nullable: true - Security_Solution_Osquery_API_Shards: - additionalProperties: - type: number - type: object - Security_Solution_Osquery_API_Snapshot: - type: boolean - Security_Solution_Osquery_API_SnapshotOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Snapshot' - nullable: true - Security_Solution_Osquery_API_SortOrderOrUndefined: - oneOf: - - nullable: true + forType: + description: Limit the affected saved objects by type. type: string - - enum: - - asc - - desc - Security_Solution_Osquery_API_SortOrUndefined: - nullable: true + fromId: + description: The saved object reference to change. + type: string + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + type: string + toId: + description: New saved object reference value to replace the old value. + type: string + required: + - fromId + - toId + Data_views_timefieldname: + description: 'The timestamp field name, which you use for time-based data views.' type: string - Security_Solution_Osquery_API_UpdatePacksRequestBody: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' - policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined - queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_UpdateSavedQueryRequestBody: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined - id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' - interval: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_IntervalOrUndefined - platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined - query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' - removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined - snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined - version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_Version: + Data_views_title: + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). type: string - Security_Solution_Osquery_API_VersionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Version' - nullable: true - Security_Solution_Timeline_API_BareNote: + Data_views_type: + description: 'When set to `rollup`, identifies the rollup data views.' + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. type: object properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - nullable: true - type: string - note: - nullable: true - type: string - timelineId: - nullable: true - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object required: - - timelineId - Security_Solution_Timeline_API_ColumnHeaderResult: + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true type: object properties: - aggregatable: - type: boolean - category: - type: string - columnHeaderType: - type: string - description: - type: string - example: - oneOf: - - type: string - - type: number - id: - type: string - indexes: - items: - type: string - type: array - name: - type: string - placeholder: - type: string - searchable: - type: boolean - type: - type: string - Security_Solution_Timeline_API_DataProviderQueryMatch: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request type: object properties: - enabled: - nullable: true - type: boolean - excluded: - nullable: true + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' - Security_Solution_Timeline_API_DataProviderResult: + required: + - data_view + Kibana_HTTP_APIs_core_status_redactedResponse: + additionalProperties: false + description: A minimal representation of Kibana's operational status. type: object properties: - and: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderQueryMatch - nullable: true - type: array - enabled: - nullable: true - type: boolean - excluded: - nullable: true - type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' - nullable: true - type: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DataProviderType' - nullable: true - Security_Solution_Timeline_API_DataProviderType: + status: + additionalProperties: false + type: object + properties: + overall: + additionalProperties: false + type: object + properties: + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + required: + - level + required: + - overall + required: + - status + Kibana_HTTP_APIs_core_status_response: + additionalProperties: false description: >- - The type of data provider to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string - Security_Solution_Timeline_API_DocumentIds: - oneOf: - - items: - type: string - type: array - - type: string - Security_Solution_Timeline_API_FavoriteTimelineResponse: + Kibana's operational status as well as a detailed breakdown of plugin + statuses indication of various loads (like event loop utilization and + network traffic) at time of request. type: object properties: - code: - nullable: true - type: number - favorite: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult - type: array - message: - nullable: true - type: string - savedObjectId: + metrics: + additionalProperties: false + description: Metric groups collected by Kibana. + type: object + properties: + collection_interval_in_millis: + description: The interval at which metrics should be collected. + type: number + elasticsearch_client: + additionalProperties: false + description: Current network metrics of Kibana's Elasticsearch client. + type: object + properties: + totalActiveSockets: + description: Count of network sockets currently in use. + type: number + totalIdleSockets: + description: Count of network sockets currently idle. + type: number + totalQueuedRequests: + description: Count of requests not yet assigned to sockets. + type: number + required: + - totalActiveSockets + - totalIdleSockets + - totalQueuedRequests + last_updated: + description: The time metrics were collected. + type: string + required: + - elasticsearch_client + - last_updated + - collection_interval_in_millis + name: + description: Kibana instance name. type: string - templateTimelineId: - nullable: true + status: + additionalProperties: false + type: object + properties: + core: + additionalProperties: false + description: Statuses of core Kibana services. + type: object + properties: + elasticsearch: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + savedObjects: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + required: + - elasticsearch + - savedObjects + overall: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + plugins: + additionalProperties: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + description: A dynamic mapping of plugin ID to plugin status. + type: object + required: + - overall + - core + - plugins + uuid: + description: >- + Unique, generated Kibana instance UUID. This UUID should persist + even if the Kibana process restarts. type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' version: - type: string - required: - - savedObjectId - - version - Security_Solution_Timeline_API_FavoriteTimelineResult: - type: object - properties: - favoriteDate: - nullable: true - type: number - fullName: - nullable: true - type: string - userName: - nullable: true - type: string - Security_Solution_Timeline_API_FilterTimelineResult: - type: object - properties: - exists: - type: boolean - match_all: - type: string - meta: + additionalProperties: false type: object properties: - alias: - type: string - controlledBy: - type: string - disabled: - type: boolean - field: - type: string - formattedValue: + build_date: + description: The date and time of this build. type: string - index: + build_flavor: + description: >- + The build flavour determines configuration and behavior of + Kibana. On premise users will almost always run the + "traditional" flavour, while other flavours are reserved for + Elastic-specific use cases. + enum: + - serverless + - traditional type: string - key: + build_hash: + description: >- + A unique hash value representing the git commit of this Kibana + build. type: string - negate: + build_number: + description: >- + A monotonically increasing number, each subsequent build will + have a higher number. + type: number + build_snapshot: + description: Whether this build is a snapshot build. type: boolean - params: - type: string - type: - type: string - value: + number: + description: A semantic version number. type: string - missing: - type: string - query: - type: string - range: + required: + - number + - build_hash + - build_number + - build_snapshot + - build_flavor + - build_date + required: + - name + - uuid + - version + - status + - metrics + Machine_learning_APIs_mlSync200Response: + properties: + datafeedsAdded: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job is missing a datafeed + identifier, it is added when you run the sync machine learning saved + objects API. + type: object + datafeedsRemoved: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job references a datafeed + that no longer exists, it is deleted when you run the sync machine + learning saved objects API. + type: object + savedObjectsCreated: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated + savedObjectsDeleted: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted + title: Successful sync API response + type: object + Machine_learning_APIs_mlSync4xxResponse: + properties: + error: + example: Unauthorized type: string - script: + message: type: string - Security_Solution_Timeline_API_ImportTimelineResult: + statusCode: + example: 401 + type: integer + title: Unsuccessful sync API response type: object + Machine_learning_APIs_mlSyncResponseAnomalyDetectors: + description: >- + The sync machine learning saved objects API response contains this + object when there are anomaly detection jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. properties: - errors: - items: - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - type: number - id: - type: string - type: array success: - type: boolean - success_count: - type: number - timelines_installed: - type: number - timelines_updated: - type: number - Security_Solution_Timeline_API_ImportTimelines: - allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' - - type: object - properties: - eventNotes: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - nullable: true - type: array - globalNotes: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - savedObjectId: - nullable: true - type: string - version: - nullable: true - type: string - Security_Solution_Timeline_API_Note: - allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' - - type: object - properties: - noteId: - type: string - version: - type: string - Security_Solution_Timeline_API_PinnedEvent: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for anomaly detection jobs type: object + Machine_learning_APIs_mlSyncResponseDatafeeds: + description: >- + The sync machine learning saved objects API response contains this + object when there are datafeeds affected by the synchronization. There + is an object for each relevant datafeed, which contains the + synchronization status. properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - type: string - pinnedEventId: - type: string - timelineId: - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - version: - type: string - required: - - eventId - - pinnedEventId - - timelineId - - version - Security_Solution_Timeline_API_QueryMatchResult: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for datafeeds type: object + Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: + description: >- + The sync machine learning saved objects API response contains this + object when there are data frame analytics jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. properties: - displayField: - nullable: true - type: string - displayValue: - nullable: true - type: string - field: - nullable: true - type: string - operator: - nullable: true - type: string - value: - nullable: true - type: string - Security_Solution_Timeline_API_Readable: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for data frame analytics jobs type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: + description: >- + If saved objects are missing for machine learning jobs or trained + models, they are created when you run the sync machine learning saved + objects API. properties: - _data: - additionalProperties: true - type: object - _encoding: - type: string - _events: - additionalProperties: true - type: object - _eventsCount: - type: number - _maxListeners: - additionalProperties: true + anomaly-detector: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If saved objects are missing for anomaly detection jobs, they are + created. type: object - _position: - type: number - _read: - additionalProperties: true + data-frame-analytics: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If saved objects are missing for data frame analytics jobs, they are + created. type: object - _readableState: - additionalProperties: true + trained-model: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: 'If saved objects are missing for trained models, they are created.' type: object - readable: - type: boolean - Security_Solution_Timeline_API_RowRendererId: - enum: - - alert - - alerts - - auditd - - auditd_file - - library - - netflow - - plain - - registry - - suricata - - system - - system_dns - - system_endgame_process - - system_file - - system_fim - - system_security_event - - system_socket - - threat_match - - zeek - type: string - Security_Solution_Timeline_API_SavedTimeline: + title: Sync API response for created saved objects type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: + description: >- + If saved objects exist for machine learning jobs or trained models that + no longer exist, they are deleted when you run the sync machine learning + saved objects API. properties: - columns: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ColumnHeaderResult - nullable: true - type: array - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - dataProviders: - items: + anomaly-detector: + additionalProperties: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderResult - nullable: true - type: array - dataViewId: - nullable: true - type: string - dateRange: - nullable: true - type: object - properties: - end: - oneOf: - - type: string - - type: number - start: - oneOf: - - type: string - - type: number - description: - nullable: true - type: string - eqlOptions: - nullable: true + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If there are saved objects exist for nonexistent anomaly detection + jobs, they are deleted. type: object - properties: - eventCategoryField: - nullable: true - type: string - query: - nullable: true - type: string - size: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - tiebreakerField: - nullable: true - type: string - timestampField: - nullable: true - type: string - eventType: - nullable: true - type: string - excludedRowRendererIds: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_RowRendererId' - nullable: true - type: array - favorite: - items: + data-frame-analytics: + additionalProperties: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult - nullable: true - type: array - filters: - items: + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If there are saved objects exist for nonexistent data frame + analytics jobs, they are deleted. + type: object + trained-model: + additionalProperties: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FilterTimelineResult - nullable: true - type: array - indexNames: - items: - type: string - nullable: true - type: array - kqlMode: - nullable: true - type: string - kqlQuery: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SerializedFilterQueryResult - nullable: true - savedQueryId: - nullable: true - type: string - savedSearchId: - nullable: true - type: string - sort: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Sort' - nullable: true - status: - enum: - - active - - draft - - immutable - nullable: true - type: string - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' - nullable: true - title: - nullable: true - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - Security_Solution_Timeline_API_SerializedFilterQueryResult: + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: >- + If there are saved objects exist for nonexistent trained models, + they are deleted. + type: object + title: Sync API response for deleted saved objects type: object + Machine_learning_APIs_mlSyncResponseSuccess: + description: The success or failure of the synchronization. + type: boolean + Machine_learning_APIs_mlSyncResponseTrainedModels: + description: >- + The sync machine learning saved objects API response contains this + object when there are trained models affected by the synchronization. + There is an object for each relevant trained model, which contains the + synchronization status. properties: - filterQuery: - nullable: true - type: object - properties: - kuery: - nullable: true - type: object - properties: - expression: - nullable: true - type: string - kind: - nullable: true - type: string - serializedQuery: - nullable: true - type: string - Security_Solution_Timeline_API_Sort: - oneOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' - - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' - type: array - Security_Solution_Timeline_API_SortFieldTimeline: - description: The field to sort the timelines by. - enum: - - title - - description - - updated - - created - type: string - Security_Solution_Timeline_API_SortObject: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for trained models + type: object + Saved_objects_400_response: + title: Bad request type: object properties: - columnId: - nullable: true - type: string - columnType: - nullable: true + error: + enum: + - Bad Request type: string - sortDirection: - nullable: true + message: type: string - Security_Solution_Timeline_API_TimelineResponse: - allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' - type: array - noteIds: - items: - type: string - type: array - notes: - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' - type: array - pinnedEventIds: - items: - type: string - type: array - pinnedEventsSaveObject: - items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent - type: array - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version - Security_Solution_Timeline_API_TimelineStatus: - description: >- - The status of the timeline. Valid values are `active`, `draft`, and - `immutable`. - enum: - - active - - draft - - immutable - type: string - Security_Solution_Timeline_API_TimelineType: - description: >- - The type of timeline to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string + statusCode: + enum: + - 400 + type: integer + required: + - error + - message + - statusCode + Saved_objects_attributes: + description: > + The data that you want to create. WARNING: When you create saved + objects, attributes are not validated, which allows you to pass + arbitrary and ill-formed data into the API that can break Kibana. Make + sure any data that you send to the API is properly formed. + type: object + Saved_objects_initial_namespaces: + description: > + Identifiers for the spaces in which this object is created. If this is + provided, the object is created only in the explicitly defined spaces. + If this is not provided, the object is created in the current space + (default behavior). For shareable object types (registered with + `namespaceType: 'multiple'`), this option can be used to specify one or + more spaces, including the "All spaces" identifier ('*'). For isolated + object types (registered with `namespaceType: 'single'` or + `namespaceType: 'multiple-isolated'`), this option can only be used to + specify a single space, and the "All spaces" identifier ('*') is not + allowed. For global object types (`registered with `namespaceType: + agnostic`), this option cannot be used. + type: array + Saved_objects_references: + description: > + Objects with `name`, `id`, and `type` properties that describe the other + saved objects that this object references. Use `name` in attributes to + refer to the other saved object, but never the `id`, which can update + automatically during migrations or import and export. + type: array SLOs_400_response: title: Bad request type: object @@ -29051,30 +11052,6 @@ tags: Manage Kibana saved objects, including dashboards, visualizations, and more. name: saved objects - - description: Manage and interact with Security Assistant resources. - name: Security AI Assistant API - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. - name: Security Solution Detections API - - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Solution Endpoint Management API - - description: '' - name: Security Solution Entity Analytics API - - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. - name: Security Solution Exceptions API - - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - name: Security Solution Lists API - - description: 'Run live queries, manage packs and saved queries.' - name: Security Solution Osquery API - - description: >- - You can create Timelines and Timeline templates via the API, as well as - import new Timelines from an ndjson file. - name: Security Solution Timeline API - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - name: system diff --git a/oas_docs/overlays/kibana.overlays.yaml b/oas_docs/overlays/kibana.overlays.yaml index 22162721c6867c..324e3bdc47c651 100644 --- a/oas_docs/overlays/kibana.overlays.yaml +++ b/oas_docs/overlays/kibana.overlays.yaml @@ -105,10 +105,10 @@ actions: description: Change displayName update: x-displayName: "Saved objects" - # - target: '$.tags[?(@.name=="slo")]' - # description: Change displayName - # update: - # x-displayName: "Service level objectives" + - target: '$.tags[?(@.name=="slo")]' + description: Change displayName + update: + x-displayName: "Service level objectives" - target: '$.tags[?(@.name=="system")]' description: Change displayName update: diff --git a/oas_docs/scripts/merge_ess_oas.js b/oas_docs/scripts/merge_ess_oas.js index a1812670c15f96..f786a1ce11921c 100644 --- a/oas_docs/scripts/merge_ess_oas.js +++ b/oas_docs/scripts/merge_ess_oas.js @@ -24,12 +24,6 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, // Security solution - `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/ess/*.schema.yaml`, ], outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.yaml`, options: { diff --git a/oas_docs/scripts/merge_ess_oas_staging.js b/oas_docs/scripts/merge_ess_oas_staging.js new file mode 100644 index 00000000000000..1b490067e224d9 --- /dev/null +++ b/oas_docs/scripts/merge_ess_oas_staging.js @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +require('../../src/setup_node_env'); +const { merge } = require('@kbn/openapi-bundler'); +const { REPO_ROOT } = require('@kbn/repo-info'); + +(async () => { + await merge({ + sourceGlobs: [ + `${REPO_ROOT}/oas_docs/bundle.json`, + `${REPO_ROOT}/x-pack/plugins/actions/docs/openapi/bundled.yaml`, + `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, + `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis.yaml`, + `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled.yaml`, + + // Observability Solution + `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, + `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, + + // Security solution + `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/ess/*.schema.yaml`, + ], + outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.staging.yaml`, + options: { + prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.yaml`, + }, + }); +})(); diff --git a/oas_docs/scripts/merge_serverless_oas.js b/oas_docs/scripts/merge_serverless_oas.js index e1b9bf3c7ab174..9ca63027d180a5 100644 --- a/oas_docs/scripts/merge_serverless_oas.js +++ b/oas_docs/scripts/merge_serverless_oas.js @@ -24,16 +24,10 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, // Security solution - `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/serverless/*.schema.yaml`, ], outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.serverless.yaml`, options: { - prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.yaml`, + prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.serverless.yaml`, }, }); })(); diff --git a/oas_docs/scripts/merge_serverless_oas_staging.js b/oas_docs/scripts/merge_serverless_oas_staging.js new file mode 100644 index 00000000000000..56a5e58ea4161b --- /dev/null +++ b/oas_docs/scripts/merge_serverless_oas_staging.js @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +require('../../src/setup_node_env'); +const { merge } = require('@kbn/openapi-bundler'); +const { REPO_ROOT } = require('@kbn/repo-info'); + +(async () => { + await merge({ + sourceGlobs: [ + `${REPO_ROOT}/oas_docs/bundle.serverless.json`, + `${REPO_ROOT}/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml`, + `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, + `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml`, + `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled_serverless.yaml`, + + // Observability Solution + `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, + `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, + + // Security solution + `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/serverless/*.schema.yaml`, + ], + outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.serverless.staging.yaml`, + options: { + prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.serverless.yaml`, + }, + }); +})();