diff --git a/oas_docs/makefile b/oas_docs/makefile index f0b2966f17e4d..ae8f7f2e77ce3 100644 --- a/oas_docs/makefile +++ b/oas_docs/makefile @@ -16,12 +16,12 @@ .PHONY: api-docs api-docs: ## Generate kibana.serverless.yaml and kibana.yaml @npx @redocly/cli join "kibana.info.serverless.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml" "../packages/core/saved-objects/docs/openapi/bundled_serverless.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" -o "output/kibana.serverless.yaml" "bundle.serverless.json" --prefix-components-with-info-prop title - @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title + @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title .PHONY: api-docs-stateful api-docs-stateful: ## Generate only kibana.yaml - @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title -# Temporarily omit "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" and "../x-pack/plugins/cases/docs/openapi/bundled.yaml" due to OAS version + @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title +# Temporarily omit "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" due to OAS version # Temporarily omit "../x-pack/plugins/fleet/common/openapi/bundled.yaml" due to internals tag and tag sorting .PHONY: api-docs-serverless diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 27273400eec55..6a9315b3018ba 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -72,6 +72,9 @@ tags: Annotations enable you to easily see how events are impacting the performance of your applications. x-displayName: APM annotations + - name: cases + description: Case APIs enable you to open and track issues. + x-displayName: cases - name: connectors description: Connector APIs enable you to create and manage connectors. x-displayName: connectors @@ -266,210 +269,131 @@ paths: type: string '@timestamp': type: string - /api/actions/connector: + /api/cases: post: - summary: Create a connector with a random ID - operationId: createConnector - description: The connector identifier is randomly generated. + summary: Create a case + operationId: createCaseDefaultSpace + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + creating. tags: - - connectors + - cases parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/Connectors_create_connector_request' + $ref: '#/components/schemas/Cases_create_case_request' examples: - createEmailConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_email_connector_request - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - createWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_request - createXmattersConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_request + createCaseRequest: + $ref: '#/components/examples/Cases_create_case_request' responses: '200': description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' + $ref: '#/components/schemas/Cases_case_response_properties' examples: - createEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_email_connector_response - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - createWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_response - createXmattersConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_response + createCaseResponse: + $ref: '#/components/examples/Cases_create_case_response' '401': - $ref: '#/components/responses/Connectors_401' - /api/actions/connector/{connectorId}: - get: - summary: Get a connector information - operationId: getConnector - tags: - - connectors - parameters: - - $ref: '#/components/parameters/Connectors_connector_id' - responses: - '200': - description: Indicates a successful call. + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - examples: - getConnectorResponse: - $ref: '#/components/examples/Connectors_get_connector_response' - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' + $ref: '#/components/schemas/Cases_4xx_response' delete: - summary: Delete a connector - operationId: deleteConnector + summary: Delete cases + operationId: deleteCaseDefaultSpace + description: > + You must have `read` or `all` privileges and the `delete` sub-feature + privilege for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're deleting. tags: - - connectors + - cases parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_ids' responses: '204': description: Indicates a successful call. '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - post: - summary: Create a connector - operationId: createConnectorId + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + patch: + summary: Update cases + operationId: updateCaseDefaultSpace + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + updating. tags: - - connectors + - cases parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - in: path - name: connectorId - description: > - A UUID v1 or v4 identifier for the connector. If you omit this - parameter, an identifier is randomly generated. - required: true - schema: - type: string - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: - required: true content: application/json: schema: - $ref: '#/components/schemas/Connectors_create_connector_request' + $ref: '#/components/schemas/Cases_update_case_request' examples: - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request + updateCaseRequest: + $ref: '#/components/examples/Cases_update_case_request' responses: '200': description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' + type: array + items: + $ref: '#/components/schemas/Cases_case_response_properties' examples: - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response + updateCaseResponse: + $ref: '#/components/examples/Cases_update_case_response' '401': - $ref: '#/components/responses/Connectors_401' - put: - summary: Update a connector - operationId: updateConnector - tags: - - connectors - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/Connectors_update_connector_request' - examples: - updateIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_update_index_connector_request - responses: - '200': - description: Indicates a successful call. + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - '400': - $ref: '#/components/responses/Connectors_401' - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - /api/actions/connector/{connectorId}/_execute: - post: - summary: Run a connector - operationId: runConnector + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/_find: + get: + summary: Search cases + operationId: findCasesDefaultSpace description: > - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. You must have - `read` privileges for the **Actions and Connectors** feature in the - **Management** section of the Kibana feature privileges. If you use an - index connector, you must also have `all`, `create`, `index`, or `write` - indices privileges. + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. tags: - - connectors + - cases parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/Connectors_run_connector_request' - examples: - runCasesWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_request - runEmailConnectorRequest: - $ref: '#/components/examples/Connectors_run_email_connector_request' - runIndexConnectorRequest: - $ref: '#/components/examples/Connectors_run_index_connector_request' - runJiraConnectorRequest: - $ref: '#/components/examples/Connectors_run_jira_connector_request' - runPagerDutyConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_request - runServerLogConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_request - runServiceNowITOMConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_request - runSlackConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_request - runSwimlaneConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_request + - $ref: '#/components/parameters/Cases_assignees' + - $ref: '#/components/parameters/Cases_category' + - $ref: '#/components/parameters/Cases_defaultSearchOperator' + - $ref: '#/components/parameters/Cases_from' + - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_reporters' + - $ref: '#/components/parameters/Cases_search' + - $ref: '#/components/parameters/Cases_searchFields' + - $ref: '#/components/parameters/Cases_severity' + - $ref: '#/components/parameters/Cases_sortField' + - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Cases_status' + - $ref: '#/components/parameters/Cases_tags' + - $ref: '#/components/parameters/Cases_to' responses: '200': description: Indicates a successful call. @@ -477,63 +401,47 @@ paths: application/json: schema: type: object - required: - - connector_id - - status properties: - connector_id: - type: string - description: The identifier for the connector. - data: - oneOf: - - type: object - description: Information returned from the action. - additionalProperties: true - - type: array - description: An array of information returned from the action. - items: - type: object - status: - type: string - description: The status of the action. - enum: - - error - - ok + cases: + type: array + maxItems: 10000 + items: + $ref: '#/components/schemas/Cases_case_response_properties' + count_closed_cases: + type: integer + count_in_progress_cases: + type: integer + count_open_cases: + type: integer + page: + type: integer + per_page: + type: integer + total: + type: integer examples: - runCasesWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_response - runEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_email_connector_response - runIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_index_connector_response - runJiraConnectorResponse: - $ref: '#/components/examples/Connectors_run_jira_connector_response' - runPagerDutyConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_response - runServerLogConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_response - runServiceNowITOMConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_response - runSlackConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_response - runSwimlaneConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_response + findCaseResponse: + $ref: '#/components/examples/Cases_find_case_response' '401': - $ref: '#/components/responses/Connectors_401' - /api/actions/connectors: + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/alerts/{alertId}: get: - summary: Get all connectors - operationId: getConnectors + summary: Get cases for an alert + operationId: getCasesByAlertDefaultSpace + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true tags: - - connectors + - cases + parameters: + - $ref: '#/components/parameters/Cases_alert_id' + - $ref: '#/components/parameters/Cases_owner' responses: '200': description: Indicates a successful call. @@ -541,288 +449,674 @@ paths: application/json: schema: type: array + maxItems: 10000 items: - $ref: >- - #/components/schemas/Connectors_connector_response_properties - examples: - getConnectorsResponse: - $ref: '#/components/examples/Connectors_get_connectors_response' + type: object + properties: + id: + type: string + description: The case identifier. + title: + type: string + description: The case title. + example: + - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 + title: security_case '401': - $ref: '#/components/responses/Connectors_401' - /api/actions/connector_types: - get: - summary: Get all connector types - operationId: getConnectorTypes + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/configure: + get: + summary: Get case settings + operationId: getCaseConfigurationDefaultSpace + description: > + Get setting details such as the closure type, custom fields, templatse, + and the default connector for cases. You must have `read` privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where the cases were created. tags: - - connectors + - cases parameters: - - in: query - name: feature_id - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - schema: - $ref: '#/components/schemas/Connectors_features' + - $ref: '#/components/parameters/Cases_owner' responses: '200': description: Indicates a successful call. content: application/json: schema: - title: Get connector types response body properties - description: The properties vary for each connector type. type: array items: type: object properties: - enabled: - type: boolean - description: >- - Indicates whether the connector type is enabled in - Kibana. - example: true - enabled_in_config: - type: boolean - description: >- - Indicates whether the connector type is enabled in the - Kibana configuration file. - example: true - enabled_in_license: - type: boolean - description: >- - Indicates whether the connector is enabled in the - license. - example: true - id: - $ref: '#/components/schemas/Connectors_connector_types' - is_system_action_type: - type: boolean - example: false - minimum_license_required: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are + not used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want + a default connector, use `none`. To retrieve + connector IDs, use the find connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: type: string - description: The license that is required to use the connector type. - example: basic - name: + format: date-time + example: '2022-06-01T17:07:17.767Z' + created_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + customFields: + type: array + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + oneOf: + - type: string + - type: boolean + description: > + A default value for the custom field. If the + `type` is `text`, the default value must be a + string. If the `type` is `toggle`, the default + value must be boolean. + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + type: string + minLength: 1 + maxLength: 36 + label: + description: >- + The custom field label that is displayed in the + case. + type: string + minLength: 1 + maxLength: 50 + required: + description: > + Indicates whether the field is required. If + `false`, the custom field can be set to null or + omitted when a case is created or updated. + type: boolean + type: + description: The type of the custom field. + type: string + enum: + - text + - toggle + error: type: string - description: The name of the connector type. - example: Index - supported_feature_ids: + nullable: true + example: null + id: + type: string + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + mappings: type: array - description: The features that are supported by the connector type. items: - $ref: '#/components/schemas/Connectors_features' - example: - - alerting - - cases - - siem + type: object + properties: + action_type: + type: string + example: overwrite + source: + type: string + example: title + target: + type: string + example: summary + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + type: string + format: date-time + nullable: true + example: '2022-06-01T19:58:48.169Z' + updated_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + version: + type: string + example: WzIwNzMsMV0= examples: - getConnectorTypesServerlessResponse: - $ref: >- - #/components/examples/Connectors_get_connector_types_generativeai_response + getConfigurationResponse: + $ref: '#/components/examples/Cases_get_case_configuration_response' '401': - $ref: '#/components/responses/Connectors_401' - /api/actions/action/{actionId}: - delete: - summary: Delete a connector - operationId: legacyDeleteConnector - deprecated: true + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + post: + summary: Add case settings + operationId: setCaseConfigurationDefaultSpace description: > - Deprecated in 7.13.0. Use the delete connector API instead. WARNING: - When you delete a connector, it cannot be recovered. - tags: - - connectors - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' - responses: - '204': - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - get: - summary: Get connector information - operationId: legacyGetConnector - description: Deprecated in 7.13.0. Use the get connector API instead. - deprecated: true - tags: - - connectors - parameters: - - $ref: '#/components/parameters/Connectors_action_id' - responses: - '200': - $ref: '#/components/responses/Connectors_200_actions' - '401': - $ref: '#/components/responses/Connectors_401' - put: - summary: Update a connector - operationId: legacyUpdateConnector - deprecated: true - description: Deprecated in 7.13.0. Use the update connector API instead. + Case settings include external connection details, custom fields, and + templates. Connectors are used to interface with external systems. You + must create a connector before you can use it in your cases. If you set + a default connector, it is automatically selected when you create cases + in Kibana. If you use the create case API, however, you must still + specify all of the connector details. You must have `all` privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where you are creating cases. tags: - - connectors + - cases parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: - required: true content: application/json: schema: - title: Legacy update connector request body properties - description: The properties vary depending on the connector type. - type: object - properties: - config: - type: object - description: >- - The new connector configuration. Configuration properties - vary depending on the connector type. - name: - type: string - description: The new name for the connector. - secrets: - type: object - description: >- - The updated secrets configuration for the connector. Secrets - properties vary depending on the connector type. - responses: - '200': - $ref: '#/components/responses/Connectors_200_actions' - '404': - $ref: '#/components/responses/Connectors_404' - /api/actions: - get: - summary: Get all connectors - operationId: legacyGetConnectors - deprecated: true - description: Deprecated in 7.13.0. Use the get all connectors API instead. - tags: - - connectors + $ref: '#/components/schemas/Cases_set_case_configuration_request' + examples: + setCaseConfigRequest: + $ref: '#/components/examples/Cases_set_case_configuration_request' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: array - items: - $ref: '#/components/schemas/Connectors_action_response_properties' + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: + type: string + format: date-time + example: '2022-06-01T17:07:17.767Z' + created_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + customFields: + type: array + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + oneOf: + - type: string + - type: boolean + description: > + A default value for the custom field. If the `type` + is `text`, the default value must be a string. If + the `type` is `toggle`, the default value must be + boolean. + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + type: string + minLength: 1 + maxLength: 36 + label: + description: >- + The custom field label that is displayed in the + case. + type: string + minLength: 1 + maxLength: 50 + required: + description: > + Indicates whether the field is required. If `false`, + the custom field can be set to null or omitted when + a case is created or updated. + type: boolean + type: + description: The type of the custom field. + type: string + enum: + - text + - toggle + error: + type: string + nullable: true + example: null + id: + type: string + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + mappings: + type: array + items: + type: object + properties: + action_type: + type: string + example: overwrite + source: + type: string + example: title + target: + type: string + example: summary + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + type: string + format: date-time + nullable: true + example: '2022-06-01T19:58:48.169Z' + updated_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + version: + type: string + example: WzIwNzMsMV0= + examples: + setCaseConfigResponse: + $ref: '#/components/examples/Cases_set_case_configuration_response' '401': - $ref: '#/components/responses/Connectors_401' - post: - summary: Create a connector - operationId: legacyCreateConnector - deprecated: true - description: Deprecated in 7.13.0. Use the create connector API instead. + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/configure/{configurationId}: + patch: + summary: Update case settings + operationId: updateCaseConfigurationDefaultSpace + description: > + Updates setting details such as the closure type, custom fields, + templates, and the default connector for cases. Connectors are used to + interface with external systems. You must create a connector before you + can use it in your cases. You must have `all` privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where the case was created. tags: - - connectors + - cases parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_configuration_id' requestBody: - required: true content: application/json: schema: - title: Legacy create connector request properties - type: object - properties: - actionTypeId: - type: string - description: The connector type identifier. - config: - type: object - description: >- - The configuration for the connector. Configuration - properties vary depending on the connector type. - name: - type: string - description: The display name for the connector. - secrets: - type: object - description: > - The secrets configuration for the connector. Secrets - configuration properties vary depending on the connector - type. NOTE: Remember these values. You must provide them - each time you update the connector. + $ref: '#/components/schemas/Cases_update_case_configuration_request' + examples: + updateCaseConfigurationRequest: + $ref: '#/components/examples/Cases_update_case_configuration_request' responses: '200': - $ref: '#/components/responses/Connectors_200_actions' + description: Indicates a successful call. + content: + application/json: + schema: + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: + type: string + format: date-time + example: '2022-06-01T17:07:17.767Z' + created_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + customFields: + type: array + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + oneOf: + - type: string + - type: boolean + description: > + A default value for the custom field. If the `type` + is `text`, the default value must be a string. If + the `type` is `toggle`, the default value must be + boolean. + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + type: string + minLength: 1 + maxLength: 36 + label: + description: >- + The custom field label that is displayed in the + case. + type: string + minLength: 1 + maxLength: 50 + required: + description: > + Indicates whether the field is required. If `false`, + the custom field can be set to null or omitted when + a case is created or updated. + type: boolean + type: + description: The type of the custom field. + type: string + enum: + - text + - toggle + error: + type: string + nullable: true + example: null + id: + type: string + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + mappings: + type: array + items: + type: object + properties: + action_type: + type: string + example: overwrite + source: + type: string + example: title + target: + type: string + example: summary + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + type: string + format: date-time + nullable: true + example: '2022-06-01T19:58:48.169Z' + updated_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + version: + type: string + example: WzIwNzMsMV0= + examples: + updateCaseConfigurationResponse: + $ref: >- + #/components/examples/Cases_update_case_configuration_response '401': - $ref: '#/components/responses/Connectors_401' - /api/actions/list_action_types: + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/reporters: get: - summary: Get connector types - operationId: legacyGetConnectorTypes - deprecated: true - description: Deprecated in 7.13.0. Use the get all connector types API instead. + summary: Get case creators + operationId: getCaseReportersDefaultSpace + description: > + Returns information about the users who opened cases. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases. The API returns + information about the users as they existed at the time of the case + creation, including their name, full name, and email address. If any of + those details change thereafter or if a user is deleted, the information + returned by this API is unchanged. tags: - - connectors + - cases + parameters: + - $ref: '#/components/parameters/Cases_owner' responses: '200': description: Indicates a successful call. content: application/json: schema: - title: Legacy get connector types response body properties - description: The properties vary for each connector type. type: array + maxItems: 10000 items: type: object + required: + - email + - full_name + - username properties: - enabled: - type: boolean - description: >- - Indicates whether the connector type is enabled in - Kibana. - enabledInConfig: - type: boolean - description: >- - Indicates whether the connector type is enabled in the - Kibana `.yml` file. - enabledInLicense: - type: boolean - description: >- - Indicates whether the connector is enabled in the - license. - example: true - id: + email: type: string - description: The unique identifier for the connector type. - minimumLicenseRequired: + example: null + nullable: true + full_name: type: string - description: The license that is required to use the connector type. - name: + example: null + nullable: true + username: type: string - description: The name of the connector type. + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + examples: + getReportersResponse: + $ref: '#/components/examples/Cases_get_reporters_response' '401': - $ref: '#/components/responses/Connectors_401' - /api/actions/action/{actionId}/_execute: - post: - summary: Run a connector - operationId: legacyRunConnector + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/status: + get: + summary: Get case status summary + operationId: getCaseStatusDefaultSpace + description: > + Returns the number of cases that are open, closed, and in progress. + Deprecated in 8.1.0. This API is deprecated and will be removed in a + future release; use the find cases API instead. You must have `read` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. deprecated: true - description: Deprecated in 7.13.0. Use the run connector API instead. tags: - - connectors + - cases parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' - requestBody: - required: true - content: - application/json: - schema: - title: Legacy run connector request body properties - description: The properties vary depending on the connector type. - type: object - required: - - params - properties: - params: - type: object - description: >- - The parameters of the connector. Parameter properties vary - depending on the connector type. + - $ref: '#/components/parameters/Cases_owner' responses: '200': description: Indicates a successful call. @@ -831,443 +1125,411 @@ paths: schema: type: object properties: - actionId: - type: string - data: - oneOf: - - type: object - description: Information returned from the action. - additionalProperties: true - - type: array - description: An array of information returned from the action. - items: - type: object - status: - type: string - description: The status of the action. + count_closed_cases: + type: integer + count_in_progress_cases: + type: integer + count_open_cases: + type: integer '401': - $ref: '#/components/responses/Connectors_401' - /api/data_views: + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/tags: get: - summary: Get all data views - operationId: getAllDataViewsDefault + summary: Get case tags + operationId: getCaseTagsDefaultSpace + description: > + Aggregates and returns a list of case tags. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. tags: - - data views + - cases + parameters: + - $ref: '#/components/parameters/Cases_owner' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - data_view: - type: array - items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - type: array - items: - type: string - title: - type: string - typeMeta: - type: object + type: array + maxItems: 10000 + items: + type: string examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' - '400': - description: Bad request + getTagsResponse: + $ref: '#/components/examples/Cases_get_tags_response' + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Data_views_400_response' - /api/data_views/data_view: - post: - summary: Create a data view - operationId: createDataViewDefaultw + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}: + get: + summary: Get case information + operationId: getCaseDefaultSpace + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're seeking. tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_includeComments' responses: '200': description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - '400': - description: Bad request + $ref: '#/components/schemas/Cases_case_response_properties' + examples: + getDefaultCaseResponse: + $ref: '#/components/examples/Cases_get_case_response' + getDefaultObservabilityCaseReponse: + $ref: '#/components/examples/Cases_get_case_observability_response' + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Data_views_400_response' - /api/data_views/data_view/{viewId}: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}/alerts: get: - summary: Get a data view - operationId: getDataViewDefault + summary: Get all alerts for a case + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + x-technical-preview: true + operationId: getCaseAlertsDefaultSpace tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_case_id' responses: '200': description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' + type: array + items: + $ref: '#/components/schemas/Cases_alert_response_properties' examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - '404': - description: Object is not found. + getCaseAlertsResponse: + $ref: '#/components/examples/Cases_get_case_alerts_response' + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Data_views_404_response' - delete: - summary: Delete a data view - operationId: deleteDataViewDefault - description: | - WARNING: When you delete a data view, it cannot be recovered. + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}/comments: + post: + summary: Add a case comment or alert + operationId: addCaseCommentDefaultSpace + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're creating. + NOTE: Each case can have a maximum of 1,000 alerts. tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_add_case_comment_request' + examples: + createCaseCommentRequest: + $ref: '#/components/examples/Cases_add_comment_request' responses: - '204': + '200': description: Indicates a successful call. - '404': - description: Object is not found. content: application/json: schema: - $ref: '#/components/schemas/Data_views_404_response' - post: - summary: Update a data view - operationId: updateDataViewDefault + $ref: '#/components/schemas/Cases_case_response_properties' + examples: + createCaseCommentResponse: + $ref: '#/components/examples/Cases_add_comment_response' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + delete: + summary: Delete all case comments and alerts + operationId: deleteCaseCommentsDefaultSpace + description: > + Deletes all comments and alerts from a case. You must have `all` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're deleting. tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' responses: - '200': + '204': description: Indicates a successful call. + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Data_views_400_response' - /api/data_views/data_view/{viewId}/fields: - post: - summary: Update data view fields metadata - operationId: updateFieldsMetadataDefault + $ref: '#/components/schemas/Cases_4xx_response' + patch: + summary: Update a case comment or alert + operationId: updateCaseCommentDefaultSpace description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're updating. + NOTE: You cannot change the comment type or the owner of a comment. tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' requestBody: required: true content: application/json: schema: - type: object - required: - - fields - properties: - fields: - description: The field object. - type: object + $ref: '#/components/schemas/Cases_update_case_comment_request' examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' + updateCaseCommentRequest: + $ref: '#/components/examples/Cases_update_comment_request' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean - '400': - description: Bad request + $ref: '#/components/schemas/Cases_case_response_properties' + examples: + updateCaseCommentResponse: + $ref: '#/components/examples/Cases_update_comment_response' + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Data_views_400_response' - /api/data_views/data_view/{viewId}/runtime_field: - post: - summary: Create a runtime field - operationId: createRuntimeFieldDefault + $ref: '#/components/schemas/Cases_4xx_response' + get: + summary: Get all case comments + operationId: getAllCaseCommentsDefaultSpace + description: > + Deprecated in 8.1.0. This API is deprecated and will be removed in a + future release; instead, use the get case comment API, which requires a + comment identifier in the path. You must have `read` privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases with the comments you're seeking. + deprecated: true tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - name - - runtimeField - properties: - name: - type: string - description: | - The name for a runtime field. - runtimeField: - type: object - description: | - The runtime field definition object. - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' + - $ref: '#/components/parameters/Cases_case_id' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - put: - summary: Create or update a runtime field - operationId: createUpdateRuntimeFieldDefault + $ref: '#/components/schemas/Cases_case_response_properties' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}/comments/_find: + get: + summary: Find case comments and alerts + operationId: findCaseCommentsDefaultSpace + description: > + Retrieves a paginated list of comments for a case. You must have `read` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases with the comments you're + seeking. tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - name: viewId - in: path - description: | - The ID of the data view fields you want to update. - required: true - schema: - type: string - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - name - - runtimeField - properties: - name: - type: string - description: | - The name for a runtime field. - runtimeField: - type: object - description: | - The runtime field definition object. - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_sort_order' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - data_view: - type: object - fields: - type: array - items: - type: object - '400': - description: Bad request + $ref: '#/components/schemas/Cases_case_response_properties' + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Data_views_400_response' - /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: - get: - summary: Get a runtime field - operationId: getRuntimeFieldDefault + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}/comments/{commentId}: + delete: + summary: Delete a case comment or alert + operationId: deleteCaseCommentDefaultSpace + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're deleting. tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_comment_id' responses: - '200': + '204': description: Indicates a successful call. + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - type: object - properties: - data_view: - type: object - fields: - type: array - items: - type: object - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' - '404': - description: Object is not found. - content: - application/json: - schema: - $ref: '#/components/schemas/Data_views_404_response' - delete: - summary: Delete a runtime field from a data view - operationId: deleteRuntimeFieldDefault + $ref: '#/components/schemas/Cases_4xx_response' + get: + summary: Get a case comment or alert + operationId: getCaseCommentDefaultSpace + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases with the + comments you're seeking. tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_comment_id' responses: '200': description: Indicates a successful call. - '404': - description: Object is not found. content: application/json: schema: - $ref: '#/components/schemas/Data_views_404_response' + oneOf: + - $ref: >- + #/components/schemas/Cases_alert_comment_response_properties + - $ref: >- + #/components/schemas/Cases_user_comment_response_properties + examples: + getCaseCommentResponse: + $ref: '#/components/examples/Cases_get_comment_response' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}/connector/{connectorId}/_push: post: - summary: Update a runtime field - operationId: updateRuntimeFieldDefault + summary: Push a case to an external service + description: > + You must have `all` privileges for the **Actions and Connectors** + feature in the **Management** section of the Kibana feature privileges. + You must also have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're pushing. + operationId: pushCaseDefaultSpace tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_connector_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: - required: true content: application/json: schema: type: object - required: - - runtimeField - properties: - runtimeField: - type: object - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' + nullable: true responses: '200': description: Indicates a successful call. - '400': - description: Bad request content: application/json: schema: - $ref: '#/components/schemas/Data_views_400_response' - /api/data_views/default: + $ref: '#/components/schemas/Cases_case_response_properties' + examples: + pushCaseResponse: + $ref: '#/components/examples/Cases_push_case_response' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}/user_actions: get: - summary: Get the default data view - operationId: getDefaultDataViewDefault + summary: Get case activity + description: > + Returns all user activity for a case. Deprecated in 8.1.0. This API is + deprecated and will be removed in a future release; use the find user + actions API instead. You must have `read` privileges for the **Cases** + feature in the **Management**, **Observability**, or **Security** + section of the Kibana feature privileges, depending on the owner of the + case you're seeking. + deprecated: true + operationId: getCaseActivityDefaultSpace tags: - - data views + - cases + parameters: + - $ref: '#/components/parameters/Cases_case_id' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - data_view_id: - type: string - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Data_views_400_response' - post: - summary: Set the default data view - operationId: setDefaultDatailViewDefault + type: array + items: + $ref: '#/components/schemas/Cases_user_actions_response_properties' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/{caseId}/user_actions/_find: + get: + summary: Find case activity + description: > + Retrives a paginated list of user activity for a case. You must have + `read` privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the case you're seeking. + operationId: findCaseActivityDefaultSpace tags: - - data views + - cases parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - data_view_id - properties: - data_view_id: - type: string - nullable: true - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - force: - type: boolean - description: Update an existing default data view identifier. - default: false - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Cases_user_action_types' responses: '200': description: Indicates a successful call. @@ -1276,878 +1538,666 @@ paths: schema: type: object properties: - acknowledged: - type: boolean - '400': - description: Bad request + page: + type: integer + perPage: + type: integer + total: + type: integer + userActions: + type: array + maxItems: 10000 + items: + $ref: >- + #/components/schemas/Cases_user_actions_find_response_properties + examples: + findCaseActivityResponse: + $ref: '#/components/examples/Cases_find_case_activity_response' + '401': + description: Authorization information is missing or invalid. content: application/json: schema: - $ref: '#/components/schemas/Data_views_400_response' - /api/data_views/swap_references: - post: - summary: Swap saved object references - operationId: swapDataViewsDefault + $ref: '#/components/schemas/Cases_4xx_response' + /api/cases/configure/connectors/_find: + get: + summary: Get case connectors + operationId: findCaseConnectorsDefaultSpace description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. + Get information about connectors that are supported for use in cases. + You must have `read` privileges for the **Actions and Connectors** + feature in the **Management** section of the Kibana feature privileges. tags: - - data views - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' + - cases responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - type: array - items: + type: array + items: + type: object + properties: + actionTypeId: + $ref: '#/components/schemas/Cases_connector_types' + config: type: object properties: - id: + apiUrl: type: string - description: A saved object identifier. - type: + projectKey: type: string - description: The saved object type. - /api/data_views/swap_references/_preview: + additionalProperties: true + id: + type: string + isDeprecated: + type: boolean + isMissingSecrets: + type: boolean + isPreconfigured: + type: boolean + name: + type: string + referencedByCount: + type: integer + maxItems: 1000 + examples: + findConnectorResponse: + $ref: '#/components/examples/Cases_find_connector_response' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + /api/actions/connector: post: - summary: Preview a saved object reference swap - operationId: previewSwapDataViewsDefault - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. + summary: Create a connector with a random ID + operationId: createConnector + description: The connector identifier is randomly generated. tags: - - data views + - connectors parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + $ref: '#/components/schemas/Connectors_create_connector_request' examples: - previewSwapDataViewRequest: + createEmailConnectorRequest: $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request + #/components/examples/Connectors_create_email_connector_request + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request + createWebhookConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_request + createXmattersConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_request responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - result: - type: array - items: - type: object - properties: - id: - type: string - description: A saved object identifier. - type: - type: string - description: The saved object type. - /api/ml/saved_objects/sync: + $ref: '#/components/schemas/Connectors_connector_response_properties' + examples: + createEmailConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_email_connector_response + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response + createWebhookConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_response + createXmattersConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_response + '401': + $ref: '#/components/responses/Connectors_401' + /api/actions/connector/{connectorId}: get: - summary: Sync saved objects in the default space - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync + summary: Get a connector information + operationId: getConnector tags: - - ml + - connectors parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + - $ref: '#/components/parameters/Connectors_connector_id' responses: '200': - description: Indicates a successful call + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + $ref: '#/components/schemas/Connectors_connector_response_properties' examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + getConnectorResponse: + $ref: '#/components/examples/Connectors_get_connector_response' '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - /api/encrypted_saved_objects/_rotate_key: + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + delete: + summary: Delete a connector + operationId: deleteConnector + tags: + - connectors + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' + responses: + '204': + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' post: - summary: Rotate a key for encrypted saved objects - operationId: rotateEncryptionKey - description: > - Superuser role required. - - - If a saved object cannot be decrypted using the primary encryption key, - then Kibana will attempt to decrypt it using the specified - decryption-only keys. In most of the cases this overhead is negligible, - but if you're dealing with a large number of saved objects and - experiencing performance issues, you may want to rotate the encryption - key. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + summary: Create a connector + operationId: createConnectorId tags: - - saved objects + - connectors parameters: - - in: query - name: batch_size - schema: - type: number - default: 10000 - required: false + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - in: path + name: connectorId description: > - Specifies a maximum number of saved objects that Kibana can process - in a single batch. Bulk key rotation is an iterative process since - Kibana may not be able to fetch and process all required saved - objects in one go and splits processing into consequent batches. By - default, the batch size is 10000, which is also a maximum allowed - value. - - in: query - name: type + A UUID v1 or v4 identifier for the connector. If you omit this + parameter, an identifier is randomly generated. + required: true schema: type: string - required: false - description: > - Limits encryption key rotation only to the saved objects with the - specified type. By default, Kibana tries to rotate the encryption - key for all saved object types that may contain encrypted - attributes. - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - total: - type: number - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - successful: - type: number - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - - - NOTE: In most cases, `total` will be greater than - `successful` even if `failed` is zero. The reason is that - Kibana may not need or may not be able to rotate - encryption keys for all encrypted saved objects. - failed: - type: number - description: > - Indicates the number of the saved objects that were still - encrypted with one of the old encryption keys that Kibana - failed to re-encrypt with the primary key. - examples: - rotateEncryptionKeyResponse: - $ref: '#/components/examples/Saved_objects_key_rotation_response' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - '429': - description: Already in progress. - content: - application/json: - schema: - type: object - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_bulk_create: - post: - summary: Create saved objects - operationId: bulkCreateSavedObjects - deprecated: true - tags: - - saved objects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - in: query - name: overwrite - description: When true, overwrites the document with the same identifier. - schema: - type: boolean + example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 requestBody: required: true content: application/json: schema: - type: array - items: - type: object + $ref: '#/components/schemas/Connectors_create_connector_request' + examples: + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_bulk_delete: - post: - summary: Delete saved objects - operationId: bulkDeleteSavedObjects - description: | - WARNING: When you delete a saved object, it cannot be recovered. - deprecated: true - tags: - - saved objects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - in: query - name: force - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. - schema: - type: boolean - requestBody: - required: true - content: - application/json: - schema: - type: array - items: - type: object - responses: - '200': - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - content: - application/json: - schema: - type: object - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_bulk_get: - post: - summary: Get saved objects - operationId: bulkGetSavedObjects - deprecated: true + $ref: '#/components/schemas/Connectors_connector_response_properties' + examples: + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response + '401': + $ref: '#/components/responses/Connectors_401' + put: + summary: Update a connector + operationId: updateConnector tags: - - saved objects + - connectors parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' requestBody: required: true content: application/json: schema: - type: array - items: - type: object + $ref: '#/components/schemas/Connectors_update_connector_request' + examples: + updateIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_update_index_connector_request responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object + $ref: '#/components/schemas/Connectors_connector_response_properties' '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_bulk_resolve: + $ref: '#/components/responses/Connectors_401' + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + /api/actions/connector/{connectorId}/_execute: post: - summary: Resolve saved objects - operationId: bulkResolveSavedObjects - deprecated: true + summary: Run a connector + operationId: runConnector description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. + You can use this API to test an action that involves interaction with + Kibana services or integrations with third-party systems. You must have + `read` privileges for the **Actions and Connectors** feature in the + **Management** section of the Kibana feature privileges. If you use an + index connector, you must also have `all`, `create`, `index`, or `write` + indices privileges. tags: - - saved objects + - connectors parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' requestBody: required: true content: application/json: schema: - type: array - items: - type: object + $ref: '#/components/schemas/Connectors_run_connector_request' + examples: + runCasesWebhookConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_cases_webhook_connector_request + runEmailConnectorRequest: + $ref: '#/components/examples/Connectors_run_email_connector_request' + runIndexConnectorRequest: + $ref: '#/components/examples/Connectors_run_index_connector_request' + runJiraConnectorRequest: + $ref: '#/components/examples/Connectors_run_jira_connector_request' + runPagerDutyConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_pagerduty_connector_request + runServerLogConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_server_log_connector_request + runServiceNowITOMConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_servicenow_itom_connector_request + runSlackConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_slack_api_connector_request + runSwimlaneConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_swimlane_connector_request responses: '200': - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + description: Indicates a successful call. content: application/json: schema: type: object - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_bulk_update: - post: - summary: Update saved objects - operationId: bulkUpdateSavedObjects - description: Update the attributes for multiple Kibana saved objects. - deprecated: true + required: + - connector_id + - status + properties: + connector_id: + type: string + description: The identifier for the connector. + data: + oneOf: + - type: object + description: Information returned from the action. + additionalProperties: true + - type: array + description: An array of information returned from the action. + items: + type: object + status: + type: string + description: The status of the action. + enum: + - error + - ok + examples: + runCasesWebhookConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_cases_webhook_connector_response + runEmailConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_email_connector_response + runIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_index_connector_response + runJiraConnectorResponse: + $ref: '#/components/examples/Connectors_run_jira_connector_response' + runPagerDutyConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_pagerduty_connector_response + runServerLogConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_server_log_connector_response + runServiceNowITOMConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_servicenow_itom_connector_response + runSlackConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_slack_api_connector_response + runSwimlaneConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_swimlane_connector_response + '401': + $ref: '#/components/responses/Connectors_401' + /api/actions/connectors: + get: + summary: Get all connectors + operationId: getConnectors tags: - - saved objects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - required: true - content: - application/json: - schema: - type: array - items: - type: object + - connectors responses: '200': - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + description: Indicates a successful call. content: application/json: schema: - type: object - '400': - description: Bad request + type: array + items: + $ref: >- + #/components/schemas/Connectors_connector_response_properties + examples: + getConnectorsResponse: + $ref: '#/components/examples/Connectors_get_connectors_response' + '401': + $ref: '#/components/responses/Connectors_401' + /api/actions/connector_types: + get: + summary: Get all connector types + operationId: getConnectorTypes + tags: + - connectors + parameters: + - in: query + name: feature_id + description: >- + A filter to limit the retrieved connector types to those that + support a specific feature (such as alerting or cases). + schema: + $ref: '#/components/schemas/Connectors_features' + responses: + '200': + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_export: - post: - summary: Export saved objects in the default space - operationId: exportSavedObjectsDefault + title: Get connector types response body properties + description: The properties vary for each connector type. + type: array + items: + type: object + properties: + enabled: + type: boolean + description: >- + Indicates whether the connector type is enabled in + Kibana. + example: true + enabled_in_config: + type: boolean + description: >- + Indicates whether the connector type is enabled in the + Kibana configuration file. + example: true + enabled_in_license: + type: boolean + description: >- + Indicates whether the connector is enabled in the + license. + example: true + id: + $ref: '#/components/schemas/Connectors_connector_types' + is_system_action_type: + type: boolean + example: false + minimum_license_required: + type: string + description: The license that is required to use the connector type. + example: basic + name: + type: string + description: The name of the connector type. + example: Index + supported_feature_ids: + type: array + description: The features that are supported by the connector type. + items: + $ref: '#/components/schemas/Connectors_features' + example: + - alerting + - cases + - siem + examples: + getConnectorTypesServerlessResponse: + $ref: >- + #/components/examples/Connectors_get_connector_types_generativeai_response + '401': + $ref: '#/components/responses/Connectors_401' + /api/actions/action/{actionId}: + delete: + summary: Delete a connector + operationId: legacyDeleteConnector + deprecated: true description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + Deprecated in 7.13.0. Use the delete connector API instead. WARNING: + When you delete a connector, it cannot be recovered. tags: - - saved objects + - connectors parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' + responses: + '204': + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + get: + summary: Get connector information + operationId: legacyGetConnector + description: Deprecated in 7.13.0. Use the get connector API instead. + deprecated: true + tags: + - connectors + parameters: + - $ref: '#/components/parameters/Connectors_action_id' + responses: + '200': + $ref: '#/components/responses/Connectors_200_actions' + '401': + $ref: '#/components/responses/Connectors_401' + put: + summary: Update a connector + operationId: legacyUpdateConnector + deprecated: true + description: Deprecated in 7.13.0. Use the update connector API instead. + tags: + - connectors + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' requestBody: required: true content: application/json: schema: + title: Legacy update connector request body properties + description: The properties vary depending on the connector type. type: object properties: - excludeExportDetails: - description: Do not add export details entry at the end of the stream. - type: boolean - default: false - includeReferencesDeep: + config: + type: object description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - type: array - items: - type: object - type: + The new connector configuration. Configuration properties + vary depending on the connector type. + name: + type: string + description: The new name for the connector. + secrets: + type: object description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - type: array - items: - type: string - examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' + The updated secrets configuration for the connector. Secrets + properties vary depending on the connector type. responses: '200': - description: Indicates a successful call. - content: - application/x-ndjson: - schema: - type: object - additionalProperties: true - examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' - '400': - description: Bad request. - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_find: + $ref: '#/components/responses/Connectors_200_actions' + '404': + $ref: '#/components/responses/Connectors_404' + /api/actions: get: - summary: Search for saved objects - operationId: findSavedObjects - description: Retrieve a paginated set of Kibana saved objects. + summary: Get all connectors + operationId: legacyGetConnectors deprecated: true + description: Deprecated in 7.13.0. Use the get all connectors API instead. tags: - - saved objects - parameters: - - in: query - name: aggs - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - schema: - type: string - - in: query - name: default_search_operator - description: The default operator to use for the `simple_query_string`. - schema: - type: string - - in: query - name: fields - description: The fields to return in the attributes key of the response. - schema: - oneOf: - - type: string - - type: array - - in: query - name: filter - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. - schema: - type: string - - in: query - name: has_no_reference - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - schema: - type: object - - in: query - name: has_no_reference_operator - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - schema: - type: string - - in: query - name: has_reference - description: >- - Filters to objects that have a relationship with the type and ID - combination. - schema: - type: object - - in: query - name: has_reference_operator - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - schema: - type: string - - in: query - name: page - description: The page of objects to return. - schema: - type: integer - - in: query - name: per_page - description: The number of objects to return per page. - schema: - type: integer - - in: query - name: search - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - schema: - type: string - - in: query - name: search_fields - description: >- - The fields to perform the `simple_query_string` parsed query - against. - schema: - oneOf: - - type: string - - type: array - - in: query - name: sort_field - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. - schema: - type: string - - in: query - name: type - description: The saved object types to include. - required: true - schema: - oneOf: - - type: string - - type: array + - connectors responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_import: + type: array + items: + $ref: '#/components/schemas/Connectors_action_response_properties' + '401': + $ref: '#/components/responses/Connectors_401' post: - summary: Import saved objects in the default space - operationId: importSavedObjectsDefault - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + summary: Create a connector + operationId: legacyCreateConnector + deprecated: true + description: Deprecated in 7.13.0. Use the create connector API instead. tags: - - saved objects + - connectors parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - in: query - name: createNewCopies - schema: - type: boolean - required: false - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - - in: query - name: overwrite - schema: - type: boolean - required: false - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - - in: query - name: compatibilityMode - schema: - type: boolean - required: false - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. + - $ref: '#/components/parameters/Connectors_kbn_xsrf' requestBody: required: true content: - multipart/form-data: + application/json: schema: + title: Legacy create connector request properties type: object properties: - file: + actionTypeId: + type: string + description: The connector type identifier. + config: + type: object + description: >- + The configuration for the connector. Configuration + properties vary depending on the connector type. + name: + type: string + description: The display name for the connector. + secrets: + type: object description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' + The secrets configuration for the connector. Secrets + configuration properties vary depending on the connector + type. NOTE: Remember these values. You must provide them + each time you update the connector. + responses: + '200': + $ref: '#/components/responses/Connectors_200_actions' + '401': + $ref: '#/components/responses/Connectors_401' + /api/actions/list_action_types: + get: + summary: Get connector types + operationId: legacyGetConnectorTypes + deprecated: true + description: Deprecated in 7.13.0. Use the get all connector types API instead. + tags: + - connectors responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - success: - type: boolean - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - successCount: - type: integer - description: Indicates the number of successfully imported records. - errors: - type: array - items: - type: object - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - successResults: - type: array - items: - type: object - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' - '400': - description: Bad request. - content: - application/json: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/_resolve_import_errors: + title: Legacy get connector types response body properties + description: The properties vary for each connector type. + type: array + items: + type: object + properties: + enabled: + type: boolean + description: >- + Indicates whether the connector type is enabled in + Kibana. + enabledInConfig: + type: boolean + description: >- + Indicates whether the connector type is enabled in the + Kibana `.yml` file. + enabledInLicense: + type: boolean + description: >- + Indicates whether the connector is enabled in the + license. + example: true + id: + type: string + description: The unique identifier for the connector type. + minimumLicenseRequired: + type: string + description: The license that is required to use the connector type. + name: + type: string + description: The name of the connector type. + '401': + $ref: '#/components/responses/Connectors_401' + /api/actions/action/{actionId}/_execute: post: - summary: Resolve import errors - operationId: resolveImportErrors - description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + summary: Run a connector + operationId: legacyRunConnector + deprecated: true + description: Deprecated in 7.13.0. Use the run connector API instead. tags: - - saved objects + - connectors parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - in: query - name: compatibilityMode - schema: - type: boolean - required: false - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. - - in: query - name: createNewCopies - schema: - type: boolean - required: false - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' requestBody: required: true content: - multipart/form-data: + application/json: schema: + title: Legacy run connector request body properties + description: The properties vary depending on the connector type. type: object required: - - retries + - params properties: - file: - description: The same file given to the import API. - type: string - format: binary - retries: + params: + type: object description: >- - The retry operations, which can specify how to resolve - different types of errors. - type: array - items: - type: object - required: - - type - - id - properties: - type: - description: The saved object type. - type: string - id: - description: The saved object ID. - type: string - overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. - type: boolean - destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. - type: string - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. - type: array + The parameters of the connector. Parameter properties vary + depending on the connector type. + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + properties: + actionId: + type: string + data: + oneOf: + - type: object + description: Information returned from the action. + additionalProperties: true + - type: array + description: An array of information returned from the action. items: type: object - properties: - type: - type: string - from: - type: string - to: - type: string - ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. - type: boolean - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request + status: + type: string + description: The status of the action. + '401': + $ref: '#/components/responses/Connectors_401' + /api/data_views: + get: + summary: Get all data views + operationId: getAllDataViewsDefault + tags: + - data views responses: '200': description: Indicates a successful call. @@ -2156,232 +2206,162 @@ paths: schema: type: object properties: - success: - type: boolean - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - successCount: - type: number - description: | - Indicates the number of successfully resolved records. - errors: - type: array - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. - items: - type: object - successResults: + data_view: type: array - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. items: type: object - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response + properties: + id: + type: string + name: + type: string + namespaces: + type: array + items: + type: string + title: + type: string + typeMeta: + type: object + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' '400': - description: Bad request. + description: Bad request content: application/json: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/{type}: + $ref: '#/components/schemas/Data_views_400_response' + /api/data_views/data_view: post: - summary: Create a saved object - operationId: createSavedObject - description: Create a Kibana saved object with a randomly generated identifier. - deprecated: true + summary: Create a data view + operationId: createDataViewDefaultw tags: - - saved objects + - data views parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - in: query - name: overwrite - description: If true, overwrites the document with the same identifier. - schema: - type: boolean + - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: required: true content: application/json: schema: - type: object - required: - - attributes - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' + $ref: '#/components/schemas/Data_views_create_data_view_request_object' + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - '409': - description: Indicates a conflict error. + $ref: '#/components/schemas/Data_views_data_view_response_object' + '400': + description: Bad request content: application/json: schema: - type: object - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/{type}/{id}: + $ref: '#/components/schemas/Data_views_400_response' + /api/data_views/data_view/{viewId}: get: - summary: Get a saved object - operationId: getSavedObject - description: Retrieve a single Kibana saved object by identifier. - deprecated: true + summary: Get a data view + operationId: getDataViewDefault tags: - - saved objects + - data views parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - $ref: '#/components/parameters/Data_views_view_id' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - '400': - description: Bad request. + $ref: '#/components/schemas/Data_views_data_view_response_object' + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' + '404': + description: Object is not found. content: application/json: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - post: - summary: Create a saved object - operationId: createSavedObjectId - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - deprecated: true + $ref: '#/components/schemas/Data_views_404_response' + delete: + summary: Delete a data view + operationId: deleteDataViewDefault + description: | + WARNING: When you delete a data view, it cannot be recovered. tags: - - saved objects + - data views parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - in: query - name: overwrite - description: If true, overwrites the document with the same identifier. - schema: - type: boolean - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - attributes - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' responses: - '200': + '204': description: Indicates a successful call. + '404': + description: Object is not found. content: application/json: schema: - type: object - '409': - description: Indicates a conflict error. - content: - application/json: - schema: - type: object - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - put: - summary: Update a saved object - operationId: updateSavedObject - description: Update the attributes for Kibana saved objects. - deprecated: true + $ref: '#/components/schemas/Data_views_404_response' + post: + summary: Update a data view + operationId: updateDataViewDefault tags: - - saved objects + - data views parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: required: true content: application/json: schema: - type: object + $ref: '#/components/schemas/Data_views_update_data_view_request_object' + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - '404': - description: Indicates the object was not found. - content: - application/json: - schema: - type: object - '409': - description: Indicates a conflict error. + $ref: '#/components/schemas/Data_views_data_view_response_object' + '400': + description: Bad request content: application/json: schema: - type: object - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /api/saved_objects/resolve/{type}/{id}: - get: - summary: Resolve a saved object - operationId: resolveSavedObject + $ref: '#/components/schemas/Data_views_400_response' + /api/data_views/data_view/{viewId}/fields: + post: + summary: Update data view fields metadata + operationId: updateFieldsMetadataDefault description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - deprecated: true + Update fields presentation metadata such as count, customLabel, + customDescription, and format. tags: - - saved objects + - data views parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - fields + properties: + fields: + description: The field object. + type: object + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' responses: '200': description: Indicates a successful call. @@ -2389,522 +2369,2163 @@ paths: application/json: schema: type: object + properties: + acknowledged: + type: boolean '400': - description: Bad request. + description: Bad request content: application/json: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - security: - - Saved_objects_basicAuth: [] - - Saved_objects_apiKeyAuth: [] - /s/{spaceId}/api/observability/slos: + $ref: '#/components/schemas/Data_views_400_response' + /api/data_views/data_view/{viewId}/runtime_field: post: - summary: Create an SLO - operationId: createSloOp - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + summary: Create a runtime field + operationId: createRuntimeFieldDefault tags: - - slo + - data views parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - responses: - '200': - description: Successful request - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_403_response' - '409': - description: Conflict - The SLO id already exists + type: object + required: + - name + - runtimeField + properties: + name: + type: string + description: | + The name for a runtime field. + runtimeField: + type: object + description: | + The runtime field definition object. + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + responses: + '200': + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/SLOs_409_response' - servers: - - url: https://localhost:5601 - get: - summary: Get a paginated list of SLOs - operationId: findSlosOp - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + type: object + put: + summary: Create or update a runtime field + operationId: createUpdateRuntimeFieldDefault tags: - - slo + - data views parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - name: kqlQuery - in: query - description: A valid kql query to filter the SLO with - schema: - type: string - example: 'slo.name:latency* and slo.tags : "prod"' - - name: page - in: query - description: The page to use for pagination, must be greater or equal than 1 - schema: - type: integer - default: 1 - example: 1 - - name: perPage - in: query - description: Number of SLOs returned by page - schema: - type: integer - default: 25 - maximum: 5000 - example: 25 - - name: sortBy - in: query - description: Sort by field - schema: - type: string - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - default: status - example: status - - name: sortDirection - in: query - description: Sort order + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - name: viewId + in: path + description: | + The ID of the data view fields you want to update. + required: true schema: type: string - enum: - - asc - - desc - default: asc - example: asc - - name: hideStale - in: query - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - schema: - type: boolean + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - name + - runtimeField + properties: + name: + type: string + description: | + The name for a runtime field. + runtimeField: + type: object + description: | + The runtime field definition object. + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' responses: '200': - description: Successful request + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/SLOs_find_slo_response' + type: object + properties: + data_view: + type: object + fields: + type: array + items: + type: object '400': description: Bad request content: application/json: schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_403_response' - '404': - description: Not found response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_404_response' - /s/{spaceId}/api/observability/slos/{sloId}: + $ref: '#/components/schemas/Data_views_400_response' + /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: get: - summary: Get an SLO - operationId: getSloOp - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + summary: Get a runtime field + operationId: getRuntimeFieldDefault tags: - - slo + - data views parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - name: instanceId - in: query - description: the specific instanceId used by the summary calculation - schema: - type: string - example: host-abcde + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' responses: '200': - description: Successful request - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response + type: object + properties: + data_view: + type: object + fields: + type: array + items: + type: object + examples: + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' + '404': + description: Object is not found. content: application/json: schema: - $ref: '#/components/schemas/SLOs_403_response' + $ref: '#/components/schemas/Data_views_404_response' + delete: + summary: Delete a runtime field from a data view + operationId: deleteRuntimeFieldDefault + tags: + - data views + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + description: Indicates a successful call. '404': - description: Not found response + description: Object is not found. content: application/json: schema: - $ref: '#/components/schemas/SLOs_404_response' - put: - summary: Update an SLO - operationId: updateSloOp - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + $ref: '#/components/schemas/Data_views_404_response' + post: + summary: Update a runtime field + operationId: updateRuntimeFieldDefault tags: - - slo + - data views parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - responses: - '200': - description: Successful request - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_403_response' - '404': - description: Not found response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_404_response' - delete: - summary: Delete an SLO - operationId: deleteSloOp - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - tags: - - slo - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + type: object + required: + - runtimeField + properties: + runtimeField: + type: object + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' responses: - '204': - description: Successful request + '200': + description: Indicates a successful call. '400': description: Bad request content: application/json: schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_403_response' - '404': - description: Not found response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_404_response' - /s/{spaceId}/api/observability/slos/{sloId}/enable: - post: - summary: Enable an SLO - operationId: enableSloOp - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + $ref: '#/components/schemas/Data_views_400_response' + /api/data_views/default: + get: + summary: Get the default data view + operationId: getDefaultDataViewDefault tags: - - slo - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - data views responses: - '204': - description: Successful request - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_403_response' - '404': - description: Not found response + '200': + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/SLOs_404_response' - /s/{spaceId}/api/observability/slos/{sloId}/disable: - post: - summary: Disable an SLO - operationId: disableSloOp - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - tags: - - slo - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request + type: object + properties: + data_view_id: + type: string + examples: + getDefaultDataViewResponse: + $ref: >- + #/components/examples/Data_views_get_default_data_view_response '400': description: Bad request content: application/json: schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_403_response' - '404': - description: Not found response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_404_response' - /s/{spaceId}/api/observability/slos/{sloId}/_reset: + $ref: '#/components/schemas/Data_views_400_response' post: - summary: Reset an SLO - operationId: resetSloOp - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + summary: Set the default data view + operationId: setDefaultDatailViewDefault tags: - - slo + - data views parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - data_view_id + properties: + data_view_id: + type: string + nullable: true + description: > + The data view identifier. NOTE: The API does not validate + whether it is a valid identifier. Use `null` to unset the + default data view. + force: + type: boolean + description: Update an existing default data view identifier. + default: false + examples: + setDefaultDataViewRequest: + $ref: '#/components/examples/Data_views_set_default_data_view_request' responses: - '204': - description: Successful request + '200': + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' + type: object + properties: + acknowledged: + type: boolean '400': description: Bad request content: application/json: schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_403_response' - '404': - description: Not found response - content: - application/json: - schema: - $ref: '#/components/schemas/SLOs_404_response' - /s/{spaceId}/api/observability/slos/_delete_instances: + $ref: '#/components/schemas/Data_views_400_response' + /api/data_views/swap_references: post: - summary: Batch delete rollup and summary data - operationId: deleteSloInstancesOp + summary: Swap saved object references + operationId: swapDataViewsDefault description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + Changes saved object references from one data view identifier to + another. WARNING: Misuse can break large numbers of saved objects! + Practicing with a backup is recommended. tags: - - slo + - data views parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + examples: + swapDataViewRequest: + $ref: '#/components/examples/Data_views_swap_data_view_request' responses: - '204': - description: Successful request - '400': - description: Bad request + '200': + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/SLOs_400_response' - '401': - description: Unauthorized response + type: object + properties: + deleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + result: + type: array + items: + type: object + properties: + id: + type: string + description: A saved object identifier. + type: + type: string + description: The saved object type. + /api/data_views/swap_references/_preview: + post: + summary: Preview a saved object reference swap + operationId: previewSwapDataViewsDefault + description: > + Preview the impact of swapping saved object references from one data + view identifier to another. + tags: + - data views + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + examples: + previewSwapDataViewRequest: + $ref: >- + #/components/examples/Data_views_preview_swap_data_view_request + responses: + '200': + description: Indicates a successful call. content: application/json: schema: - $ref: '#/components/schemas/SLOs_401_response' - '403': - description: Unauthorized response + type: object + properties: + result: + type: array + items: + type: object + properties: + id: + type: string + description: A saved object identifier. + type: + type: string + description: The saved object type. + /api/ml/saved_objects/sync: + get: + summary: Sync saved objects in the default space + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models in the default space. You must have `all` privileges for the + **Machine Learning** feature in the **Analytics** section of the Kibana + feature privileges. This API runs automatically when you start Kibana + and periodically thereafter. + operationId: mlSync + tags: + - ml + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + description: Indicates a successful call content: application/json: schema: - $ref: '#/components/schemas/SLOs_403_response' - servers: - - url: https://localhost:5601 - /api/status: - get: - operationId: /api/status#0 + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + /api/encrypted_saved_objects/_rotate_key: + post: + summary: Rotate a key for encrypted saved objects + operationId: rotateEncryptionKey + description: > + Superuser role required. + + + If a saved object cannot be decrypted using the primary encryption key, + then Kibana will attempt to decrypt it using the specified + decryption-only keys. In most of the cases this overhead is negligible, + but if you're dealing with a large number of saved objects and + experiencing performance issues, you may want to rotate the encryption + key. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + tags: + - saved objects parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: batch_size schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format + type: number + default: 10000 required: false + description: > + Specifies a maximum number of saved objects that Kibana can process + in a single batch. Bulk key rotation is an iterative process since + Kibana may not be able to fetch and process all required saved + objects in one go and splits processing into consequent batches. By + default, the batch size is 10000, which is also a maximum allowed + value. + - in: query + name: type schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format + type: string required: false + description: > + Limits encryption key rotation only to the saved objects with the + specified type. By default, Kibana tries to rotate the encryption + key for all saved object types that may contain encrypted + attributes. + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + properties: + total: + type: number + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + successful: + type: number + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + + + NOTE: In most cases, `total` will be greater than + `successful` even if `failed` is zero. The reason is that + Kibana may not need or may not be able to rotate + encryption keys for all encrypted saved objects. + failed: + type: number + description: > + Indicates the number of the saved objects that were still + encrypted with one of the old encryption keys that Kibana + failed to re-encrypt with the primary key. + examples: + rotateEncryptionKeyResponse: + $ref: '#/components/examples/Saved_objects_key_rotation_response' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + '429': + description: Already in progress. + content: + application/json: + schema: + type: object + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_bulk_create: + post: + summary: Create saved objects + operationId: bulkCreateSavedObjects + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - in: query + name: overwrite + description: When true, overwrites the document with the same identifier. schema: type: boolean + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object responses: '200': + description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': + type: object + '400': + description: Bad request content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system + $ref: '#/components/schemas/Saved_objects_400_response' security: - - Kibana_HTTP_APIs_basicAuth: [] -components: - parameters: - Connectors_kbn_xsrf: - schema: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_bulk_delete: + post: + summary: Delete saved objects + operationId: bulkDeleteSavedObjects + description: | + WARNING: When you delete a saved object, it cannot be recovered. + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - in: query + name: force + description: > + When true, force delete objects that exist in multiple namespaces. + Note that the option applies to the whole request. Use the delete + object API to specify per-object deletion behavior. TIP: Use this if + you attempted to delete objects and received an HTTP 400 error with + the following message: "Unable to delete saved object that exists in + multiple namespaces, use the force option to delete it anyway". + WARNING: When you bulk delete objects that exist in multiple + namespaces, the API also deletes legacy url aliases that reference + the object. These requests are batched to minimise the impact but + they can place a heavy load on Kibana. Make sure you limit the + number of objects that exist in multiple namespaces in a single bulk + delete operation. + schema: + type: boolean + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + responses: + '200': + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + content: + application/json: + schema: + type: object + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_bulk_get: + post: + summary: Get saved objects + operationId: bulkGetSavedObjects + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_bulk_resolve: + post: + summary: Resolve saved objects + operationId: bulkResolveSavedObjects + deprecated: true + description: > + Retrieve multiple Kibana saved objects by identifier using any legacy + URL aliases if they exist. Under certain circumstances when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved by the bulk resolve API + using either its new ID or its old ID. + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + responses: + '200': + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + content: + application/json: + schema: + type: object + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_bulk_update: + post: + summary: Update saved objects + operationId: bulkUpdateSavedObjects + description: Update the attributes for multiple Kibana saved objects. + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + responses: + '200': + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + content: + application/json: + schema: + type: object + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_export: + post: + summary: Export saved objects in the default space + operationId: exportSavedObjectsDefault + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + excludeExportDetails: + description: Do not add export details entry at the end of the stream. + type: boolean + default: false + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + type: array + items: + type: object + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - type: array + items: + type: string + examples: + exportSavedObjectsRequest: + $ref: '#/components/examples/Saved_objects_export_objects_request' + responses: + '200': + description: Indicates a successful call. + content: + application/x-ndjson: + schema: + type: object + additionalProperties: true + examples: + exportSavedObjectsResponse: + $ref: '#/components/examples/Saved_objects_export_objects_response' + '400': + description: Bad request. + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_find: + get: + summary: Search for saved objects + operationId: findSavedObjects + description: Retrieve a paginated set of Kibana saved objects. + deprecated: true + tags: + - saved objects + parameters: + - in: query + name: aggs + description: > + An aggregation structure, serialized as a string. The field format + is similar to filter, meaning that to use a saved object type + attribute in the aggregation, the `savedObjectType.attributes.title: + "myTitle"` format must be used. For root fields, the syntax is + `savedObjectType.rootField`. NOTE: As objects change in Kibana, the + results on each page of the response also change. Use the find API + for traditional paginated results, but avoid using it to export + large amounts of data. + schema: + type: string + - in: query + name: default_search_operator + description: The default operator to use for the `simple_query_string`. + schema: + type: string + - in: query + name: fields + description: The fields to return in the attributes key of the response. + schema: + oneOf: + - type: string + - type: array + - in: query + name: filter + description: > + The filter is a KQL string with the caveat that if you filter with + an attribute from your saved object type, it should look like that: + `savedObjectType.attributes.title: "myTitle"`. However, if you use a + root attribute of a saved object such as `updated_at`, you will have + to define your filter like that: `savedObjectType.updated_at > + 2018-12-22`. + schema: + type: string + - in: query + name: has_no_reference + description: >- + Filters to objects that do not have a relationship with the type and + identifier combination. + schema: + type: object + - in: query + name: has_no_reference_operator + description: >- + The operator to use for the `has_no_reference` parameter. Either + `OR` or `AND`. Defaults to `OR`. + schema: + type: string + - in: query + name: has_reference + description: >- + Filters to objects that have a relationship with the type and ID + combination. + schema: + type: object + - in: query + name: has_reference_operator + description: >- + The operator to use for the `has_reference` parameter. Either `OR` + or `AND`. Defaults to `OR`. + schema: + type: string + - in: query + name: page + description: The page of objects to return. + schema: + type: integer + - in: query + name: per_page + description: The number of objects to return per page. + schema: + type: integer + - in: query + name: search + description: >- + An Elasticsearch `simple_query_string` query that filters the + objects in the response. + schema: + type: string + - in: query + name: search_fields + description: >- + The fields to perform the `simple_query_string` parsed query + against. + schema: + oneOf: + - type: string + - type: array + - in: query + name: sort_field + description: > + Sorts the response. Includes "root" and "type" fields. "root" fields + exist for all saved objects, such as "updated_at". "type" fields are + specific to an object type, such as fields returned in the + attributes key of the response. When a single type is defined in the + type parameter, the "root" and "type" fields are allowed, and + validity checks are made in that order. When multiple types are + defined in the type parameter, only "root" fields are allowed. + schema: + type: string + - in: query + name: type + description: The saved object types to include. + required: true + schema: + oneOf: + - type: string + - type: array + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_import: + post: + summary: Import saved objects in the default space + operationId: importSavedObjectsDefault + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - in: query + name: createNewCopies + schema: + type: boolean + required: false + description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + - in: query + name: overwrite + schema: + type: boolean + required: false + description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + - in: query + name: compatibilityMode + schema: + type: boolean + required: false + description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + examples: + importObjectsRequest: + $ref: '#/components/examples/Saved_objects_import_objects_request' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + properties: + success: + type: boolean + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + successCount: + type: integer + description: Indicates the number of successfully imported records. + errors: + type: array + items: + type: object + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + successResults: + type: array + items: + type: object + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + examples: + importObjectsResponse: + $ref: '#/components/examples/Saved_objects_import_objects_response' + '400': + description: Bad request. + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/_resolve_import_errors: + post: + summary: Resolve import errors + operationId: resolveImportErrors + description: > + To resolve errors from the Import objects API, you can: + + + * Retry certain saved objects + + * Overwrite specific saved objects + + * Change references to different saved objects + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - in: query + name: compatibilityMode + schema: + type: boolean + required: false + description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. When enabled during the initial import, also enable when + resolving import errors. This option cannot be used with the + `createNewCopies` option. + - in: query + name: createNewCopies + schema: + type: boolean + required: false + description: > + Creates copies of the saved objects, regenerates each object ID, and + resets the origin. When enabled during the initial import, also + enable when resolving import errors. + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + required: + - retries + properties: + file: + description: The same file given to the import API. + type: string + format: binary + retries: + description: >- + The retry operations, which can specify how to resolve + different types of errors. + type: array + items: + type: object + required: + - type + - id + properties: + type: + description: The saved object type. + type: string + id: + description: The saved object ID. + type: string + overwrite: + description: >- + When set to `true`, the source object overwrites the + conflicting destination object. When set to `false`, + does nothing. + type: boolean + destinationId: + description: >- + Specifies the destination ID that the imported object + should have, if different from the current ID. + type: string + replaceReferences: + description: >- + A list of `type`, `from`, and `to` used to change the + object references. + type: array + items: + type: object + properties: + type: + type: string + from: + type: string + to: + type: string + ignoreMissingReferences: + description: >- + When set to `true`, ignores missing reference errors. + When set to `false`, does nothing. + type: boolean + examples: + resolveImportErrorsRequest: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_request + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + properties: + success: + type: boolean + description: > + Indicates a successful import. When set to `false`, some + objects may not have been created. For additional + information, refer to the `errors` and `successResults` + properties. + successCount: + type: number + description: | + Indicates the number of successfully resolved records. + errors: + type: array + description: > + Specifies the objects that failed to resolve. + + + NOTE: One object can result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and a `conflict` error. + items: + type: object + successResults: + type: array + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are only created when all resolvable errors + are addressed, including conflict and missing references. + items: + type: object + examples: + resolveImportErrorsResponse: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_response + '400': + description: Bad request. + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/{type}: + post: + summary: Create a saved object + operationId: createSavedObject + description: Create a Kibana saved object with a randomly generated identifier. + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - in: query + name: overwrite + description: If true, overwrites the document with the same identifier. + schema: + type: boolean + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + '409': + description: Indicates a conflict error. + content: + application/json: + schema: + type: object + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/{type}/{id}: + get: + summary: Get a saved object + operationId: getSavedObject + description: Retrieve a single Kibana saved object by identifier. + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + '400': + description: Bad request. + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + post: + summary: Create a saved object + operationId: createSavedObjectId + description: >- + Create a Kibana saved object and specify its identifier instead of using + a randomly generated ID. + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - in: query + name: overwrite + description: If true, overwrites the document with the same identifier. + schema: + type: boolean + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + '409': + description: Indicates a conflict error. + content: + application/json: + schema: + type: object + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + put: + summary: Update a saved object + operationId: updateSavedObject + description: Update the attributes for Kibana saved objects. + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + requestBody: + required: true + content: + application/json: + schema: + type: object + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + '404': + description: Indicates the object was not found. + content: + application/json: + schema: + type: object + '409': + description: Indicates a conflict error. + content: + application/json: + schema: + type: object + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /api/saved_objects/resolve/{type}/{id}: + get: + summary: Resolve a saved object + operationId: resolveSavedObject + description: > + Retrieve a single Kibana saved object by identifier using any legacy URL + alias if it exists. Under certain circumstances, when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved using either its new ID or + its old ID. + deprecated: true + tags: + - saved objects + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + type: object + '400': + description: Bad request. + content: + application/json: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + security: + - Saved_objects_basicAuth: [] + - Saved_objects_apiKeyAuth: [] + /s/{spaceId}/api/observability/slos: + post: + summary: Create an SLO + operationId: createSloOp + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + responses: + '200': + description: Successful request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '409': + description: Conflict - The SLO id already exists + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_409_response' + servers: + - url: https://localhost:5601 + get: + summary: Get a paginated list of SLOs + operationId: findSlosOp + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - name: kqlQuery + in: query + description: A valid kql query to filter the SLO with + schema: + type: string + example: 'slo.name:latency* and slo.tags : "prod"' + - name: page + in: query + description: The page to use for pagination, must be greater or equal than 1 + schema: + type: integer + default: 1 + example: 1 + - name: perPage + in: query + description: Number of SLOs returned by page + schema: + type: integer + default: 25 + maximum: 5000 + example: 25 + - name: sortBy + in: query + description: Sort by field + schema: + type: string + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + default: status + example: status + - name: sortDirection + in: query + description: Sort order + schema: + type: string + enum: + - asc + - desc + default: asc + example: asc + - name: hideStale + in: query + description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + schema: + type: boolean + responses: + '200': + description: Successful request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '404': + description: Not found response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_404_response' + /s/{spaceId}/api/observability/slos/{sloId}: + get: + summary: Get an SLO + operationId: getSloOp + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - name: instanceId + in: query + description: the specific instanceId used by the summary calculation + schema: + type: string + example: host-abcde + responses: + '200': + description: Successful request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '404': + description: Not found response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_404_response' + put: + summary: Update an SLO + operationId: updateSloOp + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + responses: + '200': + description: Successful request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '404': + description: Not found response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_404_response' + delete: + summary: Delete an SLO + operationId: deleteSloOp + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '404': + description: Not found response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_404_response' + /s/{spaceId}/api/observability/slos/{sloId}/enable: + post: + summary: Enable an SLO + operationId: enableSloOp + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '404': + description: Not found response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_404_response' + /s/{spaceId}/api/observability/slos/{sloId}/disable: + post: + summary: Disable an SLO + operationId: disableSloOp + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '404': + description: Not found response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_404_response' + /s/{spaceId}/api/observability/slos/{sloId}/_reset: + post: + summary: Reset an SLO + operationId: resetSloOp + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + '404': + description: Not found response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_404_response' + /s/{spaceId}/api/observability/slos/_delete_instances: + post: + summary: Batch delete rollup and summary data + operationId: deleteSloInstancesOp + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + tags: + - slo + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + responses: + '204': + description: Successful request + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_400_response' + '401': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_401_response' + '403': + description: Unauthorized response + content: + application/json: + schema: + $ref: '#/components/schemas/SLOs_403_response' + servers: + - url: https://localhost:5601 + /api/status: + get: + operationId: /api/status#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + security: + - Kibana_HTTP_APIs_basicAuth: [] +components: + parameters: + Cases_kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + description: Cross-site request forgery protection + required: true + Cases_ids: + name: ids + description: > + The cases that you want to removed. All non-ASCII characters must be URL + encoded. + in: query + required: true + schema: + type: array + items: + type: string + minItems: 1 + maxItems: 100 + example: d4e7abb0-b462-11ec-9a8d-698504725a43 + Cases_assignees: + in: query + name: assignees + description: > + Filters the returned cases by assignees. Valid values are `none` or + unique identifiers for the user profiles. These identifiers can be found + by using the suggest user profile API. + schema: + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 100 + Cases_category: + in: query + name: category + description: Filters the returned cases by category. + schema: + oneOf: + - type: string + example: my-category + - type: array + items: + type: string + maxItems: 100 + Cases_defaultSearchOperator: + in: query + name: defaultSearchOperator + description: he default operator to use for the simple_query_string. + schema: + type: string + default: OR + example: OR + Cases_from: + in: query + name: from + description: > + Returns only cases that were created after a specific date. The date + must be specified as a KQL data range or date match expression. + schema: + type: string + example: now-1d + Cases_owner: + in: query + name: owner + description: > + A filter to limit the response to a specific set of applications. If + this parameter is omitted, the response contains information about all + the cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/Cases_owners' + - type: array + items: + $ref: '#/components/schemas/Cases_owners' + example: cases + Cases_page_index: + in: query + name: page + description: The page number to return. + required: false + schema: + type: integer + default: 1 + Cases_page_size: + in: query + name: perPage + description: The number of items to return. Limited to 100 items. + required: false + schema: + type: integer + default: 20 + maximum: 100 + Cases_reporters: + in: query + name: reporters + description: Filters the returned cases by the user name of the reporter. + schema: + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 100 + example: elastic + Cases_search: + in: query + name: search + description: >- + An Elasticsearch simple_query_string query that filters the objects in + the response. + schema: + type: string + Cases_searchFields: + in: query + name: searchFields + description: The fields to perform the simple_query_string parsed query against. + schema: + oneOf: + - $ref: '#/components/schemas/Cases_searchFieldsType' + - type: array + items: + $ref: '#/components/schemas/Cases_searchFieldsType' + Cases_severity: + in: query + name: severity + description: The severity of the case. + schema: + type: string + enum: + - critical + - high + - low + - medium + Cases_sortField: + in: query + name: sortField + description: Determines which field is used to sort the results. + schema: + type: string + enum: + - createdAt + - updatedAt + - closedAt + - title + - category + - status + - severity + default: createdAt + example: updatedAt + Cases_sort_order: + in: query + name: sortOrder + description: Determines the sort order. + required: false + schema: + type: string + enum: + - asc + - desc + default: desc + Cases_status: + in: query + name: status + description: Filters the returned cases by state. + schema: + type: string + enum: + - closed + - in-progress + - open + example: open + Cases_tags: + in: query + name: tags + description: Filters the returned cases by tags. + schema: + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 100 + example: tag-1 + Cases_to: + in: query + name: to + description: > + Returns only cases that were created before a specific date. The date + must be specified as a KQL data range or date match expression. + schema: + type: string + example: now+1d + Cases_alert_id: + in: path + name: alertId + description: An identifier for the alert. + required: true + schema: + type: string + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + Cases_configuration_id: + in: path + name: configurationId + description: An identifier for the configuration. + required: true + schema: + type: string + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 + Cases_case_id: + in: path + name: caseId + description: >- + The identifier for the case. To retrieve case IDs, use the find cases + API. All non-ASCII characters must be URL encoded. + required: true + schema: + type: string + example: 9c235210-6834-11ea-a78c-6ffb38a34414 + Cases_includeComments: + in: query + name: includeComments + description: >- + Deprecated in 8.1.0. This parameter is deprecated and will be removed in + a future release. It determines whether case comments are returned. + deprecated: true + schema: + type: boolean + default: true + Cases_comment_id: + in: path + name: commentId + description: > + The identifier for the comment. To retrieve comment IDs, use the get + case or find cases APIs. + required: true + schema: + type: string + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + Cases_connector_id: + in: path + name: connectorId + description: >- + An identifier for the connector. To retrieve connector IDs, use the find + connectors API. + required: true + schema: + type: string + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + Cases_user_action_types: + in: query + name: types + description: Determines the types of user actions to return. + schema: + type: array + items: + type: string + enum: + - action + - alert + - assignees + - attachment + - comment + - connector + - create_case + - description + - pushed + - settings + - severity + - status + - tags + - title + - user + example: create_case + Connectors_kbn_xsrf: + schema: type: string in: header name: kbn-xsrf @@ -2940,74 +4561,2144 @@ components: required: true schema: type: string - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_field_name: - in: path - name: fieldName - description: The name of the runtime field. - required: true - schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_field_name: + in: path + name: fieldName + description: The name of the runtime field. + required: true + schema: + type: string + example: hour_of_day + Machine_learning_APIs_simulateParam: + in: query + name: simulate + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + required: false + schema: + type: boolean + example: 'true' + Saved_objects_kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + description: Cross-site request forgery protection + required: true + Saved_objects_saved_object_type: + in: path + name: type + description: >- + Valid options include `visualization`, `dashboard`, `search`, + `index-pattern`, `config`. + required: true + schema: + type: string + Saved_objects_saved_object_id: + in: path + name: id + description: An identifier for the saved object. + required: true + schema: + type: string + SLOs_kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + description: Cross-site request forgery protection + required: true + SLOs_space_id: + in: path + name: spaceId + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + required: true + schema: + type: string + example: default + SLOs_slo_id: + in: path + name: sloId + description: An identifier for the slo. + required: true + schema: + type: string + example: 9c235211-6834-11ea-a78c-6feb38a34414 + schemas: + Cases_assignees: + type: array + description: An array containing users that are assigned to the case. + maxItems: 10 + nullable: true + items: + type: object + required: + - uid + properties: + uid: + type: string + description: >- + A unique identifier for the user profile. These identifiers can be + found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + Cases_connector_properties_none: + title: Create or update case request properties for no connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.none`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case without + a connector, specify null. To update a case to remove the connector, + specify null. + nullable: true + type: string + example: null + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. To update a case to remove the connector, + specify `none`. + type: string + example: none + name: + description: >- + The name of the connector. To create a case without a connector, use + `none`. To update a case to remove the connector, specify `none`. + type: string + example: none + type: + description: >- + The type of connector. To create a case without a connector, use + `.none`. To update a case to remove the connector, specify `.none`. + type: string + example: .none + enum: + - .none + Cases_connector_properties_cases_webhook: + title: Create or upate case request properties for Cases Webhook connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + fields: + type: string + nullable: true + example: null + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .cases-webhook + enum: + - .cases-webhook + Cases_connector_properties_jira: + title: Create or update case request properties for a Jira connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + required: + - issueType + - parent + - priority + properties: + issueType: + description: The type of issue. + type: string + nullable: true + parent: + description: The key of the parent issue, when the issue type is sub-task. + type: string + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .jira + enum: + - .jira + Cases_connector_properties_resilient: + title: Create case request properties for a IBM Resilient connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + nullable: true + required: + - issueTypes + - severityCode + properties: + issueTypes: + description: The type of incident. + type: array + items: + type: string + severityCode: + description: The severity code of the incident. + type: string + id: + description: The identifier for the connector. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .resilient + enum: + - .resilient + Cases_connector_properties_servicenow: + title: Create case request properties for a ServiceNow ITSM connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + required: + - category + - impact + - severity + - subcategory + - urgency + properties: + category: + description: The category of the incident. + type: string + nullable: true + impact: + description: The effect an incident had on business. + type: string + nullable: true + severity: + description: The severity of the incident. + type: string + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + urgency: + description: The extent to which the incident resolution can be delayed. + type: string + nullable: true + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .servicenow + enum: + - .servicenow + Cases_connector_properties_servicenow_sir: + title: Create case request properties for a ServiceNow SecOps connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow-sir`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + properties: + category: + description: The category of the incident. + type: string + nullable: true + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs. + type: boolean + nullable: true + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes. + type: boolean + nullable: true + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs. + type: boolean + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs. + type: boolean + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .servicenow-sir + enum: + - .servicenow-sir + Cases_connector_properties_swimlane: + title: Create case request properties for a Swimlane connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + required: + - caseId + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + nullable: true + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .swimlane + enum: + - .swimlane + Cases_case_description: + description: The description for the case. + type: string + maxLength: 30000 + Cases_owners: + type: string + description: > + The application that owns the cases: Stack Management, Observability, or + Elastic Security. + enum: + - cases + - observability + - securitySolution + example: cases + Cases_settings: + type: object + description: An object that contains the case settings. + required: + - syncAlerts + properties: + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + example: true + Cases_case_severity: + type: string + description: The severity of the case. + enum: + - critical + - high + - low + - medium + default: low + Cases_case_tags: + description: > + The words and phrases that help categorize cases. It can be an empty + array. + type: array + maxItems: 200 + items: + type: string + maxLength: 256 + Cases_case_category: + description: A word or phrase that categorizes the case. + type: string + maxLength: 50 + Cases_case_title: + description: A title for the case. + type: string + maxLength: 160 + Cases_create_case_request: + title: Create case request + description: >- + The create case API request body varies depending on the type of + connector. + type: object + required: + - connector + - description + - owner + - settings + - tags + - title + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + description: + $ref: '#/components/schemas/Cases_case_description' + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + category: + $ref: '#/components/schemas/Cases_case_category' + title: + $ref: '#/components/schemas/Cases_case_title' + customFields: + type: array + description: > + Custom field values for a case. Any optional custom fields that are + not specified in the request are set to null. + minItems: 0 + maxItems: 10 + items: + type: object + required: + - key + - type + - value + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + type: string + enum: + - text + - toggle + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - type: string + minLength: 1 + maxLength: 160 + nullable: true + - type: boolean + Cases_case_response_closed_by_properties: + title: Case response properties for closed_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + Cases_alert_comment_response_properties: + title: Add case comment response properties for alerts + type: object + required: + - type + properties: + alertId: + type: array + items: + type: string + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + created_at: + type: string + format: date-time + example: '2023-11-06T19:29:38.424Z' + created_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + id: + type: string + example: 73362370-ab1a-11ec-985f-97e55adae8b9 + index: + type: array + items: + type: string + example: .internal.alerts-security.alerts-default-000001 + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + type: string + format: date-time + example: null + nullable: true + pushed_by: + type: object + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + rule: + type: object + properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule + type: + type: string + example: alert + enum: + - alert + updated_at: + type: string + format: date-time + nullable: true + updated_by: + type: object + nullable: true + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + version: + type: string + example: WzMwNDgsMV0= + Cases_user_comment_response_properties: + title: Case response properties for user comments + type: object + required: + - type + properties: + comment: + type: string + example: A new comment. + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + id: + type: string + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + type: string + format: date-time + nullable: true + example: null + pushed_by: + $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' + type: + type: string + example: user + enum: + - user + updated_at: + type: string + format: date-time + nullable: true + example: null + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + type: string + example: WzIwNDMxLDFd + Cases_case_response_created_by_properties: + title: Case response properties for created_by + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + Cases_case_response_pushed_by_properties: + title: Case response properties for pushed_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + Cases_case_response_updated_by_properties: + title: Case response properties for updated_by + type: object + nullable: true + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + Cases_external_service: + type: object + nullable: true + properties: + connector_id: + type: string + connector_name: + type: string + external_id: + type: string + external_title: + type: string + external_url: + type: string + pushed_at: + type: string + format: date-time + pushed_by: + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + Cases_case_status: + type: string + description: The status of the case. + enum: + - closed + - in-progress + - open + Cases_case_response_properties: + title: Case response properties + type: object + required: + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service + - id + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by + - version + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + type: string + description: The case category. + nullable: true + closed_at: + type: string + format: date-time + nullable: true + closed_by: + $ref: '#/components/schemas/Cases_case_response_closed_by_properties' + comments: + title: Case response properties for comments + description: An array of comment objects for the case. + type: array + maxItems: 10000 + items: + oneOf: + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' + discriminator: + propertyName: type + mapping: + alert: '#/components/schemas/Cases_alert_comment_response_properties' + user: '#/components/schemas/Cases_user_comment_response_properties' + connector: + title: Case response properties for connectors + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + discriminator: + propertyName: type + mapping: + .none: '#/components/schemas/Cases_connector_properties_none' + .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' + .jira: '#/components/schemas/Cases_connector_properties_jira' + .resilient: '#/components/schemas/Cases_connector_properties_resilient' + .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' + .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' + .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + customFields: + type: array + description: Custom field values for the case. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + type: string + enum: + - text + - toggle + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - type: string + minLength: 1 + maxLength: 160 + nullable: true + - type: boolean + description: + type: string + example: A case description. + duration: + type: integer + description: > + The elapsed time from the creation of the case to its closure (in + seconds). If the case has not been closed, the duration is set to + null. If the case was closed after less than half a second, the + duration is rounded down to zero. + nullable: true + example: 120 + external_service: + $ref: '#/components/schemas/Cases_external_service' + id: + type: string + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + type: array + items: + type: string + example: + - tag-1 + title: + type: string + example: Case title 1 + totalAlerts: + type: integer + example: 0 + totalComment: + type: integer + example: 0 + updated_at: + type: string + format: date-time + nullable: true + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + type: string + example: WzUzMiwxXQ== + Cases_4xx_response: + type: object + title: Unsuccessful cases API response + properties: + error: + type: string + example: Unauthorized + message: + type: string + statusCode: + type: integer + example: 401 + Cases_update_case_request: + title: Update case request + description: >- + The update case API request body varies depending on the type of + connector. + type: object + required: + - cases + properties: + cases: + type: array + description: An array containing one or more case objects. + maxItems: 100 + minItems: 1 + items: + type: object + required: + - id + - version + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: >- + #/components/schemas/Cases_connector_properties_cases_webhook + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: >- + #/components/schemas/Cases_connector_properties_servicenow_sir + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + type: array + description: > + Custom field values for a case. Any optional custom fields + that are not specified in the request are set to null. + minItems: 0 + maxItems: 10 + items: + type: object + required: + - key + - type + - value + properties: + key: + description: > + The unique identifier for the custom field. The key + value must exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified + in the case configuration settings. + type: string + enum: + - text + - toggle + value: + description: > + The custom field value. If the custom field is required, + it cannot be explicitly set to null. However, for cases + that existed when the required custom field was added, + the default value stored in Elasticsearch is + `undefined`. The value returned in the API and user + interface in this case is `null`. + oneOf: + - type: string + minLength: 1 + maxLength: 160 + nullable: true + - type: boolean + description: + $ref: '#/components/schemas/Cases_case_description' + id: + description: The identifier for the case. + type: string + maxLength: 30000 + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + version: + description: >- + The current version of the case. To determine this value, use + the get case or find cases APIs. + type: string + Cases_searchFieldsType: + type: string + description: The fields to perform the `simple_query_string` parsed query against. + enum: + - description + - title + Cases_closure_types: + type: string + description: >- + Indicates whether a case is automatically closed when it is pushed to + external systems (`close-by-pushing`) or not automatically closed + (`close-by-user`). + enum: + - close-by-pushing + - close-by-user + example: close-by-user + Cases_connector_types: + type: string + description: The type of connector. + enum: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none + Cases_template_tags: + description: > + The words and phrases that help categorize templates. It can be an empty + array. + type: array + maxItems: 200 + items: type: string - example: hour_of_day - Machine_learning_APIs_simulateParam: - in: query - name: simulate + maxLength: 256 + Cases_templates: + type: array + x-technical-preview: true + items: + type: object + properties: + caseFields: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, therefore + it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector IDs, + use the find connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + customFields: + type: array + x-technical-preview: true + description: Custom field values in the template. + items: + type: object + properties: + key: + type: string + description: The unique key for the custom field. + type: + type: string + enum: + - text + - toggle + description: The type of the custom field. + value: + oneOf: + - type: string + - type: boolean + description: > + The default value for the custom field when a case uses + the template. If the `type` is `text`, the default value + must be a string. If the `type` is `toggle`, the default + value must be boolean. + description: + $ref: '#/components/schemas/Cases_case_description' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + description: + type: string + description: A description for the template. + key: + type: string + description: > + A unique key for the template. Must be lower case and composed + only of a-z, 0-9, '_', and '-' characters. It is used in API calls + to refer to a specific template. + name: + type: string + description: The name of the template. + tags: + $ref: '#/components/schemas/Cases_template_tags' + Cases_set_case_configuration_request: + title: Set case configuration request + description: >- + External connection details, such as the closure type and default + connector for cases. + type: object + required: + - closure_type + - connector + - owner + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + type: array + description: Custom fields case configuration. + minItems: 0 + maxItems: 10 + items: + type: object + required: + - key + - label + - required + - type + properties: + defaultValue: + oneOf: + - type: string + - type: boolean + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + type: string + minLength: 1 + maxLength: 36 + label: + description: The custom field label that is displayed in the case. + type: string + minLength: 1 + maxLength: 50 + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + type: + description: The type of the custom field. + type: string + enum: + - text + - toggle + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + Cases_update_case_configuration_request: + title: Update case configuration request + description: > + You can update settings such as the closure type, custom fields, + templates, and the default connector for cases. + type: object + required: + - version + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + type: array + description: Custom fields case configuration. + items: + type: object + required: + - key + - label + - required + - type + properties: + defaultValue: + oneOf: + - type: string + - type: boolean + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + type: string + minLength: 1 + maxLength: 36 + label: + description: The custom field label that is displayed in the case. + type: string + minLength: 1 + maxLength: 50 + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + type: + description: The type of the custom field. + type: string + enum: + - text + - toggle + templates: + $ref: '#/components/schemas/Cases_templates' + version: + description: > + The version of the connector. To retrieve the version value, use the + get configuration API. + type: string + example: WzIwMiwxXQ== + Cases_alert_response_properties: + type: object + properties: + attached_at: + type: string + format: date-time + id: + description: The alert identifier. + type: string + index: + description: The alert index. + type: string + Cases_add_alert_comment_request_properties: + title: Add case comment request properties for alerts + required: + - alertId + - index + - owner + - rule + - type + description: Defines properties for case comment requests when type is alert. + type: object + properties: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + type: string + example: alert + enum: + - alert + Cases_add_user_comment_request_properties: + title: Add case comment request properties for user comments + description: Defines properties for case comment requests when type is user. + type: object + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + maxLength: 30000 + example: A new comment. + owner: + $ref: '#/components/schemas/Cases_owners' + type: + type: string + description: The type of comment. + example: user + enum: + - user + required: + - comment + - owner + - type + Cases_alert_identifiers: + title: Alert identifiers + description: > + The alert identifiers. It is required only when `type` is `alert`. You + can use an array of strings to add multiple alerts to a case, provided + that they all relate to the same rule; `index` must also be an array + with the same length or number of elements. Adding multiple alerts in + this manner is recommended rather than calling the API multiple times. + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 1000 + x-technical-preview: true + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + Cases_alert_indices: + title: Alert indices + description: > + The alert indices. It is required only when `type` is `alert`. If you + are adding multiple alerts to a case, use an array of strings; the + position of each index name in the array must match the position of the + corresponding alert identifier in the `alertId` array. This + functionality is in technical preview and may be changed or removed in a + future release. Elastic will work to fix any issues, but features in + technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 1000 + x-technical-preview: true + Cases_rule: + title: Alerting rule + description: > + The rule that is associated with the alerts. It is required only when + `type` is `alert`. This functionality is in technical preview and may be + changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + type: object + x-technical-preview: true + properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule + Cases_add_case_comment_request: + title: Add case comment request description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - required: false - schema: - type: boolean - example: 'true' - Saved_objects_kbn_xsrf: - schema: - type: string - in: header - name: kbn-xsrf - description: Cross-site request forgery protection - required: true - Saved_objects_saved_object_type: - in: path - name: type + The add comment to case API request body varies depending on whether you + are adding an alert or a comment. + oneOf: + - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' + discriminator: + propertyName: type + mapping: + alert: '#/components/schemas/Cases_add_alert_comment_request_properties' + user: '#/components/schemas/Cases_add_user_comment_request_properties' + Cases_update_alert_comment_request_properties: + title: Update case comment request properties for alerts + description: Defines properties for case comment requests when type is alert. + required: + - alertId + - id + - index + - owner + - rule + - type + - version + type: object + properties: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + id: + type: string + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + type: string + enum: + - alert + example: alert + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + type: string + example: Wzk1LDFd + Cases_update_user_comment_request_properties: + title: Update case comment request properties for user comments + description: Defines properties for case comment requests when type is user. + type: object + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + maxLength: 30000 + example: A new comment. + id: + type: string + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + owner: + $ref: '#/components/schemas/Cases_owners' + type: + type: string + description: The type of comment. + enum: + - user + example: user + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + type: string + example: Wzk1LDFd + required: + - comment + - id + - owner + - type + - version + Cases_update_case_comment_request: + title: Update case comment request description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. - required: true - schema: - type: string - Saved_objects_saved_object_id: - in: path - name: id - description: An identifier for the saved object. - required: true - schema: - type: string - SLOs_kbn_xsrf: - schema: - type: string - in: header - name: kbn-xsrf - description: Cross-site request forgery protection - required: true - SLOs_space_id: - in: path - name: spaceId + The update case comment API request body varies depending on whether you + are updating an alert or a comment. + oneOf: + - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' + discriminator: + propertyName: type + mapping: + alert: '#/components/schemas/Cases_update_alert_comment_request_properties' + user: '#/components/schemas/Cases_update_user_comment_request_properties' + Cases_actions: + type: string + enum: + - add + - create + - delete + - push_to_service + - update + example: create + Cases_payload_alert_comment: + type: object + properties: + comment: + type: object + properties: + alertId: + oneOf: + - type: string + example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + - type: array + items: + type: string + index: + oneOf: + - type: string + example: .alerts-observability.logs.alerts-default + - type: array + items: + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + type: object + properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule + type: + type: string + enum: + - alert + Cases_payload_assignees: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + Cases_payload_connector: + type: object + properties: + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: string + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + example: null + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + type: string + example: none + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_create_case: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: string + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + example: null + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + type: string + example: none + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + description: + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + type: array + items: + type: string + example: + - tag-1 + title: + type: string + Cases_payload_delete: + type: object description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - required: true - schema: - type: string - example: default - SLOs_slo_id: - in: path - name: sloId - description: An identifier for the slo. - required: true - schema: - type: string - example: 9c235211-6834-11ea-a78c-6feb38a34414 - schemas: + If the `action` is `delete` and the `type` is `delete_case`, the payload + is nullable. + nullable: true + Cases_payload_description: + type: object + properties: + description: + type: string + Cases_payload_pushed: + type: object + properties: + externalService: + $ref: '#/components/schemas/Cases_external_service' + Cases_payload_settings: + type: object + properties: + settings: + $ref: '#/components/schemas/Cases_settings' + Cases_payload_severity: + type: object + properties: + severity: + $ref: '#/components/schemas/Cases_case_severity' + Cases_payload_status: + type: object + properties: + status: + $ref: '#/components/schemas/Cases_case_status' + Cases_payload_tags: + type: object + properties: + tags: + type: array + items: + type: string + example: + - tag-1 + Cases_payload_title: + type: object + properties: + title: + type: string + Cases_payload_user_comment: + type: object + properties: + comment: + type: object + properties: + comment: + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + type: + type: string + enum: + - user + Cases_action_types: + type: string + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + Cases_user_actions_response_properties: + type: object + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type + properties: + action: + $ref: '#/components/schemas/Cases_actions' + action_id: + type: string + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + case_id: + type: string + example: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: + type: string + nullable: true + example: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' + Cases_user_actions_find_response_properties: + type: object + required: + - action + - comment_id + - created_at + - created_by + - id + - owner + - payload + - type + - version + properties: + action: + $ref: '#/components/schemas/Cases_actions' + comment_id: + type: string + nullable: true + example: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + id: + type: string + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + version: + type: string + example: WzM1ODg4LDFd + type: + type: string + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case Connectors_create_connector_request_bedrock: title: Create Amazon Bedrock connector request description: >- @@ -8952,6 +12643,898 @@ components: - metrics type: object examples: + Cases_create_case_request: + summary: Create a security case that uses a Jira connector. + value: + description: A case description. + title: Case title 1 + tags: + - tag-1 + connector: + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + fields: + issueType: '10006' + priority: High + parent: null + settings: + syncAlerts: true + owner: cases + customFields: + - type: text + key: d312efda-ec2b-42ec-9e2c-84981795c581 + value: My field value + Cases_create_case_response: + summary: >- + The create case API returns a JSON object that contains details about + the case. + value: + comments: [] + totalAlerts: 0 + id: 66b9aa00-94fa-11ea-9f74-e7e108796192 + version: WzUzMiwxXQ== + totalComment: 0 + title: Case title 1 + tags: + - tag 1 + assignees: [] + description: A case description. + settings: + syncAlerts: true + owner: cases + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + duration: null + severity: low + closed_at: null + closed_by: null + created_at: '2022-10-13T15:33:50.604Z' + created_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + status: open + updated_at: null + updated_by: null + connector: + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + fields: + issueType: '10006' + parent: null + priority: High + external_service: null + Cases_update_case_request: + summary: Update the case description, tags, and connector. + value: + cases: + - id: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 + version: WzIzLDFd + connector: + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + fields: + issueType: '10006' + priority: null + parent: null + description: A case description. + tags: + - tag-1 + settings: + syncAlerts: true + customFields: + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: false + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My new field value + Cases_update_case_response: + summary: >- + This is an example response when the case description, tags, and + connector were updated. + value: + - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 + version: WzU0OCwxXQ== + comments: [] + totalComment: 0 + totalAlerts: 0 + title: Case title 1 + tags: + - tag-1 + settings: + syncAlerts: true + owner: cases + description: A case description. + duration: null + severity: low + closed_at: null + closed_by: null + created_at: '2023-10-13T09:16:17.416Z' + created_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + status: open + updated_at: '2023-10-13T09:48:33.043Z' + updated_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + assignees: [] + category: null + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My new field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: false + connector: + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + fields: + issueType: '10006' + parent: null + priority: null + external_service: + external_title: IS-4 + pushed_by: + full_name: null + email: null + username: elastic + external_url: https://hms.atlassian.net/browse/IS-4 + pushed_at: '2023-10-13T09:20:40.672Z' + connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8 + external_id: '10003' + connector_name: Jira + Cases_find_case_response: + summary: >- + Retrieve the first five cases with the `tag-1` tag, in ascending order + by last update time. + value: + page: 1 + per_page: 5 + total: 1 + cases: + - id: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + version: WzExMCwxXQ== + comments: [] + totalComment: 1 + totalAlerts: 0 + title: Case title + tags: + - tag-1 + description: Case description + settings: + syncAlerts: true + owner: cases + customFields: + - type: text + key: d312efda-ec2b-42ec-9e2c-84981795c581 + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + duration: null + severity: low + closed_at: null + closed_by: null + created_at: '2023-10-12T00:16:36.371Z' + created_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + status: open + updated_at: '2023-10-12T00:27:58.162Z' + updated_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + assignees: [] + category: null + connector: + id: none + name: none + type: .none + fields: null + external_service: null + count_open_cases: 1 + count_in_progress_cases: 0 + count_closed_cases: 0 + Cases_get_case_configuration_response: + summary: Get the case configuration. + value: + - id: 856ee650-6c82-11ee-a20a-6164169afa58 + closure_type: close-by-user + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + defaultValue: Custom text field value. + label: my-text-field + required: false + type: text + owner: cases + created_at: '2024-07-01T17:07:17.767Z' + created_by: + username: elastic + email: null + full_name: null + updated_at: null + updated_by: null + connector: + id: none + name: none + type: .none + fields: null + mappings: [] + version: WzEyLDNd + error: null + templates: + - key: 505932fe-ee3a-4960-a661-c781b5acdb05 + name: template-1 + caseFields: + title: Default case title + tags: + - Default case tag + category: Default-category + description: A default description for cases. + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + connector: + id: none + type: .none + fields: null + name: none + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + value: Default text field value. + type: text + settings: + syncAlerts: false + description: A description of the template. + tags: + - Template tag 1 + Cases_set_case_configuration_request: + summary: >- + Set the closure type, custom fields, and default connector for Stack + Management cases. + value: + owner: cases + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + closure_type: close-by-user + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + required: false + type: text + defaultValue: My custom field default value. + templates: + - key: 505932fe-ee3a-4960-a661-c781b5acdb05 + name: template-1 + caseFields: + title: Default case title + tags: + - Default case tag + category: Default-category + description: A default description for cases. + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: A text field value for the template. + description: A description of the template. + tags: + - Template tag 1 + Cases_set_case_configuration_response: + summary: This is an example response for case settings. + value: + closure_type: close-by-user + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + required: false + type: text + defaultValue: My custom field default value. + templates: + - key: 505932fe-ee3a-4960-a661-c781b5acdb05 + name: template-1 + caseFields: + title: Default case title + tags: + - Default case tag + category: Default-category + description: A default description for cases. + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: A text field value for the template. + description: A description of the template. + tags: + - Template tag 1 + owner: cases + created_at: '2024-07-01T17:07:17.767Z' + created_by: + username: elastic + email: null, + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + updated_at: null + updated_by: null + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + mappings: + - source: title + target: summary + action_type: overwrite + - source: description + target: description + action_type: overwrite + - source: comments + target: comments + action_type: append + - source: tags + target: labels + action_type: overwrite + version: WzIwNzMsMV0= + error: null + id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + Cases_update_case_configuration_request: + summary: Update the case settings. + value: + version: WzExOSw0XQ== + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + closure_type: close-by-user + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + required: true + type: text + defaultValue: A new default value. + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + label: my-toggle + required: false + type: toggle + Cases_update_case_configuration_response: + summary: This is an example response when the case configuration was updated. + value: + closure_type: close-by-user + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + required: true + type: text + defaultValue: A new default value. + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + label: my-toggle + required: false + type: toggle + owner: cases + created_at: '2024-07-01T17:07:17.767Z' + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + updated_at: '2024-07-19T00:52:42.401Z' + updated_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + connector: + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + fields: null + mappings: + - source: title + target: summary + action_type: overwrite + - source: description + target: description + action_type: overwrite + - source: tags + target: labels + action_type: overwrite + - source: comments + target: comments + action_type: append + version: WzI2LDNd + error: null + id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + templates: [] + Cases_get_reporters_response: + summary: A list of two users that opened cases + value: + - username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + - username: jdoe + full_name: Jane Doe + email: jdoe@example.com + profile_uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + Cases_get_tags_response: + summary: A list of tags that are used in cases + value: + - observability + - security + - tag 1 + - tag 2 + Cases_get_case_response: + summary: Retrieves information about a case including its comments. + value: + id: 31cdada0-02c1-11ed-85f2-4f7c222ca2fa + version: WzM2LDFd + comments: + - id: 2134c1d0-02c2-11ed-85f2-4f7c222ca2fa + version: WzM3LDFd + type: user + owner: cases + comment: A new comment + created_at: '2023-10-13T15:40:32.335Z' + created_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + pushed_at: null + pushed_by: null + updated_at: null + updated_by: null + totalComment: 1 + totalAlerts: 0 + title: Case title 1 + tags: + - tag 1 + settings: + syncAlerts: true + owner: cases + category: null + customFields: + - type: text + key: d312efda-ec2b-42ec-9e2c-84981795c581 + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + description: A case description + duration: null + severity: low + closed_at: null + closed_by: null + created_at: '2023-10-13T15:33:50.604Z' + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + status: open + updated_at: '2023-10-13T15:40:32.335Z' + updated_by: + full_name: null + email: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + connector: + id: none + name: none + type: .none + fields: null + external_service: null + Cases_get_case_observability_response: + summary: >- + Retrieves information about an Observability case including its alerts + and comments. + value: + description: An Observability case description. + owner: observability + settings: + syncAlerts: false + tags: + - observability + - tag 1 + title: Observability case title 1 + category: null + customFields: [] + assignees: + - uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + connector: + id: none + type: .none + fields: null + name: none + severity: low + status: in-progress + duration: null + closed_at: null + closed_by: null + created_at: '2023-11-06T19:29:04.086Z' + created_by: + username: elastic + full_name: null + email: null + updated_at: '2023-11-06T19:47:55.662Z' + updated_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + external_service: null + id: c3ff7550-def1-4e90-b6bc-c9969a4a09b1 + version: WzI0NywyXQ== + totalComment: 1 + totalAlerts: 1 + comments: + - alertId: + - a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + index: + - .internal.alerts-observability.logs.alerts-default-000001 + type: alert + rule: + id: 03e4eb87-62ca-4e5d-9570-3d7625e9669d + name: Observability rule + owner: observability + created_at: '2023-11-06T19:29:38.424Z' + created_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + pushed_at: null + pushed_by: null + updated_at: null + updated_by: null + id: 59d438d0-79a9-4864-8d4b-e63adacebf6e + version: WzY3LDJd + - comment: The first comment. + type: user + owner: observability + created_at: '2023-11-06T19:29:57.812Z' + created_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + pushed_at: null + pushed_by: null + updated_at: null + updated_by: null + id: d99342d3-3aa3-4b80-90ec-a702607604f5 + version: WzcyLDJd + Cases_get_case_alerts_response: + summary: Retrieves all alerts attached to a case + value: + - id: f6a7d0c3-d52d-432c-b2e6-447cd7fce04d + index: .alerts-observability.logs.alerts-default + attached_at: '2022-07-25T20:09:40.963Z' + Cases_add_comment_request: + summary: Adds a comment to a case. + value: + type: user + comment: A new comment. + owner: cases + Cases_add_comment_response: + summary: >- + The add comment to case API returns a JSON object that contains details + about the case and its comments. + value: + comments: + - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + version: WzIwNDMxLDFd + type: user + owner: cases + comment: A new comment. + created_at: '2022-10-02T00:49:47.716Z' + created_by: + username: elastic + email: null + full_name: null + totalAlerts: 0 + id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 + version: WzIzMzgsMV0= + totalComment: 1 + title: Case title 1 + tags: + - tag 1 + description: A case description. + category: null + assignees: [] + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: Field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: true + settings: + syncAlerts: false + owner: cases + duration: null + severity: low + closed_at: null + closed_by: null + created_at: '2022-03-24T00:37:03.906Z' + created_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + status: open + updated_at: '2022-06-03T00:49:47.716Z' + updated_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + connector: + id: none + name: none + type: .none + fields: null + external_service: null + Cases_update_comment_request: + summary: Updates a comment of a case. + value: + id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + version: Wzk1LDFd + type: user + comment: An updated comment. + owner: cases + Cases_update_comment_response: + summary: >- + The add comment to case API returns a JSON object that contains details + about the case and its comments. + value: + comments: + - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + version: WzIwNjM3LDFd + comment: An updated comment. + type: user + owner: cases + created_at: '2023-10-24T00:37:10.832Z' + created_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + pushed_at: null + pushed_by: null + updated_at: '2023-10-24T01:27:06.210Z' + updated_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + totalAlerts: 0 + id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 + version: WzIwNjM2LDFd + totalComment: 1 + title: Case title 1 + tags: + - tag 1 + description: A case description. + settings: + syncAlerts: false + owner: cases + category: null + assignees: [] + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My new field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: false + duration: null + severity: low + closed_at: null + closed_by: null + created_at: '2023-10-24T00:37:03.906Z' + created_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + status: open + updated_at: '2023-10-24T01:27:06.210Z' + updated_by: + username: elastic + full_name: null + email: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + connector: + id: none + name: none + type: .none + fields: null + external_service: null + Cases_get_comment_response: + summary: A single user comment retrieved from a case + value: + id: 8048b460-fe2b-11ec-b15d-779a7c8bbcc3 + version: WzIzLDFd + type: user + owner: cases + comment: A new comment + created_at: '2023-10-07T19:32:13.104Z' + created_by: + email: null + full_name: null + username: elastic + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + pushed_at: null + pushed_by: null + updated_at: null + updated_by: null + Cases_push_case_response: + summary: >- + The push case API returns a JSON object with details about the case and + the external service. + value: + id: b917f300-0ed9-11ed-bd18-65557fe66949 + version: WzE3NjgsM10= + comments: [] + totalComment: 0 + totalAlerts: 0 + description: A case description. + title: Case title 1 + tags: + - tag 1 + settings: + syncAlerts: true + owner: cases + duration: null + severity: low + closed_at: null + closed_by: null + created_at: '2022-07-29T00:59:39.444Z' + created_by: + username: elastic + email: null + full_name: null + status: open + updated_at: '2022-07-29T01:20:58.436Z' + updated_by: + username: elastic + full_name: null + email: null + connector: + id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 + name: My connector + type: .jira + fields: + issueType: '10006' + parent: null + priority: Low + external_service: + pushed_at: '2022-07-29T01:20:58.436Z' + pushed_by: + username: elastic + full_name: null + email: null + connector_name: My connector + external_id: '71926' + external_title: ES-554 + external_url: https://cases.jira.com + connector_id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 + Cases_find_case_activity_response: + summary: Retrieves all activity for a case + value: + page: 1 + perPage: 20 + total: 3 + userActions: + - id: b4cd0770-07c9-11ed-a5fd-47154cb8767e + action: create + comment_id: null + created_at: '2023-10-20T01:17:22.150Z' + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + owner: cases + payload: + assignees: [] + connector: + name: none + type: .none + fields: null + id: none + description: A case description. + tags: + - tag 1 + title: Case title 1 + owner: cases + settings: + syncAlerts: false + severity: low + status: open + category: null + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + version: WzM1ODg4LDFd + type: create_case + - id: 57af14a0-03b1-11ed-920c-974bfa104448 + action: create + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: '2023-10-14T20:12:53.354Z' + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + owner: cases + payload: + comment: A new comment + owner: cases + type: user + version: WzM1ODg4LDFa + type: comment + - id: 573c6980-6123-11ed-aa41-81a0a61fe447 + action: add + comment_id: null + created_at: '2023-10-20T01:10:28.238Z' + created_by: + username: elastic + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + owner: cases + payload: + assignees: + uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + version: WzM1ODg4LDFb + type: assignees + Cases_find_connector_response: + summary: Retrieve information about the connectors and their settings. + value: + - id: 61787f53-4eee-4741-8df6-8fe84fa616f7 + actionTypeId: .jira + name: my-Jira + isMissingSecrets: false + config: + apiUrl: https://elastic.atlassian.net/ + projectKey: ES + isPreconfigured: false + isDeprecated: false + referencedByCount: 0 Connectors_create_email_connector_request: summary: Create an email connector. value: @@ -11124,6 +15707,9 @@ x-tagGroups: tags: - APM agent keys - APM annotations + - name: Cases + tags: + - cases - name: Connectors tags: - connectors diff --git a/src/plugins/controls/public/control_group/component/control_group_component.tsx b/src/plugins/controls/public/control_group/component/control_group_component.tsx index 019ef9256e91b..1b5b39bb6702d 100644 --- a/src/plugins/controls/public/control_group/component/control_group_component.tsx +++ b/src/plugins/controls/public/control_group/component/control_group_component.tsx @@ -137,7 +137,8 @@ export const ControlGroup = () => { !renderTourStep || !controlGroup.canShowInvalidSelectionsWarning() || !tourStepOpen || - !controlWithInvalidSelectionsId + !controlWithInvalidSelectionsId || + !panels[controlWithInvalidSelectionsId] ) { return null; } diff --git a/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx b/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx index 70c57f6f73cfc..46b47927a76cf 100644 --- a/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx +++ b/src/plugins/controls/public/control_group/embeddable/control_group_container.tsx @@ -104,7 +104,7 @@ export class ControlGroupContainer extends Container< private recalculateFilters$: Subject; private relevantDataViewId?: string; private lastUsedDataViewId?: string; - private invalidSelectionsState: { [childId: string]: boolean }; + private invalidSelectionsState: { [childId: string]: boolean } = {}; public diffingSubscription: Subscription = new Subscription(); @@ -170,12 +170,12 @@ export class ControlGroupContainer extends Container< this.store = reduxEmbeddableTools.store; - this.invalidSelectionsState = this.getChildIds().reduce((prev, id) => { - return { ...prev, [id]: false }; - }, {}); - // when all children are ready setup subscriptions this.untilAllChildrenReady().then(() => { + this.invalidSelectionsState = this.getChildIds().reduce((prev, id) => { + return { ...prev, [id]: false }; + }, {}); + this.recalculateDataViews(); this.setupSubscriptions(); const { filters, timeslice } = this.recalculateFilters(); @@ -324,7 +324,13 @@ export class ControlGroupContainer extends Container< this.subscriptions = new Subscription(); this.initialized$.next(false); this.updateInput(newInput); + this.untilAllChildrenReady().then(() => { + this.dispatch.setControlWithInvalidSelectionsId(undefined); + this.invalidSelectionsState = this.getChildIds().reduce((prev, id) => { + return { ...prev, [id]: false }; + }, {}); + this.recalculateDataViews(); const { filters, timeslice } = this.recalculateFilters(); this.publishFilters({ filters, timeslice }); diff --git a/src/plugins/discover/public/embeddable/actions/view_saved_search_action.ts b/src/plugins/discover/public/embeddable/actions/view_saved_search_action.ts index 8f259e89cada5..490d1e08cbdb5 100644 --- a/src/plugins/discover/public/embeddable/actions/view_saved_search_action.ts +++ b/src/plugins/discover/public/embeddable/actions/view_saved_search_action.ts @@ -7,40 +7,15 @@ */ import type { ApplicationStart } from '@kbn/core/public'; -import { SEARCH_EMBEDDABLE_TYPE } from '@kbn/discover-utils'; -import { ViewMode } from '@kbn/embeddable-plugin/public'; import { i18n } from '@kbn/i18n'; -import { - apiCanAccessViewMode, - apiHasType, - apiIsOfType, - CanAccessViewMode, - EmbeddableApiContext, - getInheritedViewMode, - HasType, -} from '@kbn/presentation-publishing'; +import type { EmbeddableApiContext } from '@kbn/presentation-publishing'; import type { Action } from '@kbn/ui-actions-plugin/public'; import type { DiscoverAppLocator } from '../../../common'; -import { PublishesSavedSearch, apiPublishesSavedSearch } from '../types'; import { getDiscoverLocatorParams } from '../utils/get_discover_locator_params'; export const ACTION_VIEW_SAVED_SEARCH = 'ACTION_VIEW_SAVED_SEARCH'; -type ViewSavedSearchActionApi = CanAccessViewMode & HasType & PublishesSavedSearch; - -const compatibilityCheck = ( - api: EmbeddableApiContext['embeddable'] -): api is ViewSavedSearchActionApi => { - return ( - apiCanAccessViewMode(api) && - getInheritedViewMode(api) === ViewMode.VIEW && - apiHasType(api) && - apiIsOfType(api, SEARCH_EMBEDDABLE_TYPE) && - apiPublishesSavedSearch(api) - ); -}; - export class ViewSavedSearchAction implements Action { public id = ACTION_VIEW_SAVED_SEARCH; public readonly type = ACTION_VIEW_SAVED_SEARCH; @@ -51,6 +26,7 @@ export class ViewSavedSearchAction implements Action { ) {} async execute({ embeddable }: EmbeddableApiContext): Promise { + const { compatibilityCheck } = await import('./view_saved_search_compatibility_check'); if (!compatibilityCheck(embeddable)) { return; } @@ -73,6 +49,9 @@ export class ViewSavedSearchAction implements Action { const { capabilities } = this.application; const hasDiscoverPermissions = (capabilities.discover.show as boolean) || (capabilities.discover.save as boolean); - return compatibilityCheck(embeddable) && hasDiscoverPermissions; + + if (!hasDiscoverPermissions) return false; // early return to delay async import until absolutely necessary + const { compatibilityCheck } = await import('./view_saved_search_compatibility_check'); + return compatibilityCheck(embeddable); } } diff --git a/src/plugins/discover/public/embeddable/actions/view_saved_search_compatibility_check.ts b/src/plugins/discover/public/embeddable/actions/view_saved_search_compatibility_check.ts new file mode 100644 index 0000000000000..06eaa548b5b77 --- /dev/null +++ b/src/plugins/discover/public/embeddable/actions/view_saved_search_compatibility_check.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { SEARCH_EMBEDDABLE_TYPE } from '@kbn/discover-utils'; +import { ViewMode } from '@kbn/embeddable-plugin/public'; +import { + apiCanAccessViewMode, + apiHasType, + apiIsOfType, + CanAccessViewMode, + EmbeddableApiContext, + getInheritedViewMode, + HasType, +} from '@kbn/presentation-publishing'; + +import { apiPublishesSavedSearch, PublishesSavedSearch } from '../types'; + +type ViewSavedSearchActionApi = CanAccessViewMode & HasType & PublishesSavedSearch; + +export const compatibilityCheck = ( + api: EmbeddableApiContext['embeddable'] +): api is ViewSavedSearchActionApi => { + return ( + apiCanAccessViewMode(api) && + getInheritedViewMode(api) === ViewMode.VIEW && + apiHasType(api) && + apiIsOfType(api, SEARCH_EMBEDDABLE_TYPE) && + apiPublishesSavedSearch(api) + ); +}; diff --git a/src/plugins/discover/public/embeddable/utils/get_discover_locator_params.ts b/src/plugins/discover/public/embeddable/utils/get_discover_locator_params.ts index 93703698b1e28..f5b90040757d5 100644 --- a/src/plugins/discover/public/embeddable/utils/get_discover_locator_params.ts +++ b/src/plugins/discover/public/embeddable/utils/get_discover_locator_params.ts @@ -7,7 +7,7 @@ */ import type { Filter } from '@kbn/es-query'; -import { PublishesSavedObjectId, PublishesUnifiedSearch } from '@kbn/presentation-publishing'; +import type { PublishesSavedObjectId, PublishesUnifiedSearch } from '@kbn/presentation-publishing'; import { DiscoverAppLocatorParams } from '../../../common'; import { PublishesSavedSearch } from '../types'; diff --git a/x-pack/plugins/cases/docs/openapi/README.md b/x-pack/plugins/cases/docs/openapi/README.md index fedb9635abc82..6de117e966fe0 100644 --- a/x-pack/plugins/cases/docs/openapi/README.md +++ b/x-pack/plugins/cases/docs/openapi/README.md @@ -13,22 +13,11 @@ A guide about the openApi specification can be found at [https://swagger.io/docs ## Tools -It is possible to validate the docs before bundling them with the following -command in the `x-pack/plugins/cases/docs/openapi/` folder: - - ```bash - npx swagger-cli validate entrypoint.yaml - ``` - -Then you can generate the `bundled` files by running the following commands: +Generate the `bundled` files by running the following commands: ```bash npx @redocly/cli bundle entrypoint.yaml --output bundled.yaml --ext yaml npx @redocly/cli bundle entrypoint.yaml --output bundled.json --ext json ``` -After generating the json bundle ensure that it is also valid by running the following command: - - ```bash - npx @redocly/cli lint bundled.json - ``` +Then join these files with the rest of the Kibana APIs per `oas_docs/README.md` diff --git a/x-pack/plugins/cases/docs/openapi/bundled.json b/x-pack/plugins/cases/docs/openapi/bundled.json index 6bc965f7ee5fc..f9f2550580c80 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.json +++ b/x-pack/plugins/cases/docs/openapi/bundled.json @@ -1,9 +1,9 @@ { - "openapi": "3.1.0", + "openapi": "3.0.1", "info": { "title": "Cases", "description": "OpenAPI schema for Cases endpoints", - "version": "0.2", + "version": "0.1", "contact": { "name": "Cases Team" }, @@ -17,14 +17,6 @@ "url": "/" } ], - "security": [ - { - "basicAuth": [] - }, - { - "apiKeyAuth": [] - } - ], "tags": [ { "name": "cases", @@ -34,7 +26,7 @@ "paths": { "/api/cases": { "post": { - "summary": "Creates a case in the default space.", + "summary": "Create a case", "operationId": "createCaseDefaultSpace", "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", "tags": [ @@ -89,7 +81,7 @@ } }, "delete": { - "summary": "Deletes one or more cases in the default space.", + "summary": "Delete cases", "operationId": "deleteCaseDefaultSpace", "description": "You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", "tags": [ @@ -120,7 +112,7 @@ } }, "patch": { - "summary": "Updates one or more cases in the default space.", + "summary": "Update cases", "operationId": "updateCaseDefaultSpace", "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", "tags": [ @@ -179,7 +171,7 @@ }, "/api/cases/_find": { "get": { - "summary": "Retrieves a paginated subset of cases in the default space.", + "summary": "Search cases", "operationId": "findCasesDefaultSpace", "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", "tags": [ @@ -293,7 +285,7 @@ }, "/api/cases/alerts/{alertId}": { "get": { - "summary": "Returns the cases associated with a specific alert in the default space.", + "summary": "Get cases for an alert", "operationId": "getCasesByAlertDefaultSpace", "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", "x-technical-preview": true, @@ -329,7 +321,7 @@ } } }, - "examples": [ + "example": [ { "id": "06116b80-e1c3-11ec-be9b-9b1838238ee6", "title": "security_case" @@ -354,9 +346,9 @@ }, "/api/cases/configure": { "get": { - "summary": "Get case settings in the default space", + "summary": "Get case settings", "operationId": "getCaseConfigurationDefaultSpace", - "description": "Retrieves setting details such as the closure type, custom fields, templatse, and the default connector for cases in the default space. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created.\n", + "description": "Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created.\n", "tags": [ "cases" ], @@ -383,24 +375,18 @@ "properties": { "fields": { "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] + "nullable": true, + "type": "object" }, "id": { "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -410,9 +396,7 @@ "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2022-06-01T17:07:17.767Z" - ] + "example": "2022-06-01T17:07:17.767Z" }, "created_by": { "type": "object", @@ -423,43 +407,28 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "customFields": { "type": "array", - "x-technical-preview": true, "description": "Custom fields configuration details.", "items": { "type": "object", @@ -503,19 +472,13 @@ } }, "error": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "nullable": true, + "example": null }, "id": { "type": "string", - "examples": [ - "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - ] + "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" }, "mappings": { "type": "array", @@ -524,21 +487,15 @@ "properties": { "action_type": { "type": "string", - "examples": [ - "overwrite" - ] + "example": "overwrite" }, "source": { "type": "string", - "examples": [ - "title" - ] + "example": "title" }, "target": { "type": "string", - "examples": [ - "summary" - ] + "example": "summary" } } } @@ -550,20 +507,13 @@ "$ref": "#/components/schemas/templates" }, "updated_at": { - "type": [ - "string", - "null" - ], + "type": "string", "format": "date-time", - "examples": [ - "2022-06-01T19:58:48.169Z" - ] + "nullable": true, + "example": "2022-06-01T19:58:48.169Z" }, "updated_by": { - "type": [ - "object", - "null" - ], + "type": "object", "required": [ "email", "full_name", @@ -571,45 +521,30 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - } + }, + "nullable": true }, "version": { "type": "string", - "examples": [ - "WzIwNzMsMV0=" - ] + "example": "WzIwNzMsMV0=" } } } @@ -635,7 +570,7 @@ } }, "post": { - "summary": "Add case settings in the default space", + "summary": "Add case settings", "operationId": "setCaseConfigurationDefaultSpace", "description": "Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases.\n", "tags": [ @@ -676,24 +611,18 @@ "properties": { "fields": { "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] + "nullable": true, + "type": "object" }, "id": { "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -703,9 +632,7 @@ "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2022-06-01T17:07:17.767Z" - ] + "example": "2022-06-01T17:07:17.767Z" }, "created_by": { "type": "object", @@ -716,43 +643,28 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "customFields": { "type": "array", - "x-technical-preview": true, "description": "Custom fields configuration details.", "items": { "type": "object", @@ -796,19 +708,13 @@ } }, "error": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "nullable": true, + "example": null }, "id": { "type": "string", - "examples": [ - "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - ] + "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" }, "mappings": { "type": "array", @@ -817,21 +723,15 @@ "properties": { "action_type": { "type": "string", - "examples": [ - "overwrite" - ] + "example": "overwrite" }, "source": { "type": "string", - "examples": [ - "title" - ] + "example": "title" }, "target": { "type": "string", - "examples": [ - "summary" - ] + "example": "summary" } } } @@ -843,20 +743,13 @@ "$ref": "#/components/schemas/templates" }, "updated_at": { - "type": [ - "string", - "null" - ], + "type": "string", "format": "date-time", - "examples": [ - "2022-06-01T19:58:48.169Z" - ] + "nullable": true, + "example": "2022-06-01T19:58:48.169Z" }, "updated_by": { - "type": [ - "object", - "null" - ], + "type": "object", "required": [ "email", "full_name", @@ -864,45 +757,30 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - } + }, + "nullable": true }, "version": { "type": "string", - "examples": [ - "WzIwNzMsMV0=" - ] + "example": "WzIwNzMsMV0=" } } }, @@ -929,9 +807,9 @@ }, "/api/cases/configure/{configurationId}": { "patch": { - "summary": "Update case settings in the default space", + "summary": "Update case settings", "operationId": "updateCaseConfigurationDefaultSpace", - "description": "Updates setting details such as the closure type, custom fields, templates, and the default connector for cases in the default space. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created.\n", + "description": "Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created.\n", "tags": [ "cases" ], @@ -973,24 +851,18 @@ "properties": { "fields": { "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] + "nullable": true, + "type": "object" }, "id": { "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -1000,9 +872,7 @@ "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2022-06-01T17:07:17.767Z" - ] + "example": "2022-06-01T17:07:17.767Z" }, "created_by": { "type": "object", @@ -1013,43 +883,28 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "customFields": { "type": "array", - "x-technical-preview": true, "description": "Custom fields configuration details.", "items": { "type": "object", @@ -1093,19 +948,13 @@ } }, "error": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "nullable": true, + "example": null }, "id": { "type": "string", - "examples": [ - "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - ] + "example": "4a97a440-e1cd-11ec-be9b-9b1838238ee6" }, "mappings": { "type": "array", @@ -1114,21 +963,15 @@ "properties": { "action_type": { "type": "string", - "examples": [ - "overwrite" - ] + "example": "overwrite" }, "source": { "type": "string", - "examples": [ - "title" - ] + "example": "title" }, "target": { "type": "string", - "examples": [ - "summary" - ] + "example": "summary" } } } @@ -1140,20 +983,13 @@ "$ref": "#/components/schemas/templates" }, "updated_at": { - "type": [ - "string", - "null" - ], + "type": "string", "format": "date-time", - "examples": [ - "2022-06-01T19:58:48.169Z" - ] + "nullable": true, + "example": "2022-06-01T19:58:48.169Z" }, "updated_by": { - "type": [ - "object", - "null" - ], + "type": "object", "required": [ "email", "full_name", @@ -1161,45 +997,30 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - } + }, + "nullable": true }, "version": { "type": "string", - "examples": [ - "WzIwNzMsMV0=" - ] + "example": "WzIwNzMsMV0=" } } }, @@ -1226,9 +1047,9 @@ }, "/api/cases/reporters": { "get": { - "summary": "Returns information about the users who opened cases in the default space.", + "summary": "Get case creators", "operationId": "getCaseReportersDefaultSpace", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.\n", + "description": "Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.\n", "tags": [ "cases" ], @@ -1254,37 +1075,23 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } } @@ -1312,9 +1119,9 @@ }, "/api/cases/status": { "get": { - "summary": "Returns the number of cases that are open, closed, and in progress in the default space.", + "summary": "Get case status summary", "operationId": "getCaseStatusDefaultSpace", - "description": "Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "description": "Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", "deprecated": true, "tags": [ "cases" @@ -1361,9 +1168,9 @@ }, "/api/cases/tags": { "get": { - "summary": "Aggregates and returns a list of case tags in the default space.", + "summary": "Get case tags", "operationId": "getCaseTagsDefaultSpace", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", + "description": "Aggregates and returns a list of case tags. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", "tags": [ "cases" ], @@ -1407,7 +1214,7 @@ }, "/api/cases/{caseId}": { "get": { - "summary": "Retrieves information about a case in the default space.", + "summary": "Get case information", "operationId": "getCaseDefaultSpace", "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", "tags": [ @@ -1455,7 +1262,7 @@ }, "/api/cases/{caseId}/alerts": { "get": { - "summary": "Gets all alerts attached to a case in the default space.", + "summary": "Get all alerts for a case", "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", "x-technical-preview": true, "operationId": "getCaseAlertsDefaultSpace", @@ -1501,7 +1308,7 @@ }, "/api/cases/{caseId}/comments": { "post": { - "summary": "Adds a comment or alert to a case in the default space.", + "summary": "Add a case comment or alert", "operationId": "addCaseCommentDefaultSpace", "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.\n", "tags": [ @@ -1559,9 +1366,9 @@ } }, "delete": { - "summary": "Deletes all comments and alerts from a case in the default space.", + "summary": "Delete all case comments and alerts", "operationId": "deleteCaseCommentsDefaultSpace", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", + "description": "Deletes all comments and alerts from a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", "tags": [ "cases" ], @@ -1590,7 +1397,7 @@ } }, "patch": { - "summary": "Updates a comment or alert in a case in the default space.", + "summary": "Update a case comment or alert", "operationId": "updateCaseCommentDefaultSpace", "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.\n", "tags": [ @@ -1648,7 +1455,7 @@ } }, "get": { - "summary": "Retrieves all the comments from a case in the default space.", + "summary": "Get all case comments", "operationId": "getAllCaseCommentsDefaultSpace", "description": "Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", "deprecated": true, @@ -1684,9 +1491,55 @@ } } }, + "/api/cases/{caseId}/comments/_find": { + "get": { + "summary": "Find case comments and alerts", + "operationId": "findCaseCommentsDefaultSpace", + "description": "Retrieves a paginated list of comments for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", + "tags": [ + "cases" + ], + "parameters": [ + { + "$ref": "#/components/parameters/case_id" + }, + { + "$ref": "#/components/parameters/page_index" + }, + { + "$ref": "#/components/parameters/page_size" + }, + { + "$ref": "#/components/parameters/sort_order" + } + ], + "responses": { + "200": { + "description": "Indicates a successful call.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/case_response_properties" + } + } + } + }, + "401": { + "description": "Authorization information is missing or invalid.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/4xx_response" + } + } + } + } + } + } + }, "/api/cases/{caseId}/comments/{commentId}": { "delete": { - "summary": "Deletes a comment or alert from a case in the default space.", + "summary": "Delete a case comment or alert", "operationId": "deleteCaseCommentDefaultSpace", "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", "tags": [ @@ -1720,7 +1573,7 @@ } }, "get": { - "summary": "Retrieves a comment from a case in the default space.", + "summary": "Get a case comment or alert", "operationId": "getCaseCommentDefaultSpace", "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", "tags": [ @@ -1772,7 +1625,7 @@ }, "/api/cases/{caseId}/connector/{connectorId}/_push": { "post": { - "summary": "Pushes a case in the default space to an external service.", + "summary": "Push a case to an external service", "description": "You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.\n", "operationId": "pushCaseDefaultSpace", "tags": [ @@ -1793,10 +1646,8 @@ "content": { "application/json": { "schema": { - "type": [ - "object", - "null" - ] + "type": "object", + "nullable": true } } } @@ -1832,8 +1683,8 @@ }, "/api/cases/{caseId}/user_actions": { "get": { - "summary": "Returns all user activity for a case in the default space.", - "description": "Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", + "summary": "Get case activity", + "description": "Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", "deprecated": true, "operationId": "getCaseActivityDefaultSpace", "tags": [ @@ -1873,8 +1724,8 @@ }, "/api/cases/{caseId}/user_actions/_find": { "get": { - "summary": "Finds user activity for a case in the default space.", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", + "summary": "Find case activity", + "description": "Retrives a paginated list of user activity for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", "operationId": "findCaseActivityDefaultSpace", "tags": [ "cases" @@ -1945,9 +1796,9 @@ }, "/api/cases/configure/connectors/_find": { "get": { - "summary": "Get case connectors in the default space", + "summary": "Get case connectors", "operationId": "findCaseConnectorsDefaultSpace", - "description": "Retrieves information about connectors that are supported for use in cases in the default space. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.\n", + "description": "Get information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.\n", "tags": [ "cases" ], @@ -2018,2150 +1869,33 @@ } } } - }, - "/s/{spaceId}/api/cases": { - "post": { - "summary": "Creates a case.", - "operationId": "createCase", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/create_case_request" - }, - "examples": { - "createCaseRequest": { - "$ref": "#/components/examples/create_case_request" - } - } - } - } + } + }, + "components": { + "parameters": { + "kbn_xsrf": { + "schema": { + "type": "string" }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "createCaseResponse": { - "$ref": "#/components/examples/create_case_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } + "in": "header", + "name": "kbn-xsrf", + "description": "Cross-site request forgery protection", + "required": true }, - "delete": { - "summary": "Deletes one or more cases.", - "operationId": "deleteCase", - "description": "You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/ids" - }, - { - "$ref": "#/components/parameters/space_id" + "ids": { + "name": "ids", + "description": "The cases that you want to removed. All non-ASCII characters must be URL encoded.\n", + "in": "query", + "required": true, + "schema": { + "type": "array", + "items": { + "type": "string", + "minItems": 1, + "maxItems": 100 } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - }, - "patch": { - "summary": "Updates one or more cases.", - "operationId": "updateCase", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/update_case_request" - }, - "examples": { - "updateCaseRequest": { - "$ref": "#/components/examples/update_case_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/case_response_properties" - } - }, - "examples": { - "updateCaseResponse": { - "$ref": "#/components/examples/update_case_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/_find": { - "get": { - "summary": "Retrieves a paginated subset of cases.", - "operationId": "findCases", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/assignees" - }, - { - "$ref": "#/components/parameters/category" - }, - { - "$ref": "#/components/parameters/defaultSearchOperator" - }, - { - "$ref": "#/components/parameters/from" - }, - { - "$ref": "#/components/parameters/owner" - }, - { - "$ref": "#/components/parameters/page_index" - }, - { - "$ref": "#/components/parameters/page_size" - }, - { - "$ref": "#/components/parameters/reporters" - }, - { - "$ref": "#/components/parameters/search" - }, - { - "$ref": "#/components/parameters/searchFields" - }, - { - "$ref": "#/components/parameters/severity" - }, - { - "$ref": "#/components/parameters/sortField" - }, - { - "$ref": "#/components/parameters/sort_order" - }, - { - "$ref": "#/components/parameters/status" - }, - { - "$ref": "#/components/parameters/tags" - }, - { - "$ref": "#/components/parameters/to" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "cases": { - "type": "array", - "items": { - "$ref": "#/components/schemas/case_response_properties" - } - }, - "count_closed_cases": { - "type": "integer" - }, - "count_in_progress_cases": { - "type": "integer" - }, - "count_open_cases": { - "type": "integer" - }, - "page": { - "type": "integer" - }, - "per_page": { - "type": "integer" - }, - "total": { - "type": "integer" - } - } - }, - "examples": { - "findCaseResponse": { - "$ref": "#/components/examples/find_case_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/alerts/{alertId}": { - "get": { - "summary": "Returns the cases associated with a specific alert.", - "operationId": "getCasesByAlert", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "x-technical-preview": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/alert_id" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "id": { - "type": "string", - "description": "The case identifier." - }, - "title": { - "type": "string", - "description": "The case title." - } - } - }, - "examples": [ - { - "id": "06116b80-e1c3-11ec-be9b-9b1838238ee6", - "title": "security_case" - } - ] - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/configure": { - "get": { - "summary": "Get case settings", - "operationId": "getCaseConfiguration", - "description": "Retrieves setting details such as the closure type, custom fields, templates, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "examples": [ - "none" - ] - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "examples": [ - "none" - ] - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "examples": [ - "2022-06-01T17:07:17.767Z" - ] - }, - "created_by": { - "type": "object", - "required": [ - "email", - "full_name", - "username" - ], - "properties": { - "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { - "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] - }, - "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] - } - } - }, - "customFields": { - "type": "array", - "x-technical-preview": true, - "description": "Custom fields configuration details.", - "items": { - "type": "object", - "properties": { - "defaultValue": { - "oneOf": [ - { - "type": "string" - }, - { - "type": "boolean" - } - ], - "description": "A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n" - }, - "key": { - "description": "A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n", - "type": "string", - "minLength": 1, - "maxLength": 36 - }, - "label": { - "description": "The custom field label that is displayed in the case.", - "type": "string", - "minLength": 1, - "maxLength": 50 - }, - "required": { - "description": "Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n", - "type": "boolean" - }, - "type": { - "description": "The type of the custom field.", - "type": "string", - "enum": [ - "text", - "toggle" - ] - } - } - } - }, - "error": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "id": { - "type": "string", - "examples": [ - "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - ] - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "examples": [ - "overwrite" - ] - }, - "source": { - "type": "string", - "examples": [ - "title" - ] - }, - "target": { - "type": "string", - "examples": [ - "summary" - ] - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "templates": { - "$ref": "#/components/schemas/templates" - }, - "updated_at": { - "type": [ - "string", - "null" - ], - "format": "date-time", - "examples": [ - "2022-06-01T19:58:48.169Z" - ] - }, - "updated_by": { - "type": [ - "object", - "null" - ], - "required": [ - "email", - "full_name", - "username" - ], - "properties": { - "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { - "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] - }, - "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] - } - } - }, - "version": { - "type": "string", - "examples": [ - "WzIwNzMsMV0=" - ] - } - } - } - }, - "examples": { - "getConfigurationResponse": { - "$ref": "#/components/examples/get_case_configuration_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - }, - "post": { - "summary": "Add case settings", - "operationId": "setCaseConfiguration", - "description": "Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/set_case_configuration_request" - }, - "examples": { - "setCaseConfigRequest": { - "$ref": "#/components/examples/set_case_configuration_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "examples": [ - "none" - ] - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "examples": [ - "none" - ] - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "examples": [ - "2022-06-01T17:07:17.767Z" - ] - }, - "created_by": { - "type": "object", - "required": [ - "email", - "full_name", - "username" - ], - "properties": { - "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { - "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] - }, - "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] - } - } - }, - "customFields": { - "type": "array", - "x-technical-preview": true, - "description": "Custom fields configuration details.", - "items": { - "type": "object", - "properties": { - "defaultValue": { - "oneOf": [ - { - "type": "string" - }, - { - "type": "boolean" - } - ], - "description": "A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n" - }, - "key": { - "description": "A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n", - "type": "string", - "minLength": 1, - "maxLength": 36 - }, - "label": { - "description": "The custom field label that is displayed in the case.", - "type": "string", - "minLength": 1, - "maxLength": 50 - }, - "required": { - "description": "Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n", - "type": "boolean" - }, - "type": { - "description": "The type of the custom field.", - "type": "string", - "enum": [ - "text", - "toggle" - ] - } - } - } - }, - "error": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "id": { - "type": "string", - "examples": [ - "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - ] - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "examples": [ - "overwrite" - ] - }, - "source": { - "type": "string", - "examples": [ - "title" - ] - }, - "target": { - "type": "string", - "examples": [ - "summary" - ] - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "templates": { - "$ref": "#/components/schemas/templates" - }, - "updated_at": { - "type": [ - "string", - "null" - ], - "format": "date-time", - "examples": [ - "2022-06-01T19:58:48.169Z" - ] - }, - "updated_by": { - "type": [ - "object", - "null" - ], - "required": [ - "email", - "full_name", - "username" - ], - "properties": { - "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { - "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] - }, - "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] - } - } - }, - "version": { - "type": "string", - "examples": [ - "WzIwNzMsMV0=" - ] - } - } - }, - "examples": { - "setCaseConfigResponse": { - "$ref": "#/components/examples/set_case_configuration_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/configure/{configurationId}": { - "patch": { - "summary": "Update case settings", - "operationId": "updateCaseConfiguration", - "description": "Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/configuration_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/update_case_configuration_request" - }, - "examples": { - "updateCaseConfigurationRequest": { - "$ref": "#/components/examples/update_case_configuration_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "closure_type": { - "$ref": "#/components/schemas/closure_types" - }, - "connector": { - "type": "object", - "properties": { - "fields": { - "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] - }, - "id": { - "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", - "type": "string", - "examples": [ - "none" - ] - }, - "name": { - "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", - "type": "string", - "examples": [ - "none" - ] - }, - "type": { - "$ref": "#/components/schemas/connector_types" - } - } - }, - "created_at": { - "type": "string", - "format": "date-time", - "examples": [ - "2022-06-01T17:07:17.767Z" - ] - }, - "created_by": { - "type": "object", - "required": [ - "email", - "full_name", - "username" - ], - "properties": { - "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { - "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] - }, - "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] - } - } - }, - "customFields": { - "type": "array", - "x-technical-preview": true, - "description": "Custom fields configuration details.", - "items": { - "type": "object", - "properties": { - "defaultValue": { - "oneOf": [ - { - "type": "string" - }, - { - "type": "boolean" - } - ], - "description": "A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n" - }, - "key": { - "description": "A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n", - "type": "string", - "minLength": 1, - "maxLength": 36 - }, - "label": { - "description": "The custom field label that is displayed in the case.", - "type": "string", - "minLength": 1, - "maxLength": 50 - }, - "required": { - "description": "Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n", - "type": "boolean" - }, - "type": { - "description": "The type of the custom field.", - "type": "string", - "enum": [ - "text", - "toggle" - ] - } - } - } - }, - "error": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "id": { - "type": "string", - "examples": [ - "4a97a440-e1cd-11ec-be9b-9b1838238ee6" - ] - }, - "mappings": { - "type": "array", - "items": { - "type": "object", - "properties": { - "action_type": { - "type": "string", - "examples": [ - "overwrite" - ] - }, - "source": { - "type": "string", - "examples": [ - "title" - ] - }, - "target": { - "type": "string", - "examples": [ - "summary" - ] - } - } - } - }, - "owner": { - "$ref": "#/components/schemas/owners" - }, - "templates": { - "$ref": "#/components/schemas/templates" - }, - "updated_at": { - "type": [ - "string", - "null" - ], - "format": "date-time", - "examples": [ - "2022-06-01T19:58:48.169Z" - ] - }, - "updated_by": { - "type": [ - "object", - "null" - ], - "required": [ - "email", - "full_name", - "username" - ], - "properties": { - "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { - "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] - }, - "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] - } - } - }, - "version": { - "type": "string", - "examples": [ - "WzIwNzMsMV0=" - ] - } - } - }, - "examples": { - "updateCaseConfigurationResponse": { - "$ref": "#/components/examples/update_case_configuration_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/configure/connectors/_find": { - "get": { - "summary": "Get case connectors", - "operationId": "findCaseConnectors", - "description": "Retrieves information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "properties": { - "actionTypeId": { - "$ref": "#/components/schemas/connector_types" - }, - "config": { - "type": "object", - "properties": { - "apiUrl": { - "type": "string" - }, - "projectKey": { - "type": "string" - } - }, - "additionalProperties": true - }, - "id": { - "type": "string" - }, - "isDeprecated": { - "type": "boolean" - }, - "isMissingSecrets": { - "type": "boolean" - }, - "isPreconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "referencedByCount": { - "type": "integer" - } - } - } - }, - "examples": { - "findConnectorResponse": { - "$ref": "#/components/examples/find_connector_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/reporters": { - "get": { - "summary": "Returns information about the users who opened cases.", - "operationId": "getCaseReporters", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "object", - "required": [ - "email", - "full_name", - "username" - ], - "properties": { - "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { - "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] - }, - "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] - } - } - } - }, - "examples": { - "getReportersResponse": { - "$ref": "#/components/examples/get_reporters_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/status": { - "get": { - "summary": "Returns the number of cases that are open, closed, and in progress.", - "operationId": "getCaseStatus", - "description": "Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "deprecated": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "count_closed_cases": { - "type": "integer" - }, - "count_in_progress_cases": { - "type": "integer" - }, - "count_open_cases": { - "type": "integer" - } - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/tags": { - "get": { - "summary": "Aggregates and returns a list of case tags.", - "operationId": "getCaseTags", - "description": "You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/owner" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "type": "string" - } - }, - "examples": { - "getTagsResponse": { - "$ref": "#/components/examples/get_tags_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}": { - "get": { - "summary": "Retrieves information about a case.", - "operationId": "getCase", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/includeComments" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "getCaseResponse": { - "$ref": "#/components/examples/get_case_response" - }, - "getObservabilityCaseReponse": { - "$ref": "#/components/examples/get_case_observability_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}/alerts": { - "get": { - "summary": "Gets all alerts attached to a case.", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n", - "x-technical-preview": true, - "operationId": "getCaseAlerts", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/alert_response_properties" - } - }, - "examples": { - "getCaseAlertsResponse": { - "$ref": "#/components/examples/get_case_alerts_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}/comments": { - "post": { - "summary": "Adds a comment or alert to a case.", - "operationId": "addCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/add_case_comment_request" - }, - "examples": { - "createCaseCommentRequest": { - "$ref": "#/components/examples/add_comment_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "createCaseCommentResponse": { - "$ref": "#/components/examples/add_comment_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - }, - "delete": { - "summary": "Deletes all comments and alerts from a case.", - "operationId": "deleteCaseComments", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - }, - "patch": { - "summary": "Updates a comment or alert in a case.", - "operationId": "updateCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/update_case_comment_request" - }, - "examples": { - "updateCaseCommentRequest": { - "$ref": "#/components/examples/update_comment_request" - } - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "updateCaseCommentResponse": { - "$ref": "#/components/examples/update_comment_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - }, - "get": { - "summary": "Retrieves all the comments from a case.", - "operationId": "getAllCaseComments", - "description": "Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", - "deprecated": true, - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}/comments/_find": { - "get": { - "summary": "Retrieves all the user comments from a case.", - "operationId": "findCaseComments", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/page_index" - }, - { - "$ref": "#/components/parameters/page_size" - }, - { - "$ref": "#/components/parameters/sort_order" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}/comments/{commentId}": { - "delete": { - "summary": "Deletes a comment or alert from a case.", - "operationId": "deleteCaseComment", - "description": "You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/comment_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - }, - "get": { - "summary": "Retrieves a comment from a case.", - "operationId": "getCaseComment", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/comment_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/alert_comment_response_properties" - }, - { - "$ref": "#/components/schemas/user_comment_response_properties" - } - ] - }, - "examples": { - "getCaseCommentResponse": { - "$ref": "#/components/examples/get_comment_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push": { - "post": { - "summary": "Pushes a case to an external service.", - "description": "You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.\n", - "operationId": "pushCase", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/connector_id" - }, - { - "$ref": "#/components/parameters/kbn_xsrf" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": [ - "object", - "null" - ] - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/case_response_properties" - }, - "examples": { - "pushCaseResponse": { - "$ref": "#/components/examples/push_case_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}/user_actions": { - "get": { - "summary": "Returns all user activity for a case.", - "description": "Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", - "deprecated": true, - "operationId": "getCaseActivity", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/user_actions_response_properties" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - }, - "/s/{spaceId}/api/cases/{caseId}/user_actions/_find": { - "get": { - "summary": "Finds user activity for a case.", - "description": "You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n", - "operationId": "findCaseActivity", - "tags": [ - "cases" - ], - "parameters": [ - { - "$ref": "#/components/parameters/case_id" - }, - { - "$ref": "#/components/parameters/space_id" - }, - { - "$ref": "#/components/parameters/page_index" - }, - { - "$ref": "#/components/parameters/page_size" - }, - { - "$ref": "#/components/parameters/sort_order" - }, - { - "$ref": "#/components/parameters/user_action_types" - } - ], - "responses": { - "200": { - "description": "Indicates a successful call.", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "page": { - "type": "integer" - }, - "perPage": { - "type": "integer" - }, - "total": { - "type": "integer" - }, - "userActions": { - "type": "array", - "items": { - "$ref": "#/components/schemas/user_actions_find_response_properties" - } - } - } - }, - "examples": { - "findCaseActivityResponse": { - "$ref": "#/components/examples/find_case_activity_response" - } - } - } - } - }, - "401": { - "description": "Authorization information is missing or invalid.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/4xx_response" - } - } - } - } - } - } - } - }, - "components": { - "securitySchemes": { - "basicAuth": { - "type": "http", - "scheme": "basic" - }, - "apiKeyAuth": { - "type": "apiKey", - "in": "header", - "name": "Authorization", - "description": "e.g. Authorization: ApiKey base64AccessApiKey" - } - }, - "parameters": { - "kbn_xsrf": { - "schema": { - "type": "string" }, - "in": "header", - "name": "kbn-xsrf", - "description": "Cross-site request forgery protection", - "required": true - }, - "ids": { - "name": "ids", - "description": "The cases that you want to removed. All non-ASCII characters must be URL encoded.\n", - "in": "query", - "required": true, - "schema": { - "type": "array", - "items": { - "type": "string", - "minItems": 1, - "maxItems": 100 - }, - "examples": [ - [ - "d4e7abb0-b462-11ec-9a8d-698504725a43" - ] - ] - } + "example": "d4e7abb0-b462-11ec-9a8d-698504725a43" }, "assignees": { "in": "query", @@ -4189,19 +1923,15 @@ "schema": { "oneOf": [ { - "type": "string" + "type": "string", + "example": "my-category" }, { "type": "array", "items": { "type": "string" }, - "maxItems": 100, - "examples": [ - [ - "my-category" - ] - ] + "maxItems": 100 } ] } @@ -4212,11 +1942,9 @@ "description": "he default operator to use for the simple_query_string.", "schema": { "type": "string", - "default": "OR", - "examples": [ - "OR" - ] - } + "default": "OR" + }, + "example": "OR" }, "from": { "in": "query", @@ -4224,9 +1952,7 @@ "description": "Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression.\n", "schema": { "type": "string", - "examples": [ - "now-1d" - ] + "example": "now-1d" } }, "owner": { @@ -4242,15 +1968,11 @@ "type": "array", "items": { "$ref": "#/components/schemas/owners" - }, - "examples": [ - [ - "cases" - ] - ] + } } ] - } + }, + "example": "cases" }, "page_index": { "in": "query", @@ -4259,10 +1981,7 @@ "required": false, "schema": { "type": "integer", - "default": 1, - "examples": [ - 1 - ] + "default": 1 } }, "page_size": { @@ -4290,15 +2009,11 @@ "items": { "type": "string" }, - "maxItems": 100, - "examples": [ - [ - "elastic" - ] - ] + "maxItems": 100 } ] - } + }, + "example": "elastic" }, "search": { "in": "query", @@ -4355,11 +2070,9 @@ "status", "severity" ], - "default": "createdAt", - "examples": [ - "updatedAt" - ] - } + "default": "createdAt" + }, + "example": "updatedAt" }, "sort_order": { "in": "query", @@ -4385,11 +2098,9 @@ "closed", "in-progress", "open" - ], - "examples": [ - "open" ] - } + }, + "example": "open" }, "tags": { "in": "query", @@ -4405,26 +2116,20 @@ "items": { "type": "string" }, - "maxItems": 100, - "examples": [ - [ - "tag-1" - ] - ] + "maxItems": 100 } ] - } + }, + "example": "tag-1" }, "to": { "in": "query", "name": "to", "description": "Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.\n", "schema": { - "type": "string", - "examples": [ - "now+1d" - ] - } + "type": "string" + }, + "example": "now+1d" }, "alert_id": { "in": "path", @@ -4433,9 +2138,7 @@ "required": true, "schema": { "type": "string", - "examples": [ - "09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540" - ] + "example": "09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540" } }, "configuration_id": { @@ -4445,9 +2148,7 @@ "required": true, "schema": { "type": "string", - "examples": [ - "3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9" - ] + "example": "3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9" } }, "case_id": { @@ -4457,9 +2158,7 @@ "required": true, "schema": { "type": "string", - "examples": [ - "9c235210-6834-11ea-a78c-6ffb38a34414" - ] + "example": "9c235210-6834-11ea-a78c-6ffb38a34414" } }, "includeComments": { @@ -4479,9 +2178,7 @@ "required": true, "schema": { "type": "string", - "examples": [ - "71ec1870-725b-11ea-a0b2-c51ea50a58e2" - ] + "example": "71ec1870-725b-11ea-a0b2-c51ea50a58e2" } }, "connector_id": { @@ -4491,9 +2188,7 @@ "required": true, "schema": { "type": "string", - "examples": [ - "abed3a70-71bd-11ea-a0b2-c51ea50a58e2" - ] + "example": "abed3a70-71bd-11ea-a0b2-c51ea50a58e2" } }, "user_action_types": { @@ -4521,35 +2216,17 @@ "title", "user" ] - }, - "examples": [ - [ - "create_case" - ] - ] - } - }, - "space_id": { - "in": "path", - "name": "spaceId", - "description": "An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.", - "required": true, - "schema": { - "type": "string", - "examples": [ - "default" - ] - } + } + }, + "example": "create_case" } }, "schemas": { "assignees": { - "type": [ - "array", - "null" - ], + "type": "array", "description": "An array containing users that are assigned to the case.", "maxItems": 10, + "nullable": true, "items": { "type": "object", "required": [ @@ -4559,9 +2236,7 @@ "uid": { "type": "string", "description": "A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.", - "examples": [ - "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" - ] + "example": "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0" } } } @@ -4579,34 +2254,24 @@ "properties": { "fields": { "description": "An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.", - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "nullable": true, + "type": "string", + "example": null }, "id": { "description": "The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "description": "The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`.", "type": "string", - "examples": [ - ".none" - ], + "example": ".none", "enum": [ ".none" ] @@ -4625,13 +2290,9 @@ "type": "object", "properties": { "fields": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "nullable": true, + "example": null }, "id": { "description": "The identifier for the connector. To retrieve connector IDs, use the find connectors API.", @@ -4644,9 +2305,7 @@ "type": { "description": "The type of connector.", "type": "string", - "examples": [ - ".cases-webhook" - ], + "example": ".cases-webhook", "enum": [ ".cases-webhook" ] @@ -4675,24 +2334,18 @@ "properties": { "issueType": { "description": "The type of issue.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "parent": { "description": "The key of the parent issue, when the issue type is sub-task.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "priority": { "description": "The priority of the issue.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true } } }, @@ -4707,9 +2360,7 @@ "type": { "description": "The type of connector.", "type": "string", - "examples": [ - ".jira" - ], + "example": ".jira", "enum": [ ".jira" ] @@ -4729,10 +2380,8 @@ "properties": { "fields": { "description": "An object containing the connector fields. If you want to omit any individual field, specify null as its value.", - "type": [ - "object", - "null" - ], + "type": "object", + "nullable": true, "required": [ "issueTypes", "severityCode" @@ -4762,9 +2411,7 @@ "type": { "description": "The type of connector.", "type": "string", - "examples": [ - ".resilient" - ], + "example": ".resilient", "enum": [ ".resilient" ] @@ -4795,38 +2442,28 @@ "properties": { "category": { "description": "The category of the incident.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "impact": { "description": "The effect an incident had on business.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "severity": { "description": "The severity of the incident.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "urgency": { "description": "The extent to which the incident resolution can be delayed.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true } } }, @@ -4841,9 +2478,7 @@ "type": { "description": "The type of connector.", "type": "string", - "examples": [ - ".servicenow" - ], + "example": ".servicenow", "enum": [ ".servicenow" ] @@ -4876,52 +2511,38 @@ "properties": { "category": { "description": "The category of the incident.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "destIp": { "description": "Indicates whether cases will send a comma-separated list of destination IPs.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "malwareHash": { "description": "Indicates whether cases will send a comma-separated list of malware hashes.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "malwareUrl": { "description": "Indicates whether cases will send a comma-separated list of malware URLs.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "priority": { "description": "The priority of the issue.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true }, "sourceIp": { "description": "Indicates whether cases will send a comma-separated list of source IPs.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true } } }, @@ -4936,9 +2557,7 @@ "type": { "description": "The type of connector.", "type": "string", - "examples": [ - ".servicenow-sir" - ], + "example": ".servicenow-sir", "enum": [ ".servicenow-sir" ] @@ -4965,10 +2584,8 @@ "properties": { "caseId": { "description": "The case identifier for Swimlane connectors.", - "type": [ - "string", - "null" - ] + "type": "string", + "nullable": true } } }, @@ -4983,9 +2600,7 @@ "type": { "description": "The type of connector.", "type": "string", - "examples": [ - ".swimlane" - ], + "example": ".swimlane", "enum": [ ".swimlane" ] @@ -5005,9 +2620,7 @@ "observability", "securitySolution" ], - "examples": [ - "cases" - ] + "example": "cases" }, "settings": { "type": "object", @@ -5019,9 +2632,7 @@ "syncAlerts": { "description": "Turns alert syncing on or off.", "type": "boolean", - "examples": [ - true - ] + "example": true } } }, @@ -5120,7 +2731,6 @@ "customFields": { "type": "array", "description": "Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.\n", - "x-technical-preview": true, "minItems": 0, "maxItems": 10, "items": { @@ -5147,12 +2757,10 @@ "description": "The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.\n", "oneOf": [ { - "type": [ - "string", - "null" - ], + "type": "string", "minLength": 1, - "maxLength": 160 + "maxLength": 160, + "nullable": true }, { "type": "boolean" @@ -5166,43 +2774,27 @@ }, "case_response_closed_by_properties": { "title": "Case response properties for closed_by", - "type": [ - "object", - "null" - ], + "type": "object", + "nullable": true, "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "required": [ @@ -5222,17 +2814,13 @@ "type": "array", "items": { "type": "string", - "examples": [ - "a6e12ac4-7bce-457b-84f6-d7ce8deb8446" - ] + "example": "a6e12ac4-7bce-457b-84f6-d7ce8deb8446" } }, "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2023-11-06T19:29:38.424Z" - ] + "example": "2023-11-06T19:29:38.424Z" }, "created_by": { "type": "object", @@ -5243,73 +2831,48 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, - "profile_uid": { + "full_name": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "id": { "type": "string", - "examples": [ - "73362370-ab1a-11ec-985f-97e55adae8b9" - ] + "example": "73362370-ab1a-11ec-985f-97e55adae8b9" }, "index": { "type": "array", "items": { "type": "string", - "examples": [ - ".internal.alerts-security.alerts-default-000001" - ] + "example": ".internal.alerts-security.alerts-default-000001" } }, "owner": { "$ref": "#/components/schemas/owners" }, "pushed_at": { - "type": [ - "string", - "null" - ], + "type": "string", "format": "date-time", - "examples": [ - null - ] + "example": null, + "nullable": true }, "pushed_by": { - "type": [ - "object", - "null" - ], + "type": "object", "required": [ "email", "full_name", @@ -5317,39 +2880,26 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - } + }, + "nullable": true }, "rule": { "type": "object", @@ -5357,40 +2907,30 @@ "id": { "description": "The rule identifier.", "type": "string", - "examples": [ - "94d80550-aaf4-11ec-985f-97e55adae8b9" - ] + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" }, "name": { "description": "The rule name.", "type": "string", - "examples": [ - "security_rule" - ] + "example": "security_rule" } } }, "type": { "type": "string", - "examples": [ - "alert" - ], + "example": "alert", "enum": [ "alert" ] }, "updated_at": { - "type": [ - "string", - "null" - ], - "format": "date-time" + "type": "string", + "format": "date-time", + "nullable": true }, "updated_by": { - "type": [ - "object", - "null" - ], + "type": "object", + "nullable": true, "required": [ "email", "full_name", @@ -5398,45 +2938,29 @@ ], "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } } }, "version": { "type": "string", - "examples": [ - "WzMwNDgsMV0=" - ] + "example": "WzMwNDgsMV0=" } } }, @@ -5449,69 +2973,51 @@ "properties": { "comment": { "type": "string", - "examples": [ - "A new comment." - ] + "example": "A new comment." }, "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2022-05-13T09:16:17.416Z" - ] + "example": "2022-05-13T09:16:17.416Z" }, "created_by": { "$ref": "#/components/schemas/case_response_created_by_properties" }, "id": { "type": "string", - "examples": [ - "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - ] + "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" }, "owner": { "$ref": "#/components/schemas/owners" }, "pushed_at": { - "type": [ - "string", - "null" - ], + "type": "string", "format": "date-time", - "examples": [ - null - ] + "nullable": true, + "example": null }, "pushed_by": { "$ref": "#/components/schemas/case_response_pushed_by_properties" }, "type": { "type": "string", - "examples": [ - "user" - ], + "example": "user", "enum": [ "user" ] }, "updated_at": { - "type": [ - "string", - "null" - ], + "type": "string", "format": "date-time", - "examples": [ - null - ] + "nullable": true, + "example": null }, "updated_by": { "$ref": "#/components/schemas/case_response_updated_by_properties" }, "version": { "type": "string", - "examples": [ - "WzIwNDMxLDFd" - ] + "example": "WzIwNDMxLDFd" } } }, @@ -5520,37 +3026,23 @@ "type": "object", "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "required": [ @@ -5561,43 +3053,27 @@ }, "case_response_pushed_by_properties": { "title": "Case response properties for pushed_by", - "type": [ - "object", - "null" - ], + "type": "object", + "nullable": true, "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "required": [ @@ -5608,43 +3084,27 @@ }, "case_response_updated_by_properties": { "title": "Case response properties for updated_by", - "type": [ - "object", - "null" - ], + "type": "object", + "nullable": true, "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "required": [ @@ -5654,10 +3114,8 @@ ] }, "external_service": { - "type": [ - "object", - "null" - ], + "type": "object", + "nullable": true, "properties": { "connector_id": { "type": "string" @@ -5679,45 +3137,29 @@ "format": "date-time" }, "pushed_by": { - "type": [ - "object", - "null" - ], + "type": "object", "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } - } + }, + "nullable": true } } }, @@ -5761,18 +3203,14 @@ "$ref": "#/components/schemas/assignees" }, "category": { - "type": [ - "string", - "null" - ], - "description": "The case category." + "type": "string", + "description": "The case category.", + "nullable": true }, "closed_at": { - "type": [ - "string", - "null" - ], - "format": "date-time" + "type": "string", + "format": "date-time", + "nullable": true }, "closed_by": { "$ref": "#/components/schemas/case_response_closed_by_properties" @@ -5841,9 +3279,7 @@ "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2022-05-13T09:16:17.416Z" - ] + "example": "2022-05-13T09:16:17.416Z" }, "created_by": { "$ref": "#/components/schemas/case_response_created_by_properties" @@ -5851,7 +3287,6 @@ "customFields": { "type": "array", "description": "Custom field values for the case.", - "x-technical-preview": true, "items": { "type": "object", "properties": { @@ -5871,12 +3306,10 @@ "description": "The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.\n", "oneOf": [ { - "type": [ - "string", - "null" - ], + "type": "string", "minLength": 1, - "maxLength": 160 + "maxLength": 160, + "nullable": true }, { "type": "boolean" @@ -5888,28 +3321,20 @@ }, "description": { "type": "string", - "examples": [ - "A case description." - ] + "example": "A case description." }, "duration": { - "type": [ - "integer", - "null" - ], + "type": "integer", "description": "The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n", - "examples": [ - 120 - ] + "nullable": true, + "example": 120 }, "external_service": { "$ref": "#/components/schemas/external_service" }, "id": { "type": "string", - "examples": [ - "66b9aa00-94fa-11ea-9f74-e7e108796192" - ] + "example": "66b9aa00-94fa-11ea-9f74-e7e108796192" }, "owner": { "$ref": "#/components/schemas/owners" @@ -5928,45 +3353,33 @@ "items": { "type": "string" }, - "examples": [ - [ - "tag-1" - ] + "example": [ + "tag-1" ] }, "title": { "type": "string", - "examples": [ - "Case title 1" - ] + "example": "Case title 1" }, "totalAlerts": { "type": "integer", - "examples": [ - 0 - ] + "example": 0 }, "totalComment": { "type": "integer", - "examples": [ - 0 - ] + "example": 0 }, "updated_at": { - "type": [ - "string", - "null" - ], - "format": "date-time" + "type": "string", + "format": "date-time", + "nullable": true }, "updated_by": { "$ref": "#/components/schemas/case_response_updated_by_properties" }, "version": { "type": "string", - "examples": [ - "WzUzMiwxXQ==" - ] + "example": "WzUzMiwxXQ==" } } }, @@ -5976,18 +3389,14 @@ "properties": { "error": { "type": "string", - "examples": [ - "Unauthorized" - ] + "example": "Unauthorized" }, "message": { "type": "string" }, "statusCode": { "type": "integer", - "examples": [ - 401 - ] + "example": 401 } } }, @@ -6045,7 +3454,6 @@ "customFields": { "type": "array", "description": "Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.\n", - "x-technical-preview": true, "minItems": 0, "maxItems": 10, "items": { @@ -6072,12 +3480,10 @@ "description": "The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.\n", "oneOf": [ { - "type": [ - "string", - "null" - ], + "type": "string", "minLength": 1, - "maxLength": 160 + "maxLength": 160, + "nullable": true }, { "type": "boolean" @@ -6134,9 +3540,7 @@ "close-by-pushing", "close-by-user" ], - "examples": [ - "close-by-user" - ] + "example": "close-by-user" }, "connector_types": { "type": "string", @@ -6150,9 +3554,7 @@ ".servicenow-sir", ".swimlane" ], - "examples": [ - ".none" - ] + "example": ".none" }, "template_tags": { "description": "The words and phrases that help categorize templates. It can be an empty array.\n", @@ -6183,24 +3585,18 @@ "properties": { "fields": { "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] + "nullable": true, + "type": "object" }, "id": { "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -6294,24 +3690,18 @@ "properties": { "fields": { "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] + "nullable": true, + "type": "object" }, "id": { "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -6327,7 +3717,6 @@ "customFields": { "type": "array", "description": "Custom fields case configuration.", - "x-technical-preview": true, "minItems": 0, "maxItems": 10, "items": { @@ -6402,24 +3791,18 @@ "properties": { "fields": { "description": "The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.", - "type": [ - "object", - "null" - ] + "nullable": true, + "type": "object" }, "id": { "description": "The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -6435,7 +3818,6 @@ "customFields": { "type": "array", "description": "Custom fields case configuration.", - "x-technical-preview": true, "items": { "type": "object", "required": [ @@ -6489,9 +3871,7 @@ "version": { "description": "The version of the connector. To retrieve the version value, use the get configuration API.\n", "type": "string", - "examples": [ - "WzIwMiwxXQ==" - ] + "example": "WzIwMiwxXQ==" } } }, @@ -6539,9 +3919,7 @@ "type": { "description": "The type of comment.", "type": "string", - "examples": [ - "alert" - ], + "example": "alert", "enum": [ "alert" ] @@ -6557,9 +3935,7 @@ "description": "The new comment. It is required only when `type` is `user`.", "type": "string", "maxLength": 30000, - "examples": [ - "A new comment." - ] + "example": "A new comment." }, "owner": { "$ref": "#/components/schemas/owners" @@ -6567,9 +3943,7 @@ "type": { "type": "string", "description": "The type of comment.", - "examples": [ - "user" - ], + "example": "user", "enum": [ "user" ] @@ -6597,9 +3971,7 @@ } ], "x-technical-preview": true, - "examples": [ - "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" - ] + "example": "6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42" }, "alert_indices": { "title": "Alert indices", @@ -6627,16 +3999,12 @@ "id": { "description": "The rule identifier.", "type": "string", - "examples": [ - "94d80550-aaf4-11ec-985f-97e55adae8b9" - ] + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" }, "name": { "description": "The rule name.", "type": "string", - "examples": [ - "security_rule" - ] + "example": "security_rule" } } }, @@ -6679,9 +4047,7 @@ "id": { "type": "string", "description": "The identifier for the comment. To retrieve comment IDs, use the get comments API.\n", - "examples": [ - "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - ] + "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" }, "index": { "$ref": "#/components/schemas/alert_indices" @@ -6698,16 +4064,12 @@ "enum": [ "alert" ], - "examples": [ - "alert" - ] + "example": "alert" }, "version": { "description": "The current comment version. To retrieve version values, use the get comments API.\n", "type": "string", - "examples": [ - "Wzk1LDFd" - ] + "example": "Wzk1LDFd" } } }, @@ -6720,16 +4082,12 @@ "description": "The new comment. It is required only when `type` is `user`.", "type": "string", "maxLength": 30000, - "examples": [ - "A new comment." - ] + "example": "A new comment." }, "id": { "type": "string", "description": "The identifier for the comment. To retrieve comment IDs, use the get comments API.\n", - "examples": [ - "8af6ac20-74f6-11ea-b83a-553aecdb28b6" - ] + "example": "8af6ac20-74f6-11ea-b83a-553aecdb28b6" }, "owner": { "$ref": "#/components/schemas/owners" @@ -6740,16 +4098,12 @@ "enum": [ "user" ], - "examples": [ - "user" - ] + "example": "user" }, "version": { "description": "The current comment version. To retrieve version values, use the get comments API.\n", "type": "string", - "examples": [ - "Wzk1LDFd" - ] + "example": "Wzk1LDFd" } }, "required": [ @@ -6788,9 +4142,7 @@ "push_to_service", "update" ], - "examples": [ - "create" - ] + "example": "create" }, "payload_alert_comment": { "type": "object", @@ -6802,9 +4154,7 @@ "oneOf": [ { "type": "string", - "examples": [ - "1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d" - ] + "example": "1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d" }, { "type": "array", @@ -6818,9 +4168,7 @@ "oneOf": [ { "type": "string", - "examples": [ - ".alerts-observability.logs.alerts-default" - ] + "example": ".alerts-observability.logs.alerts-default" }, { "type": "array", @@ -6839,16 +4187,12 @@ "id": { "description": "The rule identifier.", "type": "string", - "examples": [ - "94d80550-aaf4-11ec-985f-97e55adae8b9" - ] + "example": "94d80550-aaf4-11ec-985f-97e55adae8b9" }, "name": { "description": "The rule name.", "type": "string", - "examples": [ - "security_rule" - ] + "example": "security_rule" } } }, @@ -6877,11 +4221,9 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.\n", - "type": [ - "object", - "null" - ], + "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "nullable": true, + "type": "object", "properties": { "caseId": { "description": "The case identifier for Swimlane connectors.", @@ -6893,10 +4235,8 @@ }, "destIp": { "description": "Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "impact": { "description": "The effect an incident had on business for ServiceNow ITSM connectors.", @@ -6915,17 +4255,13 @@ }, "malwareHash": { "description": "Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "malwareUrl": { "description": "Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "parent": { "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", @@ -6945,10 +4281,8 @@ }, "sourceIp": { "description": "Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident for ServiceNow ITSM connectors.", @@ -6959,23 +4293,17 @@ "type": "string" } }, - "examples": [ - null - ] + "example": null }, "id": { "description": "The identifier for the connector. To create a case without a connector, use `none`.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. To create a case without a connector, use `none`.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -6994,11 +4322,9 @@ "type": "object", "properties": { "fields": { - "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.\n", - "type": [ - "object", - "null" - ], + "description": "An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.", + "nullable": true, + "type": "object", "properties": { "caseId": { "description": "The case identifier for Swimlane connectors.", @@ -7010,10 +4336,8 @@ }, "destIp": { "description": "Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "impact": { "description": "The effect an incident had on business for ServiceNow ITSM connectors.", @@ -7032,17 +4356,13 @@ }, "malwareHash": { "description": "Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "malwareUrl": { "description": "Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "parent": { "description": "The key of the parent issue, when the issue type is sub-task for Jira connectors.", @@ -7062,10 +4382,8 @@ }, "sourceIp": { "description": "Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.", - "type": [ - "boolean", - "null" - ] + "type": "boolean", + "nullable": true }, "subcategory": { "description": "The subcategory of the incident for ServiceNow ITSM connectors.", @@ -7076,23 +4394,17 @@ "type": "string" } }, - "examples": [ - null - ] + "example": null }, "id": { "description": "The identifier for the connector. To create a case without a connector, use `none`.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "name": { "description": "The name of the connector. To create a case without a connector, use `none`.", "type": "string", - "examples": [ - "none" - ] + "example": "none" }, "type": { "$ref": "#/components/schemas/connector_types" @@ -7117,13 +4429,11 @@ "tags": { "type": "array", "items": { - "type": "string" - }, - "examples": [ - [ + "type": "string", + "example": [ "tag-1" ] - ] + } }, "title": { "type": "string" @@ -7131,11 +4441,9 @@ } }, "payload_delete": { - "type": [ - "object", - "null" - ], - "description": "If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable." + "type": "object", + "description": "If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable.", + "nullable": true }, "payload_description": { "type": "object", @@ -7185,10 +4493,8 @@ "items": { "type": "string" }, - "examples": [ - [ - "tag-1" - ] + "example": [ + "tag-1" ] } } @@ -7240,9 +4546,7 @@ "settings", "severity" ], - "examples": [ - "create_case" - ] + "example": "create_case" }, "user_actions_response_properties": { "type": "object", @@ -7263,67 +4567,43 @@ }, "action_id": { "type": "string", - "examples": [ - "22fd3e30-03b1-11ed-920c-974bfa104448" - ] + "example": "22fd3e30-03b1-11ed-920c-974bfa104448" }, "case_id": { "type": "string", - "examples": [ - "22df07d0-03b1-11ed-920c-974bfa104448" - ] + "example": "22df07d0-03b1-11ed-920c-974bfa104448" }, "comment_id": { - "type": [ - "string", - "null" - ], - "examples": [ - "578608d0-03b1-11ed-920c-974bfa104448" - ] + "type": "string", + "nullable": true, + "example": "578608d0-03b1-11ed-920c-974bfa104448" }, "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2022-05-13T09:16:17.416Z" - ] + "example": "2022-05-13T09:16:17.416Z" }, "created_by": { "type": "object", "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "required": [ @@ -7401,56 +4681,36 @@ "$ref": "#/components/schemas/actions" }, "comment_id": { - "type": [ - "string", - "null" - ], - "examples": [ - "578608d0-03b1-11ed-920c-974bfa104448" - ] + "type": "string", + "nullable": true, + "example": "578608d0-03b1-11ed-920c-974bfa104448" }, "created_at": { "type": "string", "format": "date-time", - "examples": [ - "2022-05-13T09:16:17.416Z" - ] + "example": "2022-05-13T09:16:17.416Z" }, "created_by": { "type": "object", "properties": { "email": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] + "type": "string", + "example": null, + "nullable": true }, "full_name": { - "type": [ - "string", - "null" - ], - "examples": [ - null - ] - }, - "profile_uid": { "type": "string", - "examples": [ - "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" - ] + "example": null, + "nullable": true }, "username": { - "type": [ - "string", - "null" - ], - "examples": [ - "elastic" - ] + "type": "string", + "example": "elastic", + "nullable": true + }, + "profile_uid": { + "type": "string", + "example": "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0" } }, "required": [ @@ -7461,9 +4721,7 @@ }, "id": { "type": "string", - "examples": [ - "22fd3e30-03b1-11ed-920c-974bfa104448" - ] + "example": "22fd3e30-03b1-11ed-920c-974bfa104448" }, "owner": { "$ref": "#/components/schemas/owners" @@ -7513,9 +4771,7 @@ }, "version": { "type": "string", - "examples": [ - "WzM1ODg4LDFd" - ] + "example": "WzM1ODg4LDFd" }, "type": { "type": "string", @@ -7533,9 +4789,7 @@ "settings", "severity" ], - "examples": [ - "create_case" - ] + "example": "create_case" } } } diff --git a/x-pack/plugins/cases/docs/openapi/bundled.yaml b/x-pack/plugins/cases/docs/openapi/bundled.yaml index 7aeea6de8e052..5c56a0196ec24 100644 --- a/x-pack/plugins/cases/docs/openapi/bundled.yaml +++ b/x-pack/plugins/cases/docs/openapi/bundled.yaml @@ -1,8 +1,8 @@ -openapi: 3.1.0 +openapi: 3.0.1 info: title: Cases description: OpenAPI schema for Cases endpoints - version: '0.2' + version: '0.1' contact: name: Cases Team license: @@ -10,16 +10,13 @@ info: url: https://www.elastic.co/licensing/elastic-license servers: - url: / -security: - - basicAuth: [] - - apiKeyAuth: [] tags: - name: cases description: Case APIs enable you to open and track issues. paths: /api/cases: post: - summary: Creates a case in the default space. + summary: Create a case operationId: createCaseDefaultSpace description: | You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. @@ -53,7 +50,7 @@ paths: schema: $ref: '#/components/schemas/4xx_response' delete: - summary: Deletes one or more cases in the default space. + summary: Delete cases operationId: deleteCaseDefaultSpace description: | You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. @@ -72,7 +69,7 @@ paths: schema: $ref: '#/components/schemas/4xx_response' patch: - summary: Updates one or more cases in the default space. + summary: Update cases operationId: updateCaseDefaultSpace description: | You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. @@ -108,7 +105,7 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/_find: get: - summary: Retrieves a paginated subset of cases in the default space. + summary: Search cases operationId: findCasesDefaultSpace description: | You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. @@ -167,7 +164,7 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/alerts/{alertId}: get: - summary: Returns the cases associated with a specific alert in the default space. + summary: Get cases for an alert operationId: getCasesByAlertDefaultSpace description: | You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. @@ -194,7 +191,7 @@ paths: title: type: string description: The case title. - examples: + example: - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 title: security_case '401': @@ -205,10 +202,10 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/configure: get: - summary: Get case settings in the default space + summary: Get case settings operationId: getCaseConfigurationDefaultSpace description: | - Retrieves setting details such as the closure type, custom fields, templatse, and the default connector for cases in the default space. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created. + Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created. tags: - cases parameters: @@ -230,26 +227,22 @@ paths: properties: fields: description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' + nullable: true + type: object id: description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string - examples: - - none + example: none name: description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' created_at: type: string format: date-time - examples: - - '2022-06-01T17:07:17.767Z' + example: '2022-06-01T17:07:17.767Z' created_by: type: object required: @@ -258,27 +251,20 @@ paths: - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 customFields: type: array description: Custom fields configuration details. @@ -313,15 +299,12 @@ paths: - text - toggle error: - type: - - string - - 'null' - examples: - - null + type: string + nullable: true + example: null id: type: string - examples: - - 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 mappings: type: array items: @@ -329,62 +312,48 @@ paths: properties: action_type: type: string - examples: - - overwrite + example: overwrite source: type: string - examples: - - title + example: title target: type: string - examples: - - summary + example: summary owner: $ref: '#/components/schemas/owners' templates: $ref: '#/components/schemas/templates' updated_at: - type: - - string - - 'null' + type: string format: date-time - examples: - - '2022-06-01T19:58:48.169Z' + nullable: true + example: '2022-06-01T19:58:48.169Z' updated_by: - type: - - object - - 'null' + type: object required: - email - full_name - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true version: type: string - examples: - - WzIwNzMsMV0= + example: WzIwNzMsMV0= examples: getConfigurationResponse: $ref: '#/components/examples/get_case_configuration_response' @@ -395,7 +364,7 @@ paths: schema: $ref: '#/components/schemas/4xx_response' post: - summary: Add case settings in the default space + summary: Add case settings operationId: setCaseConfigurationDefaultSpace description: | Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases. @@ -426,26 +395,22 @@ paths: properties: fields: description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' + nullable: true + type: object id: description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string - examples: - - none + example: none name: description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' created_at: type: string format: date-time - examples: - - '2022-06-01T17:07:17.767Z' + example: '2022-06-01T17:07:17.767Z' created_by: type: object required: @@ -454,27 +419,20 @@ paths: - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 customFields: type: array description: Custom fields configuration details. @@ -509,15 +467,12 @@ paths: - text - toggle error: - type: - - string - - 'null' - examples: - - null + type: string + nullable: true + example: null id: type: string - examples: - - 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 mappings: type: array items: @@ -525,62 +480,48 @@ paths: properties: action_type: type: string - examples: - - overwrite + example: overwrite source: type: string - examples: - - title + example: title target: type: string - examples: - - summary + example: summary owner: $ref: '#/components/schemas/owners' templates: $ref: '#/components/schemas/templates' updated_at: - type: - - string - - 'null' + type: string format: date-time - examples: - - '2022-06-01T19:58:48.169Z' + nullable: true + example: '2022-06-01T19:58:48.169Z' updated_by: - type: - - object - - 'null' + type: object required: - email - full_name - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true version: type: string - examples: - - WzIwNzMsMV0= + example: WzIwNzMsMV0= examples: setCaseConfigResponse: $ref: '#/components/examples/set_case_configuration_response' @@ -592,10 +533,10 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/configure/{configurationId}: patch: - summary: Update case settings in the default space + summary: Update case settings operationId: updateCaseConfigurationDefaultSpace description: | - Updates setting details such as the closure type, custom fields, templates, and the default connector for cases in the default space. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created. + Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created. tags: - cases parameters: @@ -624,26 +565,22 @@ paths: properties: fields: description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' + nullable: true + type: object id: description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string - examples: - - none + example: none name: description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' created_at: type: string format: date-time - examples: - - '2022-06-01T17:07:17.767Z' + example: '2022-06-01T17:07:17.767Z' created_by: type: object required: @@ -652,27 +589,20 @@ paths: - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 customFields: type: array description: Custom fields configuration details. @@ -707,15 +637,12 @@ paths: - text - toggle error: - type: - - string - - 'null' - examples: - - null + type: string + nullable: true + example: null id: type: string - examples: - - 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 mappings: type: array items: @@ -723,62 +650,48 @@ paths: properties: action_type: type: string - examples: - - overwrite + example: overwrite source: type: string - examples: - - title + example: title target: type: string - examples: - - summary + example: summary owner: $ref: '#/components/schemas/owners' templates: $ref: '#/components/schemas/templates' updated_at: - type: - - string - - 'null' + type: string format: date-time - examples: - - '2022-06-01T19:58:48.169Z' + nullable: true + example: '2022-06-01T19:58:48.169Z' updated_by: - type: - - object - - 'null' + type: object required: - email - full_name - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true version: type: string - examples: - - WzIwNzMsMV0= + example: WzIwNzMsMV0= examples: updateCaseConfigurationResponse: $ref: '#/components/examples/update_case_configuration_response' @@ -790,10 +703,10 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/reporters: get: - summary: Returns information about the users who opened cases in the default space. + summary: Get case creators operationId: getCaseReportersDefaultSpace description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. + Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. tags: - cases parameters: @@ -814,27 +727,20 @@ paths: - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 examples: getReportersResponse: $ref: '#/components/examples/get_reporters_response' @@ -846,10 +752,10 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/status: get: - summary: Returns the number of cases that are open, closed, and in progress in the default space. + summary: Get case status summary operationId: getCaseStatusDefaultSpace description: | - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. deprecated: true tags: - cases @@ -877,10 +783,10 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/tags: get: - summary: Aggregates and returns a list of case tags in the default space. + summary: Get case tags operationId: getCaseTagsDefaultSpace description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + Aggregates and returns a list of case tags. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases parameters: @@ -906,7 +812,7 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/{caseId}: get: - summary: Retrieves information about a case in the default space. + summary: Get case information operationId: getCaseDefaultSpace description: | You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. @@ -935,7 +841,7 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/{caseId}/alerts: get: - summary: Gets all alerts attached to a case in the default space. + summary: Get all alerts for a case description: | You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. x-technical-preview: true @@ -964,7 +870,7 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/{caseId}/comments: post: - summary: Adds a comment or alert to a case in the default space. + summary: Add a case comment or alert operationId: addCaseCommentDefaultSpace description: | You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts. @@ -999,10 +905,10 @@ paths: schema: $ref: '#/components/schemas/4xx_response' delete: - summary: Deletes all comments and alerts from a case in the default space. + summary: Delete all case comments and alerts operationId: deleteCaseCommentsDefaultSpace description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. + Deletes all comments and alerts from a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. tags: - cases parameters: @@ -1018,7 +924,7 @@ paths: schema: $ref: '#/components/schemas/4xx_response' patch: - summary: Updates a comment or alert in a case in the default space. + summary: Update a case comment or alert operationId: updateCaseCommentDefaultSpace description: | You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. @@ -1053,7 +959,7 @@ paths: schema: $ref: '#/components/schemas/4xx_response' get: - summary: Retrieves all the comments from a case in the default space. + summary: Get all case comments operationId: getAllCaseCommentsDefaultSpace description: | Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. @@ -1075,9 +981,35 @@ paths: application/json: schema: $ref: '#/components/schemas/4xx_response' + /api/cases/{caseId}/comments/_find: + get: + summary: Find case comments and alerts + operationId: findCaseCommentsDefaultSpace + description: | + Retrieves a paginated list of comments for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. + tags: + - cases + parameters: + - $ref: '#/components/parameters/case_id' + - $ref: '#/components/parameters/page_index' + - $ref: '#/components/parameters/page_size' + - $ref: '#/components/parameters/sort_order' + responses: + '200': + description: Indicates a successful call. + content: + application/json: + schema: + $ref: '#/components/schemas/case_response_properties' + '401': + description: Authorization information is missing or invalid. + content: + application/json: + schema: + $ref: '#/components/schemas/4xx_response' /api/cases/{caseId}/comments/{commentId}: delete: - summary: Deletes a comment or alert from a case in the default space. + summary: Delete a case comment or alert operationId: deleteCaseCommentDefaultSpace description: | You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. @@ -1097,7 +1029,7 @@ paths: schema: $ref: '#/components/schemas/4xx_response' get: - summary: Retrieves a comment from a case in the default space. + summary: Get a case comment or alert operationId: getCaseCommentDefaultSpace description: | You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. @@ -1126,7 +1058,7 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/{caseId}/connector/{connectorId}/_push: post: - summary: Pushes a case in the default space to an external service. + summary: Push a case to an external service description: | You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. operationId: pushCaseDefaultSpace @@ -1140,9 +1072,8 @@ paths: content: application/json: schema: - type: - - object - - 'null' + type: object + nullable: true responses: '200': description: Indicates a successful call. @@ -1161,9 +1092,9 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/{caseId}/user_actions: get: - summary: Returns all user activity for a case in the default space. + summary: Get case activity description: | - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. + Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. deprecated: true operationId: getCaseActivityDefaultSpace tags: @@ -1187,9 +1118,9 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/{caseId}/user_actions/_find: get: - summary: Finds user activity for a case in the default space. + summary: Find case activity description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. + Retrives a paginated list of user activity for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. operationId: findCaseActivityDefaultSpace tags: - cases @@ -1229,1353 +1160,48 @@ paths: $ref: '#/components/schemas/4xx_response' /api/cases/configure/connectors/_find: get: - summary: Get case connectors in the default space + summary: Get case connectors operationId: findCaseConnectorsDefaultSpace description: | - Retrieves information about connectors that are supported for use in cases in the default space. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. - tags: - - cases - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - actionTypeId: - $ref: '#/components/schemas/connector_types' - config: - type: object - properties: - apiUrl: - type: string - projectKey: - type: string - additionalProperties: true - id: - type: string - isDeprecated: - type: boolean - isMissingSecrets: - type: boolean - isPreconfigured: - type: boolean - name: - type: string - referencedByCount: - type: integer - maxItems: 1000 - examples: - findConnectorResponse: - $ref: '#/components/examples/find_connector_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases: - post: - summary: Creates a case. - operationId: createCase - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/create_case_request' - examples: - createCaseRequest: - $ref: '#/components/examples/create_case_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - createCaseResponse: - $ref: '#/components/examples/create_case_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - delete: - summary: Deletes one or more cases. - operationId: deleteCase - description: | - You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/ids' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - patch: - summary: Updates one or more cases. - operationId: updateCase - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/update_case_request' - examples: - updateCaseRequest: - $ref: '#/components/examples/update_case_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/case_response_properties' - examples: - updateCaseResponse: - $ref: '#/components/examples/update_case_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/_find: - get: - summary: Retrieves a paginated subset of cases. - operationId: findCases - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + Get information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/assignees' - - $ref: '#/components/parameters/category' - - $ref: '#/components/parameters/defaultSearchOperator' - - $ref: '#/components/parameters/from' - - $ref: '#/components/parameters/owner' - - $ref: '#/components/parameters/page_index' - - $ref: '#/components/parameters/page_size' - - $ref: '#/components/parameters/reporters' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/searchFields' - - $ref: '#/components/parameters/severity' - - $ref: '#/components/parameters/sortField' - - $ref: '#/components/parameters/sort_order' - - $ref: '#/components/parameters/status' - - $ref: '#/components/parameters/tags' - - $ref: '#/components/parameters/to' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - cases: - type: array - items: - $ref: '#/components/schemas/case_response_properties' - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - page: - type: integer - per_page: - type: integer - total: - type: integer - examples: - findCaseResponse: - $ref: '#/components/examples/find_case_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/alerts/{alertId}: - get: - summary: Returns the cases associated with a specific alert. - operationId: getCasesByAlert - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - x-technical-preview: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/alert_id' - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - id: - type: string - description: The case identifier. - title: - type: string - description: The case title. - examples: - - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 - title: security_case - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/configure: - get: - summary: Get case settings - operationId: getCaseConfiguration - description: | - Retrieves setting details such as the closure type, custom fields, templates, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - examples: - - none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - examples: - - none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - examples: - - '2022-06-01T17:07:17.767Z' - created_by: - type: object - required: - - email - - full_name - - username - properties: - email: - type: - - string - - 'null' - examples: - - null - full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: - type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - username: - type: - - string - - 'null' - examples: - - elastic - customFields: - type: array - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - oneOf: - - type: string - - type: boolean - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - type: string - minLength: 1 - maxLength: 36 - label: - description: The custom field label that is displayed in the case. - type: string - minLength: 1 - maxLength: 50 - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - type: - description: The type of the custom field. - type: string - enum: - - text - - toggle - error: - type: - - string - - 'null' - examples: - - null - id: - type: string - examples: - - 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - examples: - - overwrite - source: - type: string - examples: - - title - target: - type: string - examples: - - summary - owner: - $ref: '#/components/schemas/owners' - templates: - $ref: '#/components/schemas/templates' - updated_at: - type: - - string - - 'null' - format: date-time - examples: - - '2022-06-01T19:58:48.169Z' - updated_by: - type: - - object - - 'null' - required: - - email - - full_name - - username - properties: - email: - type: - - string - - 'null' - examples: - - null - full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: - type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - username: - type: - - string - - 'null' - examples: - - elastic - version: - type: string - examples: - - WzIwNzMsMV0= - examples: - getConfigurationResponse: - $ref: '#/components/examples/get_case_configuration_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - post: - summary: Add case settings - operationId: setCaseConfiguration - description: | - Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/set_case_configuration_request' - examples: - setCaseConfigRequest: - $ref: '#/components/examples/set_case_configuration_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - examples: - - none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - examples: - - none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - examples: - - '2022-06-01T17:07:17.767Z' - created_by: - type: object - required: - - email - - full_name - - username - properties: - email: - type: - - string - - 'null' - examples: - - null - full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: - type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - username: - type: - - string - - 'null' - examples: - - elastic - customFields: - type: array - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - oneOf: - - type: string - - type: boolean - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - type: string - minLength: 1 - maxLength: 36 - label: - description: The custom field label that is displayed in the case. - type: string - minLength: 1 - maxLength: 50 - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - type: - description: The type of the custom field. - type: string - enum: - - text - - toggle - error: - type: - - string - - 'null' - examples: - - null - id: - type: string - examples: - - 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - examples: - - overwrite - source: - type: string - examples: - - title - target: - type: string - examples: - - summary - owner: - $ref: '#/components/schemas/owners' - templates: - $ref: '#/components/schemas/templates' - updated_at: - type: - - string - - 'null' - format: date-time - examples: - - '2022-06-01T19:58:48.169Z' - updated_by: - type: - - object - - 'null' - required: - - email - - full_name - - username - properties: - email: - type: - - string - - 'null' - examples: - - null - full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: - type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - username: - type: - - string - - 'null' - examples: - - elastic - version: - type: string - examples: - - WzIwNzMsMV0= - examples: - setCaseConfigResponse: - $ref: '#/components/examples/set_case_configuration_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/configure/{configurationId}: - patch: - summary: Update case settings - operationId: updateCaseConfiguration - description: | - Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/configuration_id' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/update_case_configuration_request' - examples: - updateCaseConfigurationRequest: - $ref: '#/components/examples/update_case_configuration_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - type: string - examples: - - none - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - type: string - examples: - - none - type: - $ref: '#/components/schemas/connector_types' - created_at: - type: string - format: date-time - examples: - - '2022-06-01T17:07:17.767Z' - created_by: - type: object - required: - - email - - full_name - - username - properties: - email: - type: - - string - - 'null' - examples: - - null - full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: - type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - username: - type: - - string - - 'null' - examples: - - elastic - customFields: - type: array - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - oneOf: - - type: string - - type: boolean - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - type: string - minLength: 1 - maxLength: 36 - label: - description: The custom field label that is displayed in the case. - type: string - minLength: 1 - maxLength: 50 - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - type: - description: The type of the custom field. - type: string - enum: - - text - - toggle - error: - type: - - string - - 'null' - examples: - - null - id: - type: string - examples: - - 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - type: array - items: - type: object - properties: - action_type: - type: string - examples: - - overwrite - source: - type: string - examples: - - title - target: - type: string - examples: - - summary - owner: - $ref: '#/components/schemas/owners' - templates: - $ref: '#/components/schemas/templates' - updated_at: - type: - - string - - 'null' - format: date-time - examples: - - '2022-06-01T19:58:48.169Z' - updated_by: - type: - - object - - 'null' - required: - - email - - full_name - - username - properties: - email: - type: - - string - - 'null' - examples: - - null - full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: - type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - username: - type: - - string - - 'null' - examples: - - elastic - version: - type: string - examples: - - WzIwNzMsMV0= - examples: - updateCaseConfigurationResponse: - $ref: '#/components/examples/update_case_configuration_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/configure/connectors/_find: - get: - summary: Get case connectors - operationId: findCaseConnectors - description: | - Retrieves information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - actionTypeId: - $ref: '#/components/schemas/connector_types' - config: - type: object - properties: - apiUrl: - type: string - projectKey: - type: string - additionalProperties: true - id: - type: string - isDeprecated: - type: boolean - isMissingSecrets: - type: boolean - isPreconfigured: - type: boolean - name: - type: string - referencedByCount: - type: integer - examples: - findConnectorResponse: - $ref: '#/components/examples/find_connector_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/reporters: - get: - summary: Returns information about the users who opened cases. - operationId: getCaseReporters - description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - required: - - email - - full_name - - username - properties: - email: - type: - - string - - 'null' - examples: - - null - full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: - type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - username: - type: - - string - - 'null' - examples: - - elastic - examples: - getReportersResponse: - $ref: '#/components/examples/get_reporters_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/status: - get: - summary: Returns the number of cases that are open, closed, and in progress. - operationId: getCaseStatus - description: | - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/tags: - get: - summary: Aggregates and returns a list of case tags. - operationId: getCaseTags - description: | - You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/owner' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: string - examples: - getTagsResponse: - $ref: '#/components/examples/get_tags_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}: - get: - summary: Retrieves information about a case. - operationId: getCase - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/includeComments' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - getCaseResponse: - $ref: '#/components/examples/get_case_response' - getObservabilityCaseReponse: - $ref: '#/components/examples/get_case_observability_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}/alerts: - get: - summary: Gets all alerts attached to a case. - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - x-technical-preview: true - operationId: getCaseAlerts - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/alert_response_properties' - examples: - getCaseAlertsResponse: - $ref: '#/components/examples/get_case_alerts_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}/comments: - post: - summary: Adds a comment or alert to a case. - operationId: addCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/add_case_comment_request' - examples: - createCaseCommentRequest: - $ref: '#/components/examples/add_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - createCaseCommentResponse: - $ref: '#/components/examples/add_comment_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - delete: - summary: Deletes all comments and alerts from a case. - operationId: deleteCaseComments - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - patch: - summary: Updates a comment or alert in a case. - operationId: updateCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/update_case_comment_request' - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/update_comment_request' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - updateCaseCommentResponse: - $ref: '#/components/examples/update_comment_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - get: - summary: Retrieves all the comments from a case. - operationId: getAllCaseComments - description: | - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}/comments/_find: - get: - summary: Retrieves all the user comments from a case. - operationId: findCaseComments - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/page_index' - - $ref: '#/components/parameters/page_size' - - $ref: '#/components/parameters/sort_order' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}/comments/{commentId}: - delete: - summary: Deletes a comment or alert from a case. - operationId: deleteCaseComment - description: | - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/comment_id' - - $ref: '#/components/parameters/space_id' - responses: - '204': - description: Indicates a successful call. - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - get: - summary: Retrieves a comment from a case. - operationId: getCaseComment - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/comment_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - oneOf: - - $ref: '#/components/schemas/alert_comment_response_properties' - - $ref: '#/components/schemas/user_comment_response_properties' - examples: - getCaseCommentResponse: - $ref: '#/components/examples/get_comment_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push: - post: - summary: Pushes a case to an external service. - description: | - You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. - operationId: pushCase - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/connector_id' - - $ref: '#/components/parameters/kbn_xsrf' - - $ref: '#/components/parameters/space_id' - requestBody: - content: - application/json: - schema: - type: - - object - - 'null' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '#/components/schemas/case_response_properties' - examples: - pushCaseResponse: - $ref: '#/components/examples/push_case_response' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}/user_actions: - get: - summary: Returns all user activity for a case. - description: | - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. - deprecated: true - operationId: getCaseActivity - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/user_actions_response_properties' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/4xx_response' - /s/{spaceId}/api/cases/{caseId}/user_actions/_find: - get: - summary: Finds user activity for a case. - description: | - You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. - operationId: findCaseActivity - tags: - - cases - parameters: - - $ref: '#/components/parameters/case_id' - - $ref: '#/components/parameters/space_id' - - $ref: '#/components/parameters/page_index' - - $ref: '#/components/parameters/page_size' - - $ref: '#/components/parameters/sort_order' - - $ref: '#/components/parameters/user_action_types' + - cases responses: '200': description: Indicates a successful call. content: application/json: schema: - type: object - properties: - page: - type: integer - perPage: - type: integer - total: - type: integer - userActions: - type: array - items: - $ref: '#/components/schemas/user_actions_find_response_properties' + type: array + items: + type: object + properties: + actionTypeId: + $ref: '#/components/schemas/connector_types' + config: + type: object + properties: + apiUrl: + type: string + projectKey: + type: string + additionalProperties: true + id: + type: string + isDeprecated: + type: boolean + isMissingSecrets: + type: boolean + isPreconfigured: + type: boolean + name: + type: string + referencedByCount: + type: integer + maxItems: 1000 examples: - findCaseActivityResponse: - $ref: '#/components/examples/find_case_activity_response' + findConnectorResponse: + $ref: '#/components/examples/find_connector_response' '401': description: Authorization information is missing or invalid. content: @@ -2583,15 +1209,6 @@ paths: schema: $ref: '#/components/schemas/4xx_response' components: - securitySchemes: - basicAuth: - type: http - scheme: basic - apiKeyAuth: - type: apiKey - in: header - name: Authorization - description: 'e.g. Authorization: ApiKey base64AccessApiKey' parameters: kbn_xsrf: schema: @@ -2612,8 +1229,7 @@ components: type: string minItems: 1 maxItems: 100 - examples: - - - d4e7abb0-b462-11ec-9a8d-698504725a43 + example: d4e7abb0-b462-11ec-9a8d-698504725a43 assignees: in: query name: assignees @@ -2633,12 +1249,11 @@ components: schema: oneOf: - type: string + example: my-category - type: array items: type: string maxItems: 100 - examples: - - - my-category defaultSearchOperator: in: query name: defaultSearchOperator @@ -2646,8 +1261,7 @@ components: schema: type: string default: OR - examples: - - OR + example: OR from: in: query name: from @@ -2655,8 +1269,7 @@ components: Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. schema: type: string - examples: - - now-1d + example: now-1d owner: in: query name: owner @@ -2668,8 +1281,7 @@ components: - type: array items: $ref: '#/components/schemas/owners' - examples: - - - cases + example: cases page_index: in: query name: page @@ -2678,8 +1290,6 @@ components: schema: type: integer default: 1 - examples: - - 1 page_size: in: query name: perPage @@ -2700,8 +1310,7 @@ components: items: type: string maxItems: 100 - examples: - - - elastic + example: elastic search: in: query name: search @@ -2744,8 +1353,7 @@ components: - status - severity default: createdAt - examples: - - updatedAt + example: updatedAt sort_order: in: query name: sortOrder @@ -2767,8 +1375,7 @@ components: - closed - in-progress - open - examples: - - open + example: open tags: in: query name: tags @@ -2780,8 +1387,7 @@ components: items: type: string maxItems: 100 - examples: - - - tag-1 + example: tag-1 to: in: query name: to @@ -2789,8 +1395,7 @@ components: Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. schema: type: string - examples: - - now+1d + example: now+1d alert_id: in: path name: alertId @@ -2798,8 +1403,7 @@ components: required: true schema: type: string - examples: - - 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 configuration_id: in: path name: configurationId @@ -2807,8 +1411,7 @@ components: required: true schema: type: string - examples: - - 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 case_id: in: path name: caseId @@ -2816,8 +1419,7 @@ components: required: true schema: type: string - examples: - - 9c235210-6834-11ea-a78c-6ffb38a34414 + example: 9c235210-6834-11ea-a78c-6ffb38a34414 includeComments: in: query name: includeComments @@ -2834,8 +1436,7 @@ components: required: true schema: type: string - examples: - - 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 connector_id: in: path name: connectorId @@ -2843,8 +1444,7 @@ components: required: true schema: type: string - examples: - - abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 user_action_types: in: query name: types @@ -2869,24 +1469,13 @@ components: - tags - title - user - examples: - - - create_case - space_id: - in: path - name: spaceId - description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. - required: true - schema: - type: string - examples: - - default + example: create_case schemas: assignees: - type: - - array - - 'null' + type: array description: An array containing users that are assigned to the case. maxItems: 10 + nullable: true items: type: object required: @@ -2895,8 +1484,7 @@ components: uid: type: string description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - examples: - - u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 connector_properties_none: title: Create or update case request properties for no connector required: @@ -2909,26 +1497,21 @@ components: properties: fields: description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null. - type: - - string - - 'null' - examples: - - null + nullable: true + type: string + example: null id: description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. type: string - examples: - - none + example: none name: description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. type: string - examples: - - none + example: none type: description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`. type: string - examples: - - .none + example: .none enum: - .none connector_properties_cases_webhook: @@ -2942,11 +1525,9 @@ components: type: object properties: fields: - type: - - string - - 'null' - examples: - - null + type: string + nullable: true + example: null id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -2956,8 +1537,7 @@ components: type: description: The type of connector. type: string - examples: - - .cases-webhook + example: .cases-webhook enum: - .cases-webhook connector_properties_jira: @@ -2980,19 +1560,16 @@ components: properties: issueType: description: The type of issue. - type: - - string - - 'null' + type: string + nullable: true parent: description: The key of the parent issue, when the issue type is sub-task. - type: - - string - - 'null' + type: string + nullable: true priority: description: The priority of the issue. - type: - - string - - 'null' + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -3002,8 +1579,7 @@ components: type: description: The type of connector. type: string - examples: - - .jira + example: .jira enum: - .jira connector_properties_resilient: @@ -3018,9 +1594,8 @@ components: properties: fields: description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: - - object - - 'null' + type: object + nullable: true required: - issueTypes - severityCode @@ -3042,8 +1617,7 @@ components: type: description: The type of connector. type: string - examples: - - .resilient + example: .resilient enum: - .resilient connector_properties_servicenow: @@ -3068,29 +1642,24 @@ components: properties: category: description: The category of the incident. - type: - - string - - 'null' + type: string + nullable: true impact: description: The effect an incident had on business. - type: - - string - - 'null' + type: string + nullable: true severity: description: The severity of the incident. - type: - - string - - 'null' + type: string + nullable: true subcategory: description: The subcategory of the incident. - type: - - string - - 'null' + type: string + nullable: true urgency: description: The extent to which the incident resolution can be delayed. - type: - - string - - 'null' + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -3100,8 +1669,7 @@ components: type: description: The type of connector. type: string - examples: - - .servicenow + example: .servicenow enum: - .servicenow connector_properties_servicenow_sir: @@ -3128,39 +1696,32 @@ components: properties: category: description: The category of the incident. - type: - - string - - 'null' + type: string + nullable: true destIp: description: Indicates whether cases will send a comma-separated list of destination IPs. - type: - - boolean - - 'null' + type: boolean + nullable: true malwareHash: description: Indicates whether cases will send a comma-separated list of malware hashes. - type: - - boolean - - 'null' + type: boolean + nullable: true malwareUrl: description: Indicates whether cases will send a comma-separated list of malware URLs. - type: - - boolean - - 'null' + type: boolean + nullable: true priority: description: The priority of the issue. - type: - - string - - 'null' + type: string + nullable: true sourceIp: description: Indicates whether cases will send a comma-separated list of source IPs. - type: - - boolean - - 'null' + type: boolean + nullable: true subcategory: description: The subcategory of the incident. - type: - - string - - 'null' + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -3170,8 +1731,7 @@ components: type: description: The type of connector. type: string - examples: - - .servicenow-sir + example: .servicenow-sir enum: - .servicenow-sir connector_properties_swimlane: @@ -3192,9 +1752,8 @@ components: properties: caseId: description: The case identifier for Swimlane connectors. - type: - - string - - 'null' + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -3204,8 +1763,7 @@ components: type: description: The type of connector. type: string - examples: - - .swimlane + example: .swimlane enum: - .swimlane case_description: @@ -3220,8 +1778,7 @@ components: - cases - observability - securitySolution - examples: - - cases + example: cases settings: type: object description: An object that contains the case settings. @@ -3231,8 +1788,7 @@ components: syncAlerts: description: Turns alert syncing on or off. type: boolean - examples: - - true + example: true case_severity: type: string description: The severity of the case. @@ -3323,40 +1879,31 @@ components: description: | The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. oneOf: - - type: - - string - - 'null' + - type: string minLength: 1 maxLength: 160 + nullable: true - type: boolean case_response_closed_by_properties: title: Case response properties for closed_by - type: - - object - - 'null' + type: object + nullable: true properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - email - full_name @@ -3371,13 +1918,11 @@ components: type: array items: type: string - examples: - - a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 created_at: type: string format: date-time - examples: - - '2023-11-06T19:29:38.424Z' + example: '2023-11-06T19:29:38.424Z' created_by: type: object required: @@ -3386,136 +1931,104 @@ components: - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 id: type: string - examples: - - 73362370-ab1a-11ec-985f-97e55adae8b9 + example: 73362370-ab1a-11ec-985f-97e55adae8b9 index: type: array items: type: string - examples: - - .internal.alerts-security.alerts-default-000001 + example: .internal.alerts-security.alerts-default-000001 owner: $ref: '#/components/schemas/owners' pushed_at: - type: - - string - - 'null' + type: string format: date-time - examples: - - null + example: null + nullable: true pushed_by: - type: - - object - - 'null' + type: object required: - email - full_name - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true rule: type: object properties: id: description: The rule identifier. type: string - examples: - - 94d80550-aaf4-11ec-985f-97e55adae8b9 + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 name: description: The rule name. type: string - examples: - - security_rule + example: security_rule type: type: string - examples: - - alert + example: alert enum: - alert updated_at: - type: - - string - - 'null' + type: string format: date-time + nullable: true updated_by: - type: - - object - - 'null' + type: object + nullable: true required: - email - full_name - username properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 version: type: string - examples: - - WzMwNDgsMV0= + example: WzMwNDgsMV0= user_comment_response_properties: title: Case response properties for user comments type: object @@ -3524,147 +2037,114 @@ components: properties: comment: type: string - examples: - - A new comment. + example: A new comment. created_at: type: string format: date-time - examples: - - '2022-05-13T09:16:17.416Z' + example: '2022-05-13T09:16:17.416Z' created_by: $ref: '#/components/schemas/case_response_created_by_properties' id: type: string - examples: - - 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: $ref: '#/components/schemas/owners' pushed_at: - type: - - string - - 'null' + type: string format: date-time - examples: - - null + nullable: true + example: null pushed_by: $ref: '#/components/schemas/case_response_pushed_by_properties' type: type: string - examples: - - user + example: user enum: - user updated_at: - type: - - string - - 'null' + type: string format: date-time - examples: - - null + nullable: true + example: null updated_by: $ref: '#/components/schemas/case_response_updated_by_properties' version: type: string - examples: - - WzIwNDMxLDFd + example: WzIwNDMxLDFd case_response_created_by_properties: title: Case response properties for created_by type: object properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - email - full_name - username case_response_pushed_by_properties: title: Case response properties for pushed_by - type: - - object - - 'null' + type: object + nullable: true properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - email - full_name - username case_response_updated_by_properties: title: Case response properties for updated_by - type: - - object - - 'null' + type: object + nullable: true properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - email - full_name - username external_service: - type: - - object - - 'null' + type: object + nullable: true properties: connector_id: type: string @@ -3680,32 +2160,24 @@ components: type: string format: date-time pushed_by: - type: - - object - - 'null' + type: object properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true case_status: type: string description: The status of the case. @@ -3742,15 +2214,13 @@ components: assignees: $ref: '#/components/schemas/assignees' category: - type: - - string - - 'null' + type: string description: The case category. + nullable: true closed_at: - type: - - string - - 'null' + type: string format: date-time + nullable: true closed_by: $ref: '#/components/schemas/case_response_closed_by_properties' comments: @@ -3790,8 +2260,7 @@ components: created_at: type: string format: date-time - examples: - - '2022-05-13T09:16:17.416Z' + example: '2022-05-13T09:16:17.416Z' created_by: $ref: '#/components/schemas/case_response_created_by_properties' customFields: @@ -3815,30 +2284,25 @@ components: description: | The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. oneOf: - - type: - - string - - 'null' + - type: string minLength: 1 maxLength: 160 + nullable: true - type: boolean description: type: string - examples: - - A case description. + example: A case description. duration: - type: - - integer - - 'null' + type: integer description: | The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. - examples: - - 120 + nullable: true + example: 120 external_service: $ref: '#/components/schemas/external_service' id: type: string - examples: - - 66b9aa00-94fa-11ea-9f74-e7e108796192 + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 owner: $ref: '#/components/schemas/owners' settings: @@ -3851,45 +2315,38 @@ components: type: array items: type: string - examples: - - - tag-1 + example: + - tag-1 title: type: string - examples: - - Case title 1 + example: Case title 1 totalAlerts: type: integer - examples: - - 0 + example: 0 totalComment: type: integer - examples: - - 0 + example: 0 updated_at: - type: - - string - - 'null' + type: string format: date-time + nullable: true updated_by: $ref: '#/components/schemas/case_response_updated_by_properties' version: type: string - examples: - - WzUzMiwxXQ== + example: WzUzMiwxXQ== 4xx_response: type: object title: Unsuccessful cases API response properties: error: type: string - examples: - - Unauthorized + example: Unauthorized message: type: string statusCode: type: integer - examples: - - 401 + example: 401 update_case_request: title: Update case request description: The update case API request body varies depending on the type of connector. @@ -3949,11 +2406,10 @@ components: description: | The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. oneOf: - - type: - - string - - 'null' + - type: string minLength: 1 maxLength: 160 + nullable: true - type: boolean description: $ref: '#/components/schemas/case_description' @@ -3986,8 +2442,7 @@ components: enum: - close-by-pushing - close-by-user - examples: - - close-by-user + example: close-by-user connector_types: type: string description: The type of connector. @@ -3999,8 +2454,7 @@ components: - .servicenow - .servicenow-sir - .swimlane - examples: - - .none + example: .none template_tags: description: | The words and phrases that help categorize templates. It can be an empty array. @@ -4027,23 +2481,21 @@ components: properties: fields: description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' + nullable: true + type: object id: description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string - examples: - - none + example: none name: description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' customFields: type: array + x-technical-preview: true description: Custom field values in the template. items: type: object @@ -4102,19 +2554,16 @@ components: properties: fields: description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' + nullable: true + type: object id: description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string - examples: - - none + example: none name: description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' required: @@ -4182,19 +2631,16 @@ components: properties: fields: description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - object - - 'null' + nullable: true + type: object id: description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string - examples: - - none + example: none name: description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' required: @@ -4246,8 +2692,7 @@ components: description: | The version of the connector. To retrieve the version value, use the get configuration API. type: string - examples: - - WzIwMiwxXQ== + example: WzIwMiwxXQ== alert_response_properties: type: object properties: @@ -4282,8 +2727,7 @@ components: type: description: The type of comment. type: string - examples: - - alert + example: alert enum: - alert add_user_comment_request_properties: @@ -4295,15 +2739,13 @@ components: description: The new comment. It is required only when `type` is `user`. type: string maxLength: 30000 - examples: - - A new comment. + example: A new comment. owner: $ref: '#/components/schemas/owners' type: type: string description: The type of comment. - examples: - - user + example: user enum: - user required: @@ -4321,8 +2763,7 @@ components: type: string maxItems: 1000 x-technical-preview: true - examples: - - 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 alert_indices: title: Alert indices description: | @@ -4344,13 +2785,11 @@ components: id: description: The rule identifier. type: string - examples: - - 94d80550-aaf4-11ec-985f-97e55adae8b9 + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 name: description: The rule name. type: string - examples: - - security_rule + example: security_rule add_case_comment_request: title: Add case comment request description: The add comment to case API request body varies depending on whether you are adding an alert or a comment. @@ -4381,8 +2820,7 @@ components: type: string description: | The identifier for the comment. To retrieve comment IDs, use the get comments API. - examples: - - 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 index: $ref: '#/components/schemas/alert_indices' owner: @@ -4394,14 +2832,12 @@ components: type: string enum: - alert - examples: - - alert + example: alert version: description: | The current comment version. To retrieve version values, use the get comments API. type: string - examples: - - Wzk1LDFd + example: Wzk1LDFd update_user_comment_request_properties: title: Update case comment request properties for user comments description: Defines properties for case comment requests when type is user. @@ -4411,14 +2847,12 @@ components: description: The new comment. It is required only when `type` is `user`. type: string maxLength: 30000 - examples: - - A new comment. + example: A new comment. id: type: string description: | The identifier for the comment. To retrieve comment IDs, use the get comments API. - examples: - - 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: $ref: '#/components/schemas/owners' type: @@ -4426,14 +2860,12 @@ components: description: The type of comment. enum: - user - examples: - - user + example: user version: description: | The current comment version. To retrieve version values, use the get comments API. type: string - examples: - - Wzk1LDFd + example: Wzk1LDFd required: - comment - id @@ -4459,8 +2891,7 @@ components: - delete - push_to_service - update - examples: - - create + example: create payload_alert_comment: type: object properties: @@ -4470,16 +2901,14 @@ components: alertId: oneOf: - type: string - examples: - - 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: array items: type: string index: oneOf: - type: string - examples: - - .alerts-observability.logs.alerts-default + example: .alerts-observability.logs.alerts-default - type: array items: type: string @@ -4491,13 +2920,11 @@ components: id: description: The rule identifier. type: string - examples: - - 94d80550-aaf4-11ec-985f-97e55adae8b9 + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 name: description: The rule name. type: string - examples: - - security_rule + example: security_rule type: type: string enum: @@ -4514,11 +2941,9 @@ components: type: object properties: fields: - description: | - An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. - type: - - object - - 'null' + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. + nullable: true + type: object properties: caseId: description: The case identifier for Swimlane connectors. @@ -4528,9 +2953,8 @@ components: type: string destIp: description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true impact: description: The effect an incident had on business for ServiceNow ITSM connectors. type: string @@ -4544,14 +2968,12 @@ components: type: string malwareHash: description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true malwareUrl: description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true parent: description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string @@ -4566,27 +2988,23 @@ components: type: string sourceIp: description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true subcategory: description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string - examples: - - null + example: null id: description: The identifier for the connector. To create a case without a connector, use `none`. type: string - examples: - - none + example: none name: description: The name of the connector. To create a case without a connector, use `none`. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' payload_create_case: @@ -4598,11 +3016,9 @@ components: type: object properties: fields: - description: | - An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. - type: - - object - - 'null' + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. + nullable: true + type: object properties: caseId: description: The case identifier for Swimlane connectors. @@ -4612,9 +3028,8 @@ components: type: string destIp: description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true impact: description: The effect an incident had on business for ServiceNow ITSM connectors. type: string @@ -4628,14 +3043,12 @@ components: type: string malwareHash: description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true malwareUrl: description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true parent: description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string @@ -4650,27 +3063,23 @@ components: type: string sourceIp: description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. - type: - - boolean - - 'null' + type: boolean + nullable: true subcategory: description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string - examples: - - null + example: null id: description: The identifier for the connector. To create a case without a connector, use `none`. type: string - examples: - - none + example: none name: description: The name of the connector. To create a case without a connector, use `none`. type: string - examples: - - none + example: none type: $ref: '#/components/schemas/connector_types' description: @@ -4687,15 +3096,14 @@ components: type: array items: type: string - examples: - - - tag-1 + example: + - tag-1 title: type: string payload_delete: - type: - - object - - 'null' + type: object description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. + nullable: true payload_description: type: object properties: @@ -4728,8 +3136,8 @@ components: type: array items: type: string - examples: - - - tag-1 + example: + - tag-1 payload_title: type: object properties: @@ -4765,8 +3173,7 @@ components: - status - settings - severity - examples: - - create_case + example: create_case user_actions_response_properties: type: object required: @@ -4784,48 +3191,36 @@ components: $ref: '#/components/schemas/actions' action_id: type: string - examples: - - 22fd3e30-03b1-11ed-920c-974bfa104448 + example: 22fd3e30-03b1-11ed-920c-974bfa104448 case_id: type: string - examples: - - 22df07d0-03b1-11ed-920c-974bfa104448 + example: 22df07d0-03b1-11ed-920c-974bfa104448 comment_id: - type: - - string - - 'null' - examples: - - 578608d0-03b1-11ed-920c-974bfa104448 + type: string + nullable: true + example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string format: date-time - examples: - - '2022-05-13T09:16:17.416Z' + example: '2022-05-13T09:16:17.416Z' created_by: type: object properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - email - full_name @@ -4865,49 +3260,38 @@ components: action: $ref: '#/components/schemas/actions' comment_id: - type: - - string - - 'null' - examples: - - 578608d0-03b1-11ed-920c-974bfa104448 + type: string + nullable: true + example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string format: date-time - examples: - - '2022-05-13T09:16:17.416Z' + example: '2022-05-13T09:16:17.416Z' created_by: type: object properties: email: - type: - - string - - 'null' - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - string - - 'null' - examples: - - null - profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - string - - 'null' - examples: - - elastic + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - email - full_name - username id: type: string - examples: - - 22fd3e30-03b1-11ed-920c-974bfa104448 + example: 22fd3e30-03b1-11ed-920c-974bfa104448 owner: $ref: '#/components/schemas/owners' payload: @@ -4927,8 +3311,7 @@ components: - $ref: '#/components/schemas/payload_user_comment' version: type: string - examples: - - WzM1ODg4LDFd + example: WzM1ODg4LDFd type: type: string description: The type of action. @@ -4944,8 +3327,7 @@ components: - status - settings - severity - examples: - - create_case + example: create_case examples: create_case_request: summary: Create a security case that uses a Jira connector. diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/alert_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/alert_id.yaml index 24c728f017d12..8677b327b91be 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/alert_id.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/alert_id.yaml @@ -4,5 +4,4 @@ description: An identifier for the alert. required: true schema: type: string - examples: - - 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 \ No newline at end of file + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/case_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/case_id.yaml index de7cfebbeb6bf..eebde85823746 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/case_id.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/case_id.yaml @@ -4,5 +4,4 @@ description: The identifier for the case. To retrieve case IDs, use the find cas required: true schema: type: string - examples: - - 9c235210-6834-11ea-a78c-6ffb38a34414 \ No newline at end of file + example: 9c235210-6834-11ea-a78c-6ffb38a34414 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/category.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/category.yaml index 8d28898750ae2..4fd903b11f479 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/category.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/category.yaml @@ -4,9 +4,8 @@ description: Filters the returned cases by category. schema: oneOf: - type: string + example: my-category - type: array items: type: string - maxItems: 100 - examples: - - [ my-category ] \ No newline at end of file + maxItems: 100 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/comment_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/comment_id.yaml index 852ad328c6c4e..a46f47569e8d2 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/comment_id.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/comment_id.yaml @@ -6,5 +6,4 @@ description: > required: true schema: type: string - examples: - - '71ec1870-725b-11ea-a0b2-c51ea50a58e2' \ No newline at end of file + example: '71ec1870-725b-11ea-a0b2-c51ea50a58e2' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/configuration_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/configuration_id.yaml index 884821a79952f..65cce12afaa92 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/configuration_id.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/configuration_id.yaml @@ -4,5 +4,4 @@ description: An identifier for the configuration. required: true schema: type: string - examples: - - 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 \ No newline at end of file + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/connector_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/connector_id.yaml index 7fc146b22126c..71cdc7191cfa1 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/connector_id.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/connector_id.yaml @@ -4,5 +4,4 @@ description: An identifier for the connector. To retrieve connector IDs, use the required: true schema: type: string - examples: - - abed3a70-71bd-11ea-a0b2-c51ea50a58e2 \ No newline at end of file + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/defaultSearchOperator.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/defaultSearchOperator.yaml index cd3cf8cb1c005..8e9004c859b46 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/defaultSearchOperator.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/defaultSearchOperator.yaml @@ -4,5 +4,4 @@ description: he default operator to use for the simple_query_string. schema: type: string default: OR - examples: - - OR \ No newline at end of file +example: OR \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/from.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/from.yaml index bf92b68ad6ba3..6f9a24dae5956 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/from.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/from.yaml @@ -5,5 +5,4 @@ description: > The date must be specified as a KQL data range or date match expression. schema: type: string - examples: - - now-1d \ No newline at end of file + example: now-1d \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/ids.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/ids.yaml index acd48cd0955a2..c84ec64ab2a53 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/ids.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/ids.yaml @@ -10,5 +10,4 @@ schema: type: string minItems: 1 maxItems: 100 - examples: - - [ d4e7abb0-b462-11ec-9a8d-698504725a43 ] +example: d4e7abb0-b462-11ec-9a8d-698504725a43 diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml index d4f40a4403723..3c5e511742bf2 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/owner.yaml @@ -10,5 +10,4 @@ schema: - type: array items: $ref: '../schemas/owners.yaml' - examples: - - [ cases ] \ No newline at end of file +example: cases \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/page_index.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/page_index.yaml index 8ac69a105d15b..9176d3b62094e 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/page_index.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/page_index.yaml @@ -5,5 +5,3 @@ required: false schema: type: integer default: 1 - examples: - - 1 diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/reporters.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/reporters.yaml index 3d4d24cafd3ca..db28a6c48ae02 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/reporters.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/reporters.yaml @@ -8,5 +8,4 @@ schema: items: type: string maxItems: 100 - examples: - - [ elastic ] +example: elastic diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/sortField.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/sortField.yaml index d5a49214e9d90..9df834cf9f5ac 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/sortField.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/sortField.yaml @@ -12,5 +12,4 @@ schema: - status - severity default: createdAt - examples: - - updatedAt \ No newline at end of file +example: updatedAt \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/space_id.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/space_id.yaml index 45787e844caec..0a9fba457e3e7 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/space_id.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/space_id.yaml @@ -4,5 +4,4 @@ description: An identifier for the space. If `/s/` and the identifier are omitte required: true schema: type: string - examples: - - default + example: default diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/status.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/status.yaml index b90edcd58286b..0517e7516a87f 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/status.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/status.yaml @@ -7,5 +7,4 @@ schema: - closed - in-progress - open - examples: - - open \ No newline at end of file +example: open \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/tags.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/tags.yaml index b1732fb124577..d899edbcc38eb 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/tags.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/tags.yaml @@ -8,5 +8,4 @@ schema: items: type: string maxItems: 100 - examples: - - [ tag-1 ] +example: tag-1 diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/to.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/to.yaml index dd326cabd8dca..c176ce8407803 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/to.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/to.yaml @@ -5,5 +5,4 @@ description: > The date must be specified as a KQL data range or date match expression. schema: type: string - examples: - - now+1d \ No newline at end of file +example: now+1d \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/parameters/user_action_types.yaml b/x-pack/plugins/cases/docs/openapi/components/parameters/user_action_types.yaml index 320dc67b631ca..2b04b7c806620 100644 --- a/x-pack/plugins/cases/docs/openapi/components/parameters/user_action_types.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/parameters/user_action_types.yaml @@ -21,5 +21,4 @@ schema: - tags - title - user - examples: - - [ create_case ] \ No newline at end of file +example: create_case \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/4xx_response.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/4xx_response.yaml index 72d3bd82cbf60..75d0ac39903bf 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/4xx_response.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/4xx_response.yaml @@ -3,11 +3,9 @@ title: Unsuccessful cases API response properties: error: type: string - examples: - - Unauthorized + example: Unauthorized message: type: string statusCode: type: integer - examples: - - 401 \ No newline at end of file + example: 401 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/action_types.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/action_types.yaml index 140b606b44565..3568008b07000 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/action_types.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/action_types.yaml @@ -13,5 +13,4 @@ enum: - status - settings - severity -examples: - - create_case \ No newline at end of file +example: create_case \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/actions.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/actions.yaml index f2b20517efd54..1638ed67c78e2 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/actions.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/actions.yaml @@ -5,5 +5,4 @@ enum: - delete - push_to_service - update -examples: - - create \ No newline at end of file +example: create \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml index 192e12f62857c..c99ebb19cc818 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/add_alert_comment_request_properties.yaml @@ -19,7 +19,6 @@ properties: type: description: The type of comment. type: string - examples: - - alert + example: alert enum: - alert \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml index a0740dbdc51bc..beac63c377ade 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/add_user_comment_request_properties.yaml @@ -6,15 +6,13 @@ properties: description: The new comment. It is required only when `type` is `user`. type: string maxLength: 30000 - examples: - - A new comment. + example: A new comment. owner: $ref: 'owners.yaml' type: type: string description: The type of comment. - examples: - - user + example: user enum: - user required: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml index 3305732cee6ec..443d9dcc55523 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/alert_comment_response_properties.yaml @@ -7,13 +7,11 @@ properties: type: array items: type: string - examples: - - a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 created_at: type: string format: date-time - examples: - - 2023-11-06T19:29:38.424Z + example: 2023-11-06T19:29:38.424Z created_by: type: object required: @@ -24,52 +22,44 @@ properties: $ref: 'user_properties.yaml' id: type: string - examples: - - 73362370-ab1a-11ec-985f-97e55adae8b9 + example: 73362370-ab1a-11ec-985f-97e55adae8b9 index: type: array items: type: string - examples: - - .internal.alerts-security.alerts-default-000001 + example: .internal.alerts-security.alerts-default-000001 owner: $ref: 'owners.yaml' pushed_at: - type: - - "string" - - "null" + type: string format: date-time - examples: - - null + example: null + nullable: true pushed_by: - type: - - "object" - - "null" + type: object required: - email - full_name - username properties: $ref: 'user_properties.yaml' + nullable: true rule: type: object properties: $ref: 'rule_properties.yaml' type: type: string - examples: - - alert + example: alert enum: - alert updated_at: - type: - - "string" - - "null" + type: string format: date-time + nullable: true updated_by: - type: - - "object" - - "null" + type: object + nullable: true required: - email - full_name @@ -78,5 +68,4 @@ properties: $ref: 'user_properties.yaml' version: type: string - examples: - - WzMwNDgsMV0= \ No newline at end of file + example: WzMwNDgsMV0= \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/alert_identifiers.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/alert_identifiers.yaml index 5a8f821931f57..cca8eb74f5019 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/alert_identifiers.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/alert_identifiers.yaml @@ -13,5 +13,4 @@ oneOf: type: string maxItems: 1000 x-technical-preview: true -examples: - - 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 \ No newline at end of file +example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml index 4109c4d476909..5b4e18517bd43 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/assignees.yaml @@ -1,8 +1,7 @@ -type: - - "array" - - "null" +type: array description: An array containing users that are assigned to the case. maxItems: 10 +nullable: true items: type: object required: @@ -11,5 +10,4 @@ items: uid: type: string description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - examples: - - u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 \ No newline at end of file + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_connector_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_connector_properties.yaml index 3873a8ae9e0f6..ce1669c37941e 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_connector_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_connector_properties.yaml @@ -1,17 +1,14 @@ fields: description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - type: - - "object" - - "null" + nullable: true + type: object id: description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. type: string - examples: - - none + example: none name: description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. type: string - examples: - - none + example: none type: $ref: 'connector_types.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml index 1085e1f8ef974..07a94129b0180 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_configure_response_properties.yaml @@ -7,8 +7,7 @@ connector: created_at: type: string format: date-time - examples: - - 2022-06-01T17:07:17.767Z + example: 2022-06-01T17:07:17.767Z created_by: type: object required: @@ -25,15 +24,12 @@ customFields: properties: $ref: 'case_configure_customfields.yaml' error: - type: - - 'string' - - 'null' - examples: - - null + type: string + nullable: true + example: null id: type: string - examples: - - 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 mappings: type: array items: @@ -41,38 +37,31 @@ mappings: properties: action_type: type: string - examples: - - overwrite + example: overwrite source: type: string - examples: - - title + example: title target: type: string - examples: - - summary + example: summary owner: $ref: 'owners.yaml' templates: $ref: 'templates.yaml' updated_at: - type: - - 'string' - - 'null' + type: string format: date-time - examples: - - 2022-06-01T19:58:48.169Z + nullable: true + example: 2022-06-01T19:58:48.169Z updated_by: - type: - - 'object' - - 'null' + type: object required: - email - full_name - username properties: $ref: 'user_properties.yaml' + nullable: true version: type: string - examples: - - WzIwNzMsMV0= + example: WzIwNzMsMV0= diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_customfields.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_customfields.yaml index 5a4c9f26e09b2..4170833e818cc 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_customfields.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_customfields.yaml @@ -18,9 +18,8 @@ value: However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. oneOf: - - type: - - "string" - - "null" + - type: string minLength: 1 maxLength: 160 + nullable: true - type: boolean diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_closed_by_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_closed_by_properties.yaml index 26b3eaa7395eb..95bd14e4957a3 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_closed_by_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_closed_by_properties.yaml @@ -1,7 +1,6 @@ title: Case response properties for closed_by -type: - - "object" - - "null" +type: object +nullable: true properties: $ref: 'user_properties.yaml' required: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_connector_field_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_connector_field_properties.yaml index 18f79997e31ce..1ac30d325d45e 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_connector_field_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_connector_field_properties.yaml @@ -1,8 +1,7 @@ title: Case response properties for connector fields -type: - - "object" - - "null" +type: object description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. +nullable: true properties: caseId: description: The case identifier for Swimlane connectors. @@ -12,9 +11,8 @@ properties: type: string destIp: description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. - type: - - "boolean" - - "null" + type: boolean + nullable: true impact: description: The effect an incident had on business for ServiceNow ITSM connectors. type: string @@ -28,14 +26,12 @@ properties: type: string malwareHash: description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. - type: - - "boolean" - - "null" + type: boolean + nullable: true malwareUrl: description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. - type: - - "boolean" - - "null" + type: boolean + nullable: true parent: description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml index a0ef24983502f..0c4560dc6362a 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_properties.yaml @@ -26,15 +26,13 @@ properties: assignees: $ref: 'assignees.yaml' category: - type: - - 'string' - - 'null' + type: string description: The case category. + nullable: true closed_at: - type: - - 'string' - - 'null' + type: string format: date-time + nullable: true closed_by: $ref: 'case_response_closed_by_properties.yaml' comments: @@ -74,8 +72,7 @@ properties: created_at: type: string format: date-time - examples: - - '2022-05-13T09:16:17.416Z' + example: '2022-05-13T09:16:17.416Z' created_by: $ref: 'case_response_created_by_properties.yaml' customFields: @@ -87,25 +84,21 @@ properties: $ref: 'case_customfields.yaml' description: type: string - examples: - - A case description. + example: A case description. duration: - type: - - 'integer' - - 'null' + type: integer description: > The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. - examples: - - 120 + nullable: true + example: 120 external_service: $ref: 'external_service.yaml' id: type: string - examples: - - 66b9aa00-94fa-11ea-9f74-e7e108796192 + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 owner: $ref: 'owners.yaml' settings: @@ -118,28 +111,23 @@ properties: type: array items: type: string - examples: - - [tag-1] + example: + - tag-1 title: type: string - examples: - - Case title 1 + example: Case title 1 totalAlerts: type: integer - examples: - - 0 + example: 0 totalComment: type: integer - examples: - - 0 + example: 0 updated_at: - type: - - 'string' - - 'null' + type: string format: date-time + nullable: true updated_by: $ref: 'case_response_updated_by_properties.yaml' version: type: string - examples: - - WzUzMiwxXQ== + example: WzUzMiwxXQ== diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_pushed_by_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_pushed_by_properties.yaml index 72f2c3ef619a2..c59a5565c98b9 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_pushed_by_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_pushed_by_properties.yaml @@ -1,7 +1,6 @@ title: Case response properties for pushed_by -type: - - "object" - - "null" +type: object +nullable: true properties: $ref: 'user_properties.yaml' required: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_updated_by_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_updated_by_properties.yaml index 8e475c5d205d6..cd1bae033f2ff 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_updated_by_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/case_response_updated_by_properties.yaml @@ -1,7 +1,6 @@ title: Case response properties for updated_by -type: - - "object" - - "null" +type: object +nullable: true properties: $ref: 'user_properties.yaml' required: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/closure_types.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/closure_types.yaml index 8484d4d051ca4..6879f820d6f5c 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/closure_types.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/closure_types.yaml @@ -3,5 +3,4 @@ description: Indicates whether a case is automatically closed when it is pushed enum: - close-by-pushing - close-by-user -examples: - - close-by-user \ No newline at end of file +example: close-by-user \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/comment_types.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/comment_types.yaml index 6a41e07aada44..9731b8ce4fad5 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/comment_types.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/comment_types.yaml @@ -3,5 +3,4 @@ description: The type of comment. enum: - alert - user -examples: - - user \ No newline at end of file +example: user \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties.yaml index e68c226ee9b92..9416a31f38775 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties.yaml @@ -1,11 +1,7 @@ fields: - description: > - An object containing the connector fields. - To create a case without a connector, specify null. - If you want to omit any individual field, specify null as its value. - type: - - "object" - - "null" + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. + nullable: true + type: object properties: caseId: description: The case identifier for Swimlane connectors. @@ -15,9 +11,8 @@ fields: type: string destIp: description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. - type: - - "boolean" - - "null" + type: boolean + nullable: true impact: description: The effect an incident had on business for ServiceNow ITSM connectors. type: string @@ -31,14 +26,12 @@ fields: type: string malwareHash: description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. - type: - - "boolean" - - "null" + type: boolean + nullable: true malwareUrl: description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. - type: - - "boolean" - - "null" + type: boolean + nullable: true parent: description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string @@ -53,26 +46,22 @@ fields: type: string sourceIp: description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. - type: - - "boolean" - - "null" + type: boolean + nullable: true subcategory: description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string - examples: - - null + example: null id: description: The identifier for the connector. To create a case without a connector, use `none`. type: string - examples: - - none + example: none name: description: The name of the connector. To create a case without a connector, use `none`. type: string - examples: - - none + example: none type: $ref: 'connector_types.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_cases_webhook.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_cases_webhook.yaml index b204dcbdd9f4d..871b3180bc22e 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_cases_webhook.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_cases_webhook.yaml @@ -8,11 +8,9 @@ description: Defines properties for connectors when type is `.cases-webhook`. type: object properties: fields: - type: - - "string" - - "null" - examples: - - null + type: string + nullable: true + example: null id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -22,7 +20,6 @@ properties: type: description: The type of connector. type: string - examples: - - .cases-webhook + example: .cases-webhook enum: - .cases-webhook \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_jira.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_jira.yaml index 6eb1c0baa8e4e..a63f1fbd568d0 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_jira.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_jira.yaml @@ -17,19 +17,16 @@ properties: properties: issueType: description: The type of issue. - type: - - "string" - - "null" + type: string + nullable: true parent: description: The key of the parent issue, when the issue type is sub-task. - type: - - "string" - - "null" + type: string + nullable: true priority: description: The priority of the issue. - type: - - "string" - - "null" + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -39,7 +36,6 @@ properties: type: description: The type of connector. type: string - examples: - - .jira + example: .jira enum: - .jira diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_none.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_none.yaml index 2497b1357c86c..c1bc49372f645 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_none.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_none.yaml @@ -9,25 +9,20 @@ type: object properties: fields: description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null. - type: - - "string" - - "null" - examples: - - null + nullable: true + type: string + example: null id: description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. type: string - examples: - - none + example: none name: description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. type: string - examples: - - none + example: none type: description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`. type: string - examples: - - .none + example: .none enum: - .none \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_resilient.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_resilient.yaml index df8e34057de0e..bf7929b3060e3 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_resilient.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_resilient.yaml @@ -9,9 +9,8 @@ type: object properties: fields: description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: - - "object" - - "null" + type: object + nullable: true required: - issueTypes - severityCode @@ -33,7 +32,6 @@ properties: type: description: The type of connector. type: string - examples: - - .resilient + example: .resilient enum: - .resilient \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow.yaml index 7a57a9e69ccc2..5bc76ab7a9dd1 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow.yaml @@ -19,29 +19,24 @@ properties: properties: category: description: The category of the incident. - type: - - "string" - - "null" + type: string + nullable: true impact: description: The effect an incident had on business. - type: - - "string" - - "null" + type: string + nullable: true severity: description: The severity of the incident. - type: - - "string" - - "null" + type: string + nullable: true subcategory: description: The subcategory of the incident. - type: - - "string" - - "null" + type: string + nullable: true urgency: description: The extent to which the incident resolution can be delayed. - type: - - "string" - - "null" + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -51,7 +46,6 @@ properties: type: description: The type of connector. type: string - examples: - - .servicenow + example: .servicenow enum: - .servicenow \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow_sir.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow_sir.yaml index cafff746d18f5..42245f9771e39 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow_sir.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_servicenow_sir.yaml @@ -21,39 +21,32 @@ properties: properties: category: description: The category of the incident. - type: - - "string" - - "null" + type: string + nullable: true destIp: description: Indicates whether cases will send a comma-separated list of destination IPs. - type: - - "boolean" - - "null" + type: boolean + nullable: true malwareHash: description: Indicates whether cases will send a comma-separated list of malware hashes. - type: - - "boolean" - - "null" + type: boolean + nullable: true malwareUrl: description: Indicates whether cases will send a comma-separated list of malware URLs. - type: - - "boolean" - - "null" + type: boolean + nullable: true priority: description: The priority of the issue. - type: - - "string" - - "null" + type: string + nullable: true sourceIp: description: Indicates whether cases will send a comma-separated list of source IPs. - type: - - "boolean" - - "null" + type: boolean + nullable: true subcategory: description: The subcategory of the incident. - type: - - "string" - - "null" + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -63,7 +56,6 @@ properties: type: description: The type of connector. type: string - examples: - - .servicenow-sir + example: .servicenow-sir enum: - .servicenow-sir \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_swimlane.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_swimlane.yaml index 9cde6dd09d7c8..f4c138463078b 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_swimlane.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_properties_swimlane.yaml @@ -15,9 +15,8 @@ properties: properties: caseId: description: The case identifier for Swimlane connectors. - type: - - "string" - - "null" + type: string + nullable: true id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -27,7 +26,6 @@ properties: type: description: The type of connector. type: string - examples: - - .swimlane + example: .swimlane enum: - .swimlane \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_types.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_types.yaml index 4bc12b3ae9481..fc23b9cab5f8a 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/connector_types.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/connector_types.yaml @@ -8,5 +8,4 @@ enum: - .servicenow - .servicenow-sir - .swimlane -examples: - - .none \ No newline at end of file +example: .none \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml index 411f977928a8c..b3b3182b8c964 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/external_service.yaml @@ -1,6 +1,5 @@ -type: - - "object" - - "null" +type: object +nullable: true properties: connector_id: type: string @@ -16,8 +15,7 @@ properties: type: string format: date-time pushed_by: - type: - - "object" - - "null" + type: object properties: - $ref: 'user_properties.yaml' \ No newline at end of file + $ref: 'user_properties.yaml' + nullable: true \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml index fa265756d9506..9036fd5a3833a 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/owners.yaml @@ -6,5 +6,4 @@ enum: - cases - observability - securitySolution -examples: - - cases \ No newline at end of file +example: cases \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml index eaaaa539a33ca..0b0d3fc3c07ce 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_alert_comment.yaml @@ -6,16 +6,14 @@ properties: alertId: oneOf: - type: string - examples: - - 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: array items: type: string index: oneOf: - type: string - examples: - - .alerts-observability.logs.alerts-default + example: .alerts-observability.logs.alerts-default - type: array items: type: string diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml index a5483b6412871..728614cd36692 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_create_case.yaml @@ -20,7 +20,6 @@ properties: type: array items: type: string - examples: - - ["tag-1"] + example: ["tag-1"] title: type: string \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml index 29e16039ec273..933d91305dca7 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_delete.yaml @@ -1,4 +1,3 @@ -type: - - "object" - - "null" -description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. \ No newline at end of file +type: object +description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. +nullable: true \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_tags.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_tags.yaml index 8ea6902802514..bed767719e6f3 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/payload_tags.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/payload_tags.yaml @@ -4,5 +4,4 @@ properties: type: array items: type: string - examples: - - ["tag-1"] \ No newline at end of file + example: ["tag-1"] \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/rule.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/rule.yaml index 0a4dfb828dcb5..09712b57ce138 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/rule.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/rule.yaml @@ -10,10 +10,8 @@ properties: id: description: The rule identifier. type: string - examples: - - 94d80550-aaf4-11ec-985f-97e55adae8b9 + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 name: description: The rule name. type: string - examples: - - security_rule \ No newline at end of file + example: security_rule \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/rule_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/rule_properties.yaml index 2ed5e0e89e8d7..64b93b77429a4 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/rule_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/rule_properties.yaml @@ -1,10 +1,8 @@ id: description: The rule identifier. type: string - examples: - - 94d80550-aaf4-11ec-985f-97e55adae8b9 + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 name: description: The rule name. type: string - examples: - - security_rule \ No newline at end of file + example: security_rule \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/settings.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/settings.yaml index 576b8b9dff157..a344eb0491951 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/settings.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/settings.yaml @@ -6,5 +6,4 @@ properties: syncAlerts: description: Turns alert syncing on or off. type: boolean - examples: - - true \ No newline at end of file + example: true \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml index 5c5619cec298a..2c7bd5dcc1215 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/update_alert_comment_request_properties.yaml @@ -17,8 +17,7 @@ properties: description: > The identifier for the comment. To retrieve comment IDs, use the get comments API. - examples: - - 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 index: $ref: 'alert_indices.yaml' owner: @@ -30,12 +29,10 @@ properties: type: string enum: - alert - examples: - - alert + example: alert version: description: > The current comment version. To retrieve version values, use the get comments API. type: string - examples: - - Wzk1LDFd \ No newline at end of file + example: Wzk1LDFd \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_configuration_request.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_configuration_request.yaml index e359eea8e1030..aa6329b7370de 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_configuration_request.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/update_case_configuration_request.yaml @@ -36,5 +36,4 @@ properties: The version of the connector. To retrieve the version value, use the get configuration API. type: string - examples: - - WzIwMiwxXQ== + example: WzIwMiwxXQ== diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/update_user_comment_request_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/update_user_comment_request_properties.yaml index 003f12d63a30d..a83050e93eaaf 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/update_user_comment_request_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/update_user_comment_request_properties.yaml @@ -6,15 +6,13 @@ properties: description: The new comment. It is required only when `type` is `user`. type: string maxLength: 30000 - examples: - - A new comment. + example: A new comment. id: type: string description: > The identifier for the comment. To retrieve comment IDs, use the get comments API. - examples: - - 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: $ref: 'owners.yaml' type: @@ -22,15 +20,13 @@ properties: description: The type of comment. enum: - user - examples: - - user + example: user version: description: > The current comment version. To retrieve version values, use the get comments API. type: string - examples: - - Wzk1LDFd + example: Wzk1LDFd required: - comment - id diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_find_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_find_response_properties.yaml index 12b45d987598b..a17f98d8007ad 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_find_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_find_response_properties.yaml @@ -13,16 +13,13 @@ properties: action: $ref: 'actions.yaml' comment_id: - type: - - "string" - - "null" - examples: - - 578608d0-03b1-11ed-920c-974bfa104448 + type: string + nullable: true + example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string format: date-time - examples: - - 2022-05-13T09:16:17.416Z + example: 2022-05-13T09:16:17.416Z created_by: type: object properties: @@ -33,8 +30,7 @@ properties: - username id: type: string - examples: - - 22fd3e30-03b1-11ed-920c-974bfa104448 + example: 22fd3e30-03b1-11ed-920c-974bfa104448 owner: $ref: 'owners.yaml' payload: @@ -54,8 +50,7 @@ properties: - $ref: 'payload_user_comment.yaml' version: type: string - examples: - - WzM1ODg4LDFd + example: WzM1ODg4LDFd type: type: string description: The type of action. @@ -71,5 +66,4 @@ properties: - status - settings - severity - examples: - - create_case + example: create_case diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml index 02521d975d8de..ef39c531c357d 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_actions_response_properties.yaml @@ -14,23 +14,18 @@ properties: $ref: 'actions.yaml' action_id: type: string - examples: - - 22fd3e30-03b1-11ed-920c-974bfa104448 + example: 22fd3e30-03b1-11ed-920c-974bfa104448 case_id: type: string - examples: - - 22df07d0-03b1-11ed-920c-974bfa104448 + example: 22df07d0-03b1-11ed-920c-974bfa104448 comment_id: - type: - - "string" - - "null" - examples: - - 578608d0-03b1-11ed-920c-974bfa104448 + type: string + nullable: true + example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string format: date-time - examples: - - 2022-05-13T09:16:17.416Z + example: 2022-05-13T09:16:17.416Z created_by: type: object properties: diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml index 832d603e366dc..b1727d3279abe 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_comment_response_properties.yaml @@ -5,46 +5,37 @@ required: properties: comment: type: string - examples: - - A new comment. + example: A new comment. created_at: type: string format: date-time - examples: - - 2022-05-13T09:16:17.416Z + example: 2022-05-13T09:16:17.416Z created_by: $ref: 'case_response_created_by_properties.yaml' id: type: string - examples: - - 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 owner: $ref: 'owners.yaml' pushed_at: - type: - - "string" - - "null" + type: string format: date-time - examples: - - null + nullable: true + example: null pushed_by: $ref: 'case_response_pushed_by_properties.yaml' type: type: string - examples: - - user + example: user enum: - user updated_at: - type: - - "string" - - "null" + type: string format: date-time - examples: - - null + nullable: true + example: null updated_by: $ref: 'case_response_updated_by_properties.yaml' version: type: string - examples: - - WzIwNDMxLDFd \ No newline at end of file + example: WzIwNDMxLDFd \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml b/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml index 3c5439ac7aeee..19b76a6000c02 100644 --- a/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml +++ b/x-pack/plugins/cases/docs/openapi/components/schemas/user_properties.yaml @@ -1,22 +1,15 @@ email: - type: - - "string" - - "null" - examples: - - null + type: string + example: null + nullable: true full_name: - type: - - "string" - - "null" - examples: - - null -profile_uid: type: string - examples: - - u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + example: null + nullable: true username: - type: - - "string" - - "null" - examples: - - elastic + type: string + example: elastic + nullable: true +profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 diff --git a/x-pack/plugins/cases/docs/openapi/entrypoint.yaml b/x-pack/plugins/cases/docs/openapi/entrypoint.yaml index dff3dff43622c..764de3e6570fb 100644 --- a/x-pack/plugins/cases/docs/openapi/entrypoint.yaml +++ b/x-pack/plugins/cases/docs/openapi/entrypoint.yaml @@ -1,8 +1,8 @@ -openapi: 3.1.0 +openapi: 3.0.1 info: title: Cases description: OpenAPI schema for Cases endpoints - version: '0.2' + version: '0.1' contact: name: Cases Team license: @@ -37,6 +37,8 @@ paths: $ref: 'paths/api@cases@{caseid}@alerts.yaml' '/api/cases/{caseId}/comments': $ref: 'paths/api@cases@{caseid}@comments.yaml' + '/api/cases/{caseId}/comments/_find': + $ref: 'paths/api@cases@{caseid}@comments@_find.yaml' '/api/cases/{caseId}/comments/{commentId}': $ref: 'paths/api@cases@{caseid}@comments@{commentid}.yaml' '/api/cases/{caseId}/connector/{connectorId}/_push': @@ -48,50 +50,50 @@ paths: '/api/cases/configure/connectors/_find': $ref: paths/api@cases@configure@connectors@_find.yaml # Paths with space identifiers - '/s/{spaceId}/api/cases': - $ref: 'paths/s@{spaceid}@api@cases.yaml' - '/s/{spaceId}/api/cases/_find': - $ref: 'paths/s@{spaceid}@api@cases@_find.yaml' - '/s/{spaceId}/api/cases/alerts/{alertId}': - $ref: 'paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml' - '/s/{spaceId}/api/cases/configure': - $ref: paths/s@{spaceid}@api@cases@configure.yaml - '/s/{spaceId}/api/cases/configure/{configurationId}': - $ref: paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml - '/s/{spaceId}/api/cases/configure/connectors/_find': - $ref: paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml - '/s/{spaceId}/api/cases/reporters': - $ref: 'paths/s@{spaceid}@api@cases@reporters.yaml' - '/s/{spaceId}/api/cases/status': - $ref: 'paths/s@{spaceid}@api@cases@status.yaml' - '/s/{spaceId}/api/cases/tags': - $ref: 'paths/s@{spaceid}@api@cases@tags.yaml' - '/s/{spaceId}/api/cases/{caseId}': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}.yaml' - '/s/{spaceId}/api/cases/{caseId}/alerts': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml' - '/s/{spaceId}/api/cases/{caseId}/comments': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments.yaml' - '/s/{spaceId}/api/cases/{caseId}/comments/_find': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments@_find.yaml' - '/s/{spaceId}/api/cases/{caseId}/comments/{commentId}': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml' - '/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml' - '/s/{spaceId}/api/cases/{caseId}/user_actions': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml' - '/s/{spaceId}/api/cases/{caseId}/user_actions/_find': - $ref: 'paths/s@{spaceid}@api@cases@{caseid}@user_actions@_find.yaml' -components: - securitySchemes: - basicAuth: - type: http - scheme: basic - apiKeyAuth: - type: apiKey - in: header - name: Authorization - description: 'e.g. Authorization: ApiKey base64AccessApiKey' -security: - - basicAuth: [] - - apiKeyAuth: [] + # '/s/{spaceId}/api/cases': + # $ref: 'paths/s@{spaceid}@api@cases.yaml' + # '/s/{spaceId}/api/cases/_find': + # $ref: 'paths/s@{spaceid}@api@cases@_find.yaml' + # '/s/{spaceId}/api/cases/alerts/{alertId}': + # $ref: 'paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml' + # '/s/{spaceId}/api/cases/configure': + # $ref: paths/s@{spaceid}@api@cases@configure.yaml + # '/s/{spaceId}/api/cases/configure/{configurationId}': + # $ref: paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml + # '/s/{spaceId}/api/cases/configure/connectors/_find': + # $ref: paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml + # '/s/{spaceId}/api/cases/reporters': + # $ref: 'paths/s@{spaceid}@api@cases@reporters.yaml' + # '/s/{spaceId}/api/cases/status': + # $ref: 'paths/s@{spaceid}@api@cases@status.yaml' + # '/s/{spaceId}/api/cases/tags': + # $ref: 'paths/s@{spaceid}@api@cases@tags.yaml' + # '/s/{spaceId}/api/cases/{caseId}': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}.yaml' + # '/s/{spaceId}/api/cases/{caseId}/alerts': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml' + # '/s/{spaceId}/api/cases/{caseId}/comments': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments.yaml' + # '/s/{spaceId}/api/cases/{caseId}/comments/_find': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments@_find.yaml' + # '/s/{spaceId}/api/cases/{caseId}/comments/{commentId}': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml' + # '/s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml' + # '/s/{spaceId}/api/cases/{caseId}/user_actions': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml' + # '/s/{spaceId}/api/cases/{caseId}/user_actions/_find': + # $ref: 'paths/s@{spaceid}@api@cases@{caseid}@user_actions@_find.yaml' +# components: +# securitySchemes: +# basicAuth: +# type: http +# scheme: basic +# apiKeyAuth: +# type: apiKey +# in: header +# name: Authorization +# description: 'e.g. Authorization: ApiKey base64AccessApiKey' +# security: +# - basicAuth: [] +# - apiKeyAuth: [] diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases.yaml index f92df59625dc2..d4b5cf73208f4 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases.yaml @@ -1,5 +1,5 @@ post: - summary: Creates a case in the default space. + summary: Create a case operationId: createCaseDefaultSpace description: > You must have `all` privileges for the **Cases** feature in the @@ -36,7 +36,7 @@ post: $ref: '../components/schemas/4xx_response.yaml' delete: - summary: Deletes one or more cases in the default space. + summary: Delete cases operationId: deleteCaseDefaultSpace description: > You must have `read` or `all` privileges and the `delete` sub-feature @@ -59,7 +59,7 @@ delete: $ref: '../components/schemas/4xx_response.yaml' patch: - summary: Updates one or more cases in the default space. + summary: Update cases operationId: updateCaseDefaultSpace description: > You must have `all` privileges for the **Cases** feature in the diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@_find.yaml index aa926636802a2..bfceadc7a7c55 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@_find.yaml @@ -1,5 +1,5 @@ get: - summary: Retrieves a paginated subset of cases in the default space. + summary: Search cases operationId: findCasesDefaultSpace description: > You must have `read` privileges for the **Cases** feature in the diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@alerts@{alertid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@alerts@{alertid}.yaml index 7914c8a994c60..0531c2675bce2 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@alerts@{alertid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@alerts@{alertid}.yaml @@ -1,5 +1,5 @@ get: - summary: Returns the cases associated with a specific alert in the default space. + summary: Get cases for an alert operationId: getCasesByAlertDefaultSpace description: > You must have `read` privileges for the **Cases** feature in the @@ -28,7 +28,7 @@ get: title: type: string description: The case title. - examples: + example: - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 title: security_case '401': diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure.yaml index 5618eb08a4b72..b4c0d9b7ddf79 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure.yaml @@ -1,8 +1,8 @@ get: - summary: Get case settings in the default space + summary: Get case settings operationId: getCaseConfigurationDefaultSpace description: > - Retrieves setting details such as the closure type, custom fields, templatse, and the default connector for cases in the default space. + Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created. @@ -32,7 +32,7 @@ get: $ref: '../components/schemas/4xx_response.yaml' post: - summary: Add case settings in the default space + summary: Add case settings operationId: setCaseConfigurationDefaultSpace description: > Case settings include external connection details, custom fields, and templates. diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@connectors@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@connectors@_find.yaml index 5ce6113cf699d..9d0bea7ef029b 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@connectors@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@connectors@_find.yaml @@ -1,8 +1,8 @@ get: - summary: Get case connectors in the default space + summary: Get case connectors operationId: findCaseConnectorsDefaultSpace description: > - Retrieves information about connectors that are supported for use in cases in the default space. + Get information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. tags: - cases diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@{configurationid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@{configurationid}.yaml index 90f75c8d45e45..262730590b9d1 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@{configurationid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@configure@{configurationid}.yaml @@ -1,8 +1,8 @@ patch: - summary: Update case settings in the default space + summary: Update case settings operationId: updateCaseConfigurationDefaultSpace description: > - Updates setting details such as the closure type, custom fields, templates, and the default connector for cases in the default space. + Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@reporters.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@reporters.yaml index 15fca2baef247..61a791073cd80 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@reporters.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@reporters.yaml @@ -1,7 +1,8 @@ get: - summary: Returns information about the users who opened cases in the default space. + summary: Get case creators operationId: getCaseReportersDefaultSpace description: > + Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@status.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@status.yaml index cd0792b7b3174..13600ae78d9d1 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@status.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@status.yaml @@ -1,11 +1,10 @@ get: - summary: Returns the number of cases that are open, closed, and in progress in the default space. + summary: Get case status summary operationId: getCaseStatusDefaultSpace description: > + Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. deprecated: true tags: - cases diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@tags.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@tags.yaml index 5f0083d087b5c..0117a1461280b 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@tags.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@tags.yaml @@ -1,7 +1,8 @@ get: - summary: Aggregates and returns a list of case tags in the default space. + summary: Get case tags operationId: getCaseTagsDefaultSpace description: > + Aggregates and returns a list of case tags. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. tags: - cases diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}.yaml index c5b52a52b741f..9f195e9d67f94 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}.yaml @@ -1,5 +1,5 @@ get: - summary: Retrieves information about a case in the default space. + summary: Get case information operationId: getCaseDefaultSpace description: > You must have `read` privileges for the **Cases** feature in the diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@alerts.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@alerts.yaml index 525fb25f4b6d5..cbf4803df681a 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@alerts.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@alerts.yaml @@ -1,5 +1,5 @@ get: - summary: Gets all alerts attached to a case in the default space. + summary: Get all alerts for a case description: > You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments.yaml index fa25d6263143d..be5fc2aa49d95 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments.yaml @@ -1,5 +1,5 @@ post: - summary: Adds a comment or alert to a case in the default space. + summary: Add a case comment or alert operationId: addCaseCommentDefaultSpace description: > You must have `all` privileges for the **Cases** feature in the @@ -38,9 +38,10 @@ post: $ref: '../components/schemas/4xx_response.yaml' delete: - summary: Deletes all comments and alerts from a case in the default space. + summary: Delete all case comments and alerts operationId: deleteCaseCommentsDefaultSpace description: > + Deletes all comments and alerts from a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. @@ -60,7 +61,7 @@ delete: $ref: '../components/schemas/4xx_response.yaml' patch: - summary: Updates a comment or alert in a case in the default space. + summary: Update a case comment or alert operationId: updateCaseCommentDefaultSpace description: > You must have `all` privileges for the **Cases** feature in the @@ -99,7 +100,7 @@ patch: $ref: '../components/schemas/4xx_response.yaml' get: - summary: Retrieves all the comments from a case in the default space. + summary: Get all case comments operationId: getAllCaseCommentsDefaultSpace description: > Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments@_find.yaml similarity index 69% rename from x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@_find.yaml rename to x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments@_find.yaml index b027660aaf1ea..c1d874f95f8b4 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments@_find.yaml @@ -1,10 +1,9 @@ get: - summary: Retrieves all the user comments from a case. - operationId: findCaseComments + summary: Find case comments and alerts + operationId: findCaseCommentsDefaultSpace description: > - You must have `read` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature privileges, - depending on the owner of the cases with the comments you're seeking. + Retrieves a paginated list of comments for a case. + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. tags: - cases parameters: @@ -12,7 +11,6 @@ get: - $ref: '../components/parameters/page_index.yaml' - $ref: '../components/parameters/page_size.yaml' - $ref: '../components/parameters/sort_order.yaml' - - $ref: '../components/parameters/space_id.yaml' responses: '200': description: Indicates a successful call. diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments@{commentid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments@{commentid}.yaml index 354b008201406..0e6071826d703 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments@{commentid}.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@comments@{commentid}.yaml @@ -1,5 +1,5 @@ delete: - summary: Deletes a comment or alert from a case in the default space. + summary: Delete a case comment or alert operationId: deleteCaseCommentDefaultSpace description: > You must have `all` privileges for the **Cases** feature in the @@ -22,7 +22,7 @@ delete: $ref: '../components/schemas/4xx_response.yaml' get: - summary: Retrieves a comment from a case in the default space. + summary: Get a case comment or alert operationId: getCaseCommentDefaultSpace description: > You must have `read` privileges for the **Cases** feature in the **Management**, diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml index 8b52cf5d013cd..f5cff3b88bbd0 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@connector@{connectorid}@_push.yaml @@ -1,5 +1,5 @@ post: - summary: Pushes a case in the default space to an external service. + summary: Push a case to an external service description: > You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. @@ -14,9 +14,8 @@ post: content: application/json: schema: - type: - - "object" - - "null" + type: object + nullable: true responses: '200': description: Indicates a successful call. diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions.yaml index 83657ecc123b3..049f1ee895c2c 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions.yaml @@ -1,6 +1,7 @@ get: - summary: Returns all user activity for a case in the default space. + summary: Get case activity description: > + Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana diff --git a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions@_find.yaml index 99caec414b132..470bb26ac51ab 100644 --- a/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions@_find.yaml +++ b/x-pack/plugins/cases/docs/openapi/paths/api@cases@{caseid}@user_actions@_find.yaml @@ -1,6 +1,7 @@ get: - summary: Finds user activity for a case in the default space. + summary: Find case activity description: > + Retrives a paginated list of user activity for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml deleted file mode 100644 index 1703dc5eecdc5..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases.yaml +++ /dev/null @@ -1,100 +0,0 @@ -post: - summary: Creates a case. - operationId: createCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - tags: - - cases - parameters: - - $ref: ../components/headers/kbn_xsrf.yaml - - $ref: '../components/parameters/space_id.yaml' - requestBody: - required: true - content: - application/json: - schema: - $ref: '../components/schemas/create_case_request.yaml' - examples: - createCaseRequest: - $ref: '../components/examples/create_case_request.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '../components/schemas/case_response_properties.yaml' - examples: - createCaseResponse: - $ref: '../components/examples/create_case_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - -delete: - summary: Deletes one or more cases. - operationId: deleteCase - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature privileges, - depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: ../components/headers/kbn_xsrf.yaml - - $ref: '../components/parameters/ids.yaml' - - $ref: '../components/parameters/space_id.yaml' - responses: - '204': - description: Indicates a successful call. - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - -patch: - summary: Updates one or more cases. - operationId: updateCase - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - tags: - - cases - parameters: - - $ref: ../components/headers/kbn_xsrf.yaml - - $ref: '../components/parameters/space_id.yaml' - requestBody: - content: - application/json: - schema: - $ref: '../components/schemas/update_case_request.yaml' - examples: - updateCaseRequest: - $ref: '../components/examples/update_case_request.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '../components/schemas/case_response_properties.yaml' - examples: - updateCaseResponse: - $ref: '../components/examples/update_case_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml deleted file mode 100644 index a688b10389ecd..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@_find.yaml +++ /dev/null @@ -1,60 +0,0 @@ -get: - summary: Retrieves a paginated subset of cases. - operationId: findCases - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - tags: - - cases - parameters: - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/assignees.yaml' - - $ref: '../components/parameters/category.yaml' - - $ref: '../components/parameters/defaultSearchOperator.yaml' - - $ref: '../components/parameters/from.yaml' - - $ref: '../components/parameters/owner.yaml' - - $ref: '../components/parameters/page_index.yaml' - - $ref: '../components/parameters/page_size.yaml' - - $ref: '../components/parameters/reporters.yaml' - - $ref: '../components/parameters/search.yaml' - - $ref: '../components/parameters/searchFields.yaml' - - $ref: '../components/parameters/severity.yaml' - - $ref: '../components/parameters/sortField.yaml' - - $ref: '../components/parameters/sort_order.yaml' - - $ref: '../components/parameters/status.yaml' - - $ref: '../components/parameters/tags.yaml' - - $ref: '../components/parameters/to.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - cases: - type: array - items: - $ref: '../components/schemas/case_response_properties.yaml' - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - page: - type: integer - per_page: - type: integer - total: - type: integer - examples: - findCaseResponse: - $ref: '../components/examples/find_case_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml deleted file mode 100644 index 0ffe229fd9e69..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@alerts@{alertid}.yaml +++ /dev/null @@ -1,39 +0,0 @@ -get: - summary: Returns the cases associated with a specific alert. - operationId: getCasesByAlert - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - x-technical-preview: true - tags: - - cases - parameters: - - $ref: ../components/parameters/alert_id.yaml - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/owner.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - id: - type: string - description: The case identifier. - title: - type: string - description: The case title. - examples: - - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 - title: security_case - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure.yaml deleted file mode 100644 index 7e616ed1c4f14..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure.yaml +++ /dev/null @@ -1,75 +0,0 @@ -get: - summary: Get case settings - operationId: getCaseConfiguration - description: > - Retrieves setting details such as the closure type, custom fields, templates, and the default connector for cases. - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on where the cases were created. - tags: - - cases - parameters: - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/owner.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - $ref: '../components/schemas/case_configure_response_properties.yaml' - examples: - getConfigurationResponse: - $ref: '../components/examples/get_case_configuration_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - -post: - summary: Add case settings - operationId: setCaseConfiguration - description: > - Case settings include external connection details, custom fields, and templates. - Connectors are used to interface with external systems. - You must create a connector before you can use it in your cases. - If you set a default connector, it is automatically selected when you create cases in Kibana. - If you use the create case API, however, you must still specify all of the connector details. - You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases. - tags: - - cases - parameters: - - $ref: ../components/headers/kbn_xsrf.yaml - - $ref: '../components/parameters/space_id.yaml' - requestBody: - content: - application/json: - schema: - $ref: '../components/schemas/set_case_configuration_request.yaml' - examples: - setCaseConfigRequest: - $ref: '../components/examples/set_case_configuration_request.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - $ref: '../components/schemas/case_configure_response_properties.yaml' - examples: - setCaseConfigResponse: - $ref: '../components/examples/set_case_configuration_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml deleted file mode 100644 index b496bb141f2ee..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@connectors@_find.yaml +++ /dev/null @@ -1,30 +0,0 @@ -get: - summary: Get case connectors - operationId: findCaseConnectors - description: > - Retrieves information about connectors that are supported for use in cases. - You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. - tags: - - cases - parameters: - - $ref: '../components/parameters/space_id.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - properties: - $ref: '../components/schemas/connector_response_properties.yaml' - examples: - findConnectorResponse: - $ref: '../components/examples/find_connector_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml deleted file mode 100644 index 5d31a7e027cb2..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@configure@{configurationid}.yaml +++ /dev/null @@ -1,42 +0,0 @@ -patch: - summary: Update case settings - operationId: updateCaseConfiguration - description: > - Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. - Connectors are used to interface with external systems. - You must create a connector before you can use it in your cases. - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on where the case was created. - tags: - - cases - parameters: - - $ref: ../components/headers/kbn_xsrf.yaml - - $ref: ../components/parameters/configuration_id.yaml - - $ref: '../components/parameters/space_id.yaml' - requestBody: - content: - application/json: - schema: - $ref: '../components/schemas/update_case_configuration_request.yaml' - examples: - updateCaseConfigurationRequest: - $ref: '../components/examples/update_case_configuration_request.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - $ref: '../components/schemas/case_configure_response_properties.yaml' - examples: - updateCaseConfigurationResponse: - $ref: '../components/examples/update_case_configuration_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@reporters.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@reporters.yaml deleted file mode 100644 index b2a3bd11d5c9c..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@reporters.yaml +++ /dev/null @@ -1,40 +0,0 @@ -get: - summary: Returns information about the users who opened cases. - operationId: getCaseReporters - description: > - You must have read privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature privileges, - depending on the owner of the cases. - The API returns information about the users as they existed at the time of - the case creation, including their name, full name, and email address. If - any of those details change thereafter or if a user is deleted, the - information returned by this API is unchanged. - tags: - - cases - parameters: - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/owner.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: object - required: - - email - - full_name - - username - properties: - $ref: '../components/schemas/user_properties.yaml' - examples: - getReportersResponse: - $ref: '../components/examples/get_reporters_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@status.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@status.yaml deleted file mode 100644 index d4a6292e6e0fb..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@status.yaml +++ /dev/null @@ -1,35 +0,0 @@ -get: - summary: Returns the number of cases that are open, closed, and in progress. - operationId: getCaseStatus - description: > - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/owner.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@tags.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@tags.yaml deleted file mode 100644 index 88025633b12d1..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@tags.yaml +++ /dev/null @@ -1,30 +0,0 @@ -get: - summary: Aggregates and returns a list of case tags. - operationId: getCaseTags - description: > - You must have read privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - tags: - - cases - parameters: - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/owner.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - type: string - examples: - getTagsResponse: - $ref: '../components/examples/get_tags_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml deleted file mode 100644 index aecd3f6394bb7..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}.yaml +++ /dev/null @@ -1,31 +0,0 @@ -get: - summary: Retrieves information about a case. - operationId: getCase - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. - tags: - - cases - parameters: - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/includeComments.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '../components/schemas/case_response_properties.yaml' - examples: - getCaseResponse: - $ref: '../components/examples/get_case_response.yaml' - getObservabilityCaseReponse: - $ref: '../components/examples/get_case_observability_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml deleted file mode 100644 index 7784c49bf9ca0..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@alerts.yaml +++ /dev/null @@ -1,31 +0,0 @@ -get: - summary: Gets all alerts attached to a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - x-technical-preview: true - operationId: getCaseAlerts - tags: - - cases - parameters: - - $ref: ../components/parameters/case_id.yaml - - $ref: '../components/parameters/space_id.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '../components/schemas/alert_response_properties.yaml' - examples: - getCaseAlertsResponse: - $ref: '../components/examples/get_case_alerts_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml deleted file mode 100644 index 0551151b613f1..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments.yaml +++ /dev/null @@ -1,131 +0,0 @@ -post: - summary: Adds a comment or alert to a case. - operationId: addCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - NOTE: Each case can have a maximum of 1,000 alerts. - tags: - - cases - parameters: - - $ref: '../components/headers/kbn_xsrf.yaml' - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - requestBody: - required: true - content: - application/json: - schema: - $ref: '../components/schemas/add_case_comment_request.yaml' - examples: - createCaseCommentRequest: - $ref: '../components/examples/add_comment_request.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '../components/schemas/case_response_properties.yaml' - examples: - createCaseCommentResponse: - $ref: '../components/examples/add_comment_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - -delete: - summary: Deletes all comments and alerts from a case. - operationId: deleteCaseComments - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '../components/headers/kbn_xsrf.yaml' - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - responses: - '204': - description: Indicates a successful call. - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - -patch: - summary: Updates a comment or alert in a case. - operationId: updateCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. - tags: - - cases - parameters: - - $ref: '../components/headers/kbn_xsrf.yaml' - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - requestBody: - required: true - content: - application/json: - schema: - $ref: '../components/schemas/update_case_comment_request.yaml' - examples: - updateCaseCommentRequest: - $ref: '../components/examples/update_comment_request.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '../components/schemas/case_response_properties.yaml' - examples: - updateCaseCommentResponse: - $ref: '../components/examples/update_comment_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - -get: - summary: Retrieves all the comments from a case. - operationId: getAllCaseComments - description: > - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; - instead, use the get case comment API, which requires a comment identifier in the path. - You must have `read` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature privileges, - depending on the owner of the cases with the comments you're seeking. - deprecated: true - tags: - - cases - parameters: - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '../components/schemas/case_response_properties.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml deleted file mode 100644 index 2db1929ae4373..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@comments@{commentid}.yaml +++ /dev/null @@ -1,55 +0,0 @@ -delete: - summary: Deletes a comment or alert from a case. - operationId: deleteCaseComment - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. - tags: - - cases - parameters: - - $ref: '../components/headers/kbn_xsrf.yaml' - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/comment_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - responses: - '204': - description: Indicates a successful call. - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' - -get: - summary: Retrieves a comment from a case. - operationId: getCaseComment - description: > - You must have `read` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature privileges, - depending on the owner of the cases with the comments you're seeking. - tags: - - cases - parameters: - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/comment_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - oneOf: - - $ref: '../components/schemas/alert_comment_response_properties.yaml' - - $ref: '../components/schemas/user_comment_response_properties.yaml' - examples: - getCaseCommentResponse: - $ref: '../components/examples/get_comment_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml deleted file mode 100644 index c06972c8dd0e8..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@connector@{connectorid}@_push.yaml +++ /dev/null @@ -1,39 +0,0 @@ -post: - summary: Pushes a case to an external service. - description: > - You must have `all` privileges for the **Actions and Connectors** feature in - the **Management** section of the Kibana feature privileges. You must also - have `all` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature privileges, - depending on the owner of the case you're pushing. - operationId: pushCase - tags: - - cases - parameters: - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/connector_id.yaml' - - $ref: '../components/headers/kbn_xsrf.yaml' - - $ref: '../components/parameters/space_id.yaml' - requestBody: - content: - application/json: - schema: - type: - - "object" - - "null" - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - $ref: '../components/schemas/case_response_properties.yaml' - examples: - pushCaseResponse: - $ref: '../components/examples/push_case_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml deleted file mode 100644 index 0cb3770be5b13..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions.yaml +++ /dev/null @@ -1,29 +0,0 @@ -get: - summary: Returns all user activity for a case. - description: > - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. - deprecated: true - operationId: getCaseActivity - tags: - - cases - parameters: - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: array - items: - $ref: '../components/schemas/user_actions_response_properties.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' \ No newline at end of file diff --git a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions@_find.yaml b/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions@_find.yaml deleted file mode 100644 index 9fda51fa59792..0000000000000 --- a/x-pack/plugins/cases/docs/openapi/paths/s@{spaceid}@api@cases@{caseid}@user_actions@_find.yaml +++ /dev/null @@ -1,43 +0,0 @@ -get: - summary: Finds user activity for a case. - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. - operationId: findCaseActivity - tags: - - cases - parameters: - - $ref: '../components/parameters/case_id.yaml' - - $ref: '../components/parameters/space_id.yaml' - - $ref: '../components/parameters/page_index.yaml' - - $ref: '../components/parameters/page_size.yaml' - - $ref: '../components/parameters/sort_order.yaml' - - $ref: '../components/parameters/user_action_types.yaml' - responses: - '200': - description: Indicates a successful call. - content: - application/json: - schema: - type: object - properties: - page: - type: integer - perPage: - type: integer - total: - type: integer - userActions: - type: array - items: - $ref: '../components/schemas/user_actions_find_response_properties.yaml' - examples: - findCaseActivityResponse: - $ref: '../components/examples/find_case_activity_response.yaml' - '401': - description: Authorization information is missing or invalid. - content: - application/json: - schema: - $ref: '../components/schemas/4xx_response.yaml' diff --git a/x-pack/plugins/cases/server/routes/api/cases/alerts/get_cases.ts b/x-pack/plugins/cases/server/routes/api/cases/alerts/get_cases.ts index e82c93039b2bc..9ff212f3d4774 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/alerts/get_cases.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/alerts/get_cases.ts @@ -22,6 +22,7 @@ export const getCasesByAlertIdRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Get cases for an alert`, + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/cases/delete_cases.ts b/x-pack/plugins/cases/server/routes/api/cases/delete_cases.ts index a9b05c92e0f3d..65016de1758ae 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/delete_cases.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/delete_cases.ts @@ -17,6 +17,7 @@ export const deleteCaseRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Delete cases`, + tags: ['oas-tag:cases'], }, params: { query: schema.object({ diff --git a/x-pack/plugins/cases/server/routes/api/cases/find_cases.ts b/x-pack/plugins/cases/server/routes/api/cases/find_cases.ts index 070bb4f125725..3e92333615991 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/find_cases.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/find_cases.ts @@ -16,6 +16,7 @@ export const findCaseRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Search cases`, + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/cases/get_case.ts b/x-pack/plugins/cases/server/routes/api/cases/get_case.ts index b7557359b005e..b988a85aa052c 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/get_case.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/get_case.ts @@ -22,7 +22,7 @@ const params = { /** * @deprecated since version 8.1.0 */ - includeComments: schema.boolean({ defaultValue: true }), + includeComments: schema.boolean({ defaultValue: true, meta: { deprecated: true } }), }), }; @@ -33,6 +33,7 @@ export const getCaseRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Get a case`, + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response, logger, kibanaVersion }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/cases/patch_cases.ts b/x-pack/plugins/cases/server/routes/api/cases/patch_cases.ts index 9a01378d0a86c..1e0c1b3984225 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/patch_cases.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/patch_cases.ts @@ -16,7 +16,8 @@ export const patchCaseRoute = createCasesRoute({ path: CASES_URL, routerOptions: { access: 'public', - summary: `Update cases`, + summary: 'Update cases', + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/cases/post_case.ts b/x-pack/plugins/cases/server/routes/api/cases/post_case.ts index f72819bf7536d..f9440e428af40 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/post_case.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/post_case.ts @@ -17,6 +17,7 @@ export const postCaseRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Create a case`, + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/cases/push_case.ts b/x-pack/plugins/cases/server/routes/api/cases/push_case.ts index 2933a383aa13d..4e46034c7d8f7 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/push_case.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/push_case.ts @@ -19,6 +19,7 @@ export const pushCaseRoute: CaseRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Push a case to an external service`, + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/cases/reporters/get_reporters.ts b/x-pack/plugins/cases/server/routes/api/cases/reporters/get_reporters.ts index 9945b5ffa13bf..c196cc01e8417 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/reporters/get_reporters.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/reporters/get_reporters.ts @@ -15,7 +15,8 @@ export const getReportersRoute = createCasesRoute({ path: CASE_REPORTERS_URL, routerOptions: { access: 'public', - summary: `Get all case creators`, + summary: `Get case creators`, + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/cases/tags/get_tags.ts b/x-pack/plugins/cases/server/routes/api/cases/tags/get_tags.ts index 1d34fb3e566b1..11a9aa006e77f 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/tags/get_tags.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/tags/get_tags.ts @@ -16,6 +16,7 @@ export const getTagsRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Get case tags`, + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/comments/delete_all_comments.ts b/x-pack/plugins/cases/server/routes/api/comments/delete_all_comments.ts index 499b102dbed73..26c4400212339 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/delete_all_comments.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/delete_all_comments.ts @@ -15,7 +15,10 @@ export const deleteAllCommentsRoute = createCasesRoute({ path: CASE_COMMENTS_URL, routerOptions: { access: 'public', - summary: `Delete all alerts and comments from a case`, + summary: `Delete all case comments and alerts`, + tags: ['oas-tag:cases'], + description: 'Deletes all comments and alerts from a case.', + // You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. }, params: { params: schema.object({ diff --git a/x-pack/plugins/cases/server/routes/api/comments/delete_comment.ts b/x-pack/plugins/cases/server/routes/api/comments/delete_comment.ts index 2d0e30bf49eca..40fe590d8e2f7 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/delete_comment.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/delete_comment.ts @@ -22,7 +22,9 @@ export const deleteCommentRoute = createCasesRoute({ }, routerOptions: { access: 'public', - summary: `Delete an alert or comment from a case`, + summary: `Delete a case comment or alert`, + // decription: 'You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.', + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/comments/find_comments.ts b/x-pack/plugins/cases/server/routes/api/comments/find_comments.ts index d44deffc1a9ae..933d0bb1b0fd5 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/find_comments.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/find_comments.ts @@ -22,7 +22,10 @@ export const findCommentsRoute = createCasesRoute({ }, routerOptions: { access: 'public', - summary: `Get all alerts and comments for a case`, + summary: `Find case comments and alerts`, + tags: ['oas-tag:cases'], + description: 'Retrieves a paginated list of comments and alerts for a case.', + // You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/comments/get_alerts.ts b/x-pack/plugins/cases/server/routes/api/comments/get_alerts.ts index 4de1d4690f3b3..988cee1f854d6 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/get_alerts.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/get_alerts.ts @@ -23,6 +23,8 @@ export const getAllAlertsAttachedToCaseRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Get all alerts for a case`, + tags: ['oas-tag:cases'], + // description: 'You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you\'re seeking.', }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/comments/get_all_comment.ts b/x-pack/plugins/cases/server/routes/api/comments/get_all_comment.ts index 10f6b072636aa..a33b638f5310e 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/get_all_comment.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/get_all_comment.ts @@ -28,7 +28,10 @@ export const getAllCommentsRoute = createCasesRoute({ }, routerOptions: { access: 'public', - summary: `Gets all comments for a case`, + summary: `Gets all case comments`, + tags: ['oas-tag:cases'], + // description: 'You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you\'re seeking.', + deprecated: true, }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/comments/get_comment.ts b/x-pack/plugins/cases/server/routes/api/comments/get_comment.ts index 69382492ff40b..6a1a56b4d6358 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/get_comment.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/get_comment.ts @@ -23,7 +23,9 @@ export const getCommentRoute = createCasesRoute({ }, routerOptions: { access: 'public', - summary: `Get an alert or comment for a case`, + summary: `Get a case comment or alert`, + // decription: 'You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.', + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/comments/patch_comment.ts b/x-pack/plugins/cases/server/routes/api/comments/patch_comment.ts index ecd4bc6454e55..ce00c566321d5 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/patch_comment.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/patch_comment.ts @@ -23,7 +23,10 @@ export const patchCommentRoute = createCasesRoute({ }, routerOptions: { access: 'public', - summary: `Update an alert or comment in a case`, + summary: `Update a case comment or alert`, + tags: ['oas-tag:cases'], + description: 'You cannot change the comment type or the owner of a comment.', + // You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/comments/post_comment.ts b/x-pack/plugins/cases/server/routes/api/comments/post_comment.ts index 8128439b74672..a44c93f9a7879 100644 --- a/x-pack/plugins/cases/server/routes/api/comments/post_comment.ts +++ b/x-pack/plugins/cases/server/routes/api/comments/post_comment.ts @@ -22,7 +22,10 @@ export const postCommentRoute = createCasesRoute({ }, routerOptions: { access: 'public', - summary: `Add an alert or comment to a case`, + summary: `Add a case comment or alert`, + tags: ['oas-tag:cases'], + description: 'Each case can have a maximum of 1,000 alerts.', + // You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/configure/get_configure.ts b/x-pack/plugins/cases/server/routes/api/configure/get_configure.ts index 21407054bb970..881fc71833a65 100644 --- a/x-pack/plugins/cases/server/routes/api/configure/get_configure.ts +++ b/x-pack/plugins/cases/server/routes/api/configure/get_configure.ts @@ -17,7 +17,9 @@ export const getCaseConfigureRoute = createCasesRoute({ access: 'public', summary: 'Get case settings', description: - 'Retrieves setting details such as the closure type, custom fields, templates, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created.', + 'Retrieves setting details such as the closure type, custom fields, templates, and the default connector for cases.', + // You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created. + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/configure/get_connectors.ts b/x-pack/plugins/cases/server/routes/api/configure/get_connectors.ts index 8c6aa326d4ddb..a11af001480e6 100644 --- a/x-pack/plugins/cases/server/routes/api/configure/get_connectors.ts +++ b/x-pack/plugins/cases/server/routes/api/configure/get_connectors.ts @@ -16,11 +16,11 @@ export const getConnectorsRoute = createCasesRoute({ method: 'get', path: `${CASE_CONFIGURE_CONNECTORS_URL}/_find`, routerOptions: { - tags: ['access:casesGetConnectorsConfigure'], + tags: ['access:casesGetConnectorsConfigure', 'oas-tag:cases'], access: 'public', summary: 'Get case connectors', - description: - 'Retrieves information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.', + description: 'Retrieves information about connectors that are supported for use in cases.', + // You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. }, handler: async ({ context, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/configure/patch_configure.ts b/x-pack/plugins/cases/server/routes/api/configure/patch_configure.ts index f7f3fa51c7a89..9deb650fa91e4 100644 --- a/x-pack/plugins/cases/server/routes/api/configure/patch_configure.ts +++ b/x-pack/plugins/cases/server/routes/api/configure/patch_configure.ts @@ -19,7 +19,9 @@ export const patchCaseConfigureRoute = createCasesRoute({ access: 'public', summary: 'Update case settings', description: - 'Updates case settings such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created.', + 'Updates case settings such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases.', + // You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created. + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/configure/post_configure.ts b/x-pack/plugins/cases/server/routes/api/configure/post_configure.ts index 9797f8805d85d..fa42207ac211c 100644 --- a/x-pack/plugins/cases/server/routes/api/configure/post_configure.ts +++ b/x-pack/plugins/cases/server/routes/api/configure/post_configure.ts @@ -19,7 +19,9 @@ export const postCaseConfigureRoute = createCasesRoute({ access: 'public', summary: 'Add case settings', description: - 'Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases.', + 'Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.', + // You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases. + tags: ['oas-tag:cases'], }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/stats/get_status.ts b/x-pack/plugins/cases/server/routes/api/stats/get_status.ts index 1db0220365a02..07d02c0b6713f 100644 --- a/x-pack/plugins/cases/server/routes/api/stats/get_status.ts +++ b/x-pack/plugins/cases/server/routes/api/stats/get_status.ts @@ -22,6 +22,11 @@ export const getStatusRoute: CaseRoute = createCasesRoute({ routerOptions: { access: 'public', summary: `Get case status summary`, + tags: ['oas-tag:cases'], + description: + 'Returns the number of cases that are open, closed, and in progress in the default space.', + // You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + deprecated: true, }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/user_actions/find_user_actions.ts b/x-pack/plugins/cases/server/routes/api/user_actions/find_user_actions.ts index 0a6c818cffa8b..3002a4c67305e 100644 --- a/x-pack/plugins/cases/server/routes/api/user_actions/find_user_actions.ts +++ b/x-pack/plugins/cases/server/routes/api/user_actions/find_user_actions.ts @@ -22,7 +22,12 @@ export const findUserActionsRoute = createCasesRoute({ }, routerOptions: { access: 'public', - summary: `Get user activity for a case`, + summary: `Find case activity`, + tags: ['oas-tag:cases'], + description: 'Returns a paginated list of user activity for a case.', + // You must have `read` privileges for the **Cases** feature in the + // **Management**, **Observability**, or **Security** section of the Kibana + // feature privileges, depending on the owner of the case you're seeking. }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/user_actions/get_all_user_actions.ts b/x-pack/plugins/cases/server/routes/api/user_actions/get_all_user_actions.ts index e69e7197c1ece..5edc7a261b3c4 100644 --- a/x-pack/plugins/cases/server/routes/api/user_actions/get_all_user_actions.ts +++ b/x-pack/plugins/cases/server/routes/api/user_actions/get_all_user_actions.ts @@ -26,7 +26,11 @@ export const getUserActionsRoute = createCasesRoute({ options: { deprecated: true }, routerOptions: { access: 'public', - summary: `Get all user activity for a case`, + summary: 'Get case activity', + description: `Returns all user activity for a case.`, + // You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. + tags: ['oas-tag:cases'], + deprecated: true, }, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/select_inference_id.test.tsx b/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/select_inference_id.test.tsx index 177900f3d6b6a..75afa8c9455b2 100644 --- a/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/select_inference_id.test.tsx +++ b/x-pack/plugins/index_management/__jest__/client_integration/index_details_page/select_inference_id.test.tsx @@ -23,7 +23,14 @@ const mockDispatch = jest.fn(); jest.mock('../../../public/application/app_context', () => ({ useAppContext: jest.fn().mockReturnValue({ - core: { application: {} }, + core: { + application: {}, + http: { + basePath: { + get: jest.fn().mockReturnValue('/base-path'), + }, + }, + }, docLinks: { links: { enterpriseSearch: { diff --git a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/field_parameters/select_inference_id.tsx b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/field_parameters/select_inference_id.tsx index 19a4426bb7e87..672d64766e576 100644 --- a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/field_parameters/select_inference_id.tsx +++ b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/field_parameters/select_inference_id.tsx @@ -89,17 +89,13 @@ const SelectInferenceIdContent: React.FC = ({ value, }) => { const { - core: { application }, + core: { application, http }, docLinks, plugins: { ml }, } = useAppContext(); const config = getFieldConfig('inference_id'); - const getMlTrainedModelPageUrl = useCallback(async () => { - return await ml?.locator?.getUrl({ - page: 'trained_models', - }); - }, [ml]); + const inferenceEndpointsPageLink = `${http.basePath.get()}/app/enterprise_search/relevance/inference_endpoints`; const [isInferenceFlyoutVisible, setIsInferenceFlyoutVisible] = useState(false); const [availableTrainedModels, setAvailableTrainedModels] = useState< @@ -250,10 +246,7 @@ const SelectInferenceIdContent: React.FC = ({ size="s" data-test-subj="manageInferenceEndpointButton" onClick={async () => { - const mlTrainedPageUrl = await getMlTrainedModelPageUrl(); - if (typeof mlTrainedPageUrl === 'string') { - application.navigateToUrl(mlTrainedPageUrl); - } + application.navigateToUrl(inferenceEndpointsPageLink); }} > {i18n.translate( diff --git a/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.test.tsx b/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.test.tsx index 8e7fb9e310f66..73842e6cae114 100644 --- a/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.test.tsx +++ b/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.test.tsx @@ -14,16 +14,21 @@ import { FilterPopover } from './filter_popover'; import { LabelInput } from '../shared_components'; import { QueryStringInput } from '@kbn/unified-search-plugin/public'; import { QueryInput } from '@kbn/visualization-ui-components'; +import { Query } from '@kbn/es-query'; -jest.mock('.', () => ({ - isQueryValid: () => true, - defaultLabel: 'label', -})); +jest.mock('.', () => ({})); + +jest.mock('@kbn/visualization-ui-components', () => { + const original = jest.requireActual('@kbn/visualization-ui-components'); + + return { + ...original, + isQueryValid: jest.fn((q: Query) => (q.query === 'bytes >= 1 and' ? false : true)), + }; +}); jest.mock('@kbn/unified-search-plugin/public', () => ({ - QueryStringInput: () => { - return 'QueryStringInput'; - }, + QueryStringInput: () => 'QueryStringInput', })); describe('filter popover', () => { @@ -118,6 +123,16 @@ describe('filter popover', () => { }); }); + it('should not call setFilter if QueryInput value is not valid', () => { + const setFilter = jest.fn(); + const instance = shallow(); + instance.find(QueryInput).prop('onChange')!({ + query: 'bytes >= 1 and', + language: 'kuery', + }); + expect(setFilter).not.toHaveBeenCalled(); + }); + it('should call setFilter when modifying LabelInput', () => { const setFilter = jest.fn(); const instance = shallow(); diff --git a/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.tsx b/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.tsx index 35327fb91b678..1f3f5ba94e63b 100644 --- a/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.tsx +++ b/x-pack/plugins/lens/public/datasources/form_based/operations/definitions/filters/filter_popover.tsx @@ -7,7 +7,7 @@ import './filter_popover.scss'; -import React from 'react'; +import React, { useState } from 'react'; import { EuiPopover, EuiSpacer } from '@elastic/eui'; import type { Query } from '@kbn/es-query'; // Need to keep it separate to make it work Jest mocks in dimension_panel tests @@ -36,9 +36,18 @@ export const FilterPopover = ({ triggerClose: () => void; }) => { const inputRef = React.useRef(); + const [localFilter, setLocalFilter] = useState(() => filter); - const setFilterLabel = (label: string) => setFilter({ ...filter, label }); - const setFilterQuery = (input: Query) => setFilter({ ...filter, input }); + const setFilterLabel = (label: string) => { + setLocalFilter({ ...localFilter, label }); + setFilter({ ...filter, label }); + }; + const setFilterQuery = (input: Query) => { + setLocalFilter({ ...localFilter, input }); + if (isQueryValid(input, indexPattern)) { + setFilter({ ...filter, input }); + } + }; const getPlaceholder = (query: Query['query']) => { if (query === '') { @@ -49,6 +58,10 @@ export const FilterPopover = ({ return String(query); } }; + const closePopover = () => { + setLocalFilter({ ...localFilter, input: filter.input }); + triggerClose(); + }; return ( diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/infra/get_infra_metrics.ts b/x-pack/plugins/observability_solution/infra/common/http_api/infra/get_infra_metrics.ts index 24d27a2394570..03114642146ff 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/infra/get_infra_metrics.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/infra/get_infra_metrics.ts @@ -48,7 +48,6 @@ export const GetInfraMetricsRequestBodyPayloadRT = rt.intersection([ type: rt.literal('host'), limit: rt.union([inRangeRt(1, 500), createLiteralValueFromUndefinedRT(20)]), metrics: rt.array(rt.type({ type: InfraMetricTypeRT })), - sourceId: rt.string, range: RangeRT, }), ]); diff --git a/x-pack/plugins/observability_solution/infra/common/metrics_sources/get_has_data.ts b/x-pack/plugins/observability_solution/infra/common/metrics_sources/get_has_data.ts new file mode 100644 index 0000000000000..0ef9e5b3af20d --- /dev/null +++ b/x-pack/plugins/observability_solution/infra/common/metrics_sources/get_has_data.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; + +export const getHasDataQueryParamsRT = rt.partial({ + // Integrations `event.module` value + modules: rt.union([rt.string, rt.array(rt.string)]), +}); + +export const getHasDataResponseRT = rt.partial({ + hasData: rt.boolean, +}); + +export type GetHasDataQueryParams = rt.TypeOf; +export type GetHasDataResponse = rt.TypeOf; diff --git a/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_view.ts b/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_view.ts index 280cb463a5bce..700046a9f936c 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_view.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_view.ts @@ -17,7 +17,6 @@ import createContainer from 'constate'; import { BoolQuery } from '@kbn/es-query'; import { isPending, useFetcher } from '../../../../hooks/use_fetcher'; import { useKibanaContextForPlugin } from '../../../../hooks/use_kibana'; -import { useSourceContext } from '../../../../containers/metrics_source'; import { useUnifiedSearchContext } from './use_unified_search'; import { GetInfraMetricsRequestBodyPayload, @@ -39,7 +38,6 @@ const HOST_TABLE_METRICS: Array<{ type: InfraAssetMetricType }> = [ const BASE_INFRA_METRICS_PATH = '/api/metrics/infra'; export const useHostsView = () => { - const { sourceId } = useSourceContext(); const { services: { telemetry }, } = useKibanaContextForPlugin(); @@ -50,10 +48,9 @@ export const useHostsView = () => { createInfraMetricsRequest({ dateRange: parsedDateRange, esQuery: buildQuery(), - sourceId, limit: searchCriteria.limit, }), - [buildQuery, parsedDateRange, sourceId, searchCriteria.limit] + [buildQuery, parsedDateRange, searchCriteria.limit] ); const { data, error, status } = useFetcher( @@ -94,12 +91,10 @@ export const [HostsViewProvider, useHostsViewContext] = HostsView; const createInfraMetricsRequest = ({ esQuery, - sourceId, dateRange, limit, }: { esQuery: { bool: BoolQuery }; - sourceId: string; dateRange: StringDateRange; limit: number; }): GetInfraMetricsRequestBodyPayload => ({ @@ -111,5 +106,4 @@ const createInfraMetricsRequest = ({ }, metrics: HOST_TABLE_METRICS, limit, - sourceId, }); diff --git a/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_infra_metrics_client.ts b/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_infra_metrics_client.ts index 8e8934fb7b3f0..298cf44ec85b1 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_infra_metrics_client.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_infra_metrics_client.ts @@ -6,8 +6,8 @@ */ import type { ESSearchRequest, InferSearchResponseOf } from '@kbn/es-types'; import type { KibanaRequest } from '@kbn/core/server'; +import { MetricsDataClient } from '@kbn/metrics-data-access-plugin/server'; import type { InfraPluginRequestHandlerContext } from '../../types'; -import { InfraSources } from '../sources'; import { KibanaFramework } from '../adapters/framework/kibana_framework_adapter'; type RequiredParams = Omit & { @@ -20,20 +20,21 @@ type RequiredParams = Omit & { export type InfraMetricsClient = Awaited>; export async function getInfraMetricsClient({ - sourceId, framework, - infraSources, + metricsDataAccess, requestContext, request, }: { - sourceId: string; framework: KibanaFramework; - infraSources: InfraSources; + metricsDataAccess: MetricsDataClient; requestContext: InfraPluginRequestHandlerContext; request?: KibanaRequest; }) { - const soClient = (await requestContext.core).savedObjects.getClient(); - const source = await infraSources.getSourceConfiguration(soClient, sourceId); + const coreContext = await requestContext.core; + const savedObjectsClient = coreContext.savedObjects.client; + const indices = await metricsDataAccess.getMetricIndices({ + savedObjectsClient, + }); return { search( @@ -44,7 +45,7 @@ export async function getInfraMetricsClient({ 'search', { ...searchParams, - index: source.configuration.metricAlias, + index: indices, }, request ) as Promise; diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts index d6b4ecf18c642..c9d7d5676aab4 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts @@ -47,9 +47,8 @@ export const initInfraAssetRoutes = (libs: InfraBackendLibs) => { const infraMetricsClient = await getInfraMetricsClient({ framework, request, - infraSources: libs.sources, + metricsDataAccess: libs.metricsClient, requestContext, - sourceId: params.sourceId, }); const alertsClient = await getInfraAlertsClient({ @@ -102,15 +101,14 @@ export const initInfraAssetRoutes = (libs: InfraBackendLibs) => { const body: GetInfraAssetCountRequestBodyPayload = request.body; const params: GetInfraAssetCountRequestParamsPayload = request.params; const { assetType } = params; - const { query, from, to, sourceId } = body; + const { query, from, to } = body; try { const infraMetricsClient = await getInfraMetricsClient({ framework, request, - infraSources: libs.sources, + metricsDataAccess: libs.metricsClient, requestContext, - sourceId, }); const assetCount = await getHostsCount({ diff --git a/x-pack/plugins/observability_solution/infra/server/routes/metrics_sources/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/metrics_sources/index.ts index f325b0c6b4560..8183611a7a058 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/metrics_sources/index.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/metrics_sources/index.ts @@ -8,6 +8,13 @@ import { schema } from '@kbn/config-schema'; import Boom from '@hapi/boom'; import { createRouteValidationFunction } from '@kbn/io-ts-utils'; +import { termsQuery } from '@kbn/observability-plugin/server'; +import { castArray } from 'lodash'; +import { EVENT_MODULE, METRICSET_MODULE } from '../../../common/constants'; +import { + getHasDataQueryParamsRT, + getHasDataResponseRT, +} from '../../../common/metrics_sources/get_has_data'; import { InfraBackendLibs } from '../../lib/infra_types'; import { hasData } from '../../lib/sources/has_data'; import { createSearchClient } from '../../lib/create_search_client'; @@ -19,6 +26,7 @@ import { } from '../../../common/metrics_sources'; import { InfraSource, InfraSourceIndexField } from '../../lib/sources'; import { InfraPluginRequestHandlerContext } from '../../types'; +import { getInfraMetricsClient } from '../../lib/helpers/get_infra_metrics_client'; const defaultStatus = { indexFields: [], @@ -26,6 +34,8 @@ const defaultStatus = { remoteClustersExist: false, }; +const MAX_MODULES = 5; + export const initMetricsSourceConfigurationRoutes = (libs: InfraBackendLibs) => { const { framework, logger } = libs; @@ -204,6 +214,75 @@ export const initMetricsSourceConfigurationRoutes = (libs: InfraBackendLibs) => }); } ); + + framework.registerRoute( + { + method: 'get', + path: '/api/metrics/source/hasData', + validate: { + query: createRouteValidationFunction(getHasDataQueryParamsRT), + }, + }, + async (requestContext, request, response) => { + try { + const modules = castArray(request.query.modules); + + if (modules.length > MAX_MODULES) { + throw Boom.badRequest( + `'modules' size is greater than maximum of ${MAX_MODULES} allowed.` + ); + } + + const infraMetricsClient = await getInfraMetricsClient({ + framework, + request, + metricsDataAccess: libs.metricsClient, + requestContext, + }); + + const results = await infraMetricsClient.search({ + allow_no_indices: true, + ignore_unavailable: true, + body: { + track_total_hits: true, + terminate_after: 1, + size: 0, + ...(modules.length > 0 + ? { + query: { + bool: { + should: [ + ...termsQuery(EVENT_MODULE, ...modules), + ...termsQuery(METRICSET_MODULE, ...modules), + ], + minimum_should_match: 1, + }, + }, + } + : {}), + }, + }); + + return response.ok({ + body: getHasDataResponseRT.encode({ hasData: results.hits.total.value !== 0 }), + }); + } catch (err) { + if (Boom.isBoom(err)) { + return response.customError({ + statusCode: err.output.statusCode, + body: { message: err.output.payload.message }, + }); + } + + return response.customError({ + statusCode: err.statusCode ?? 500, + body: { + message: err.message ?? 'An unexpected error occurred', + }, + }); + } + } + ); }; const isFulfilled = ( diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts index 87a3aee66a884..91de8579426ea 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts @@ -8,8 +8,10 @@ import type { DeepPartial } from 'utility-types'; import { merge } from 'lodash'; import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { isProcessesAction } from '../service/response_actions/type_guards'; import { ENDPOINT_ACTION_RESPONSES_DS, ENDPOINT_ACTIONS_DS } from '../constants'; import { BaseDataGenerator } from './base_data_generator'; +import type { GetProcessesActionOutputContent } from '../types'; import { type ActionDetails, type ActionResponseOutput, @@ -211,16 +213,27 @@ export class EndpointActionGenerator extends BaseDataGenerator { generateActionDetails< TOutputContent extends EndpointActionResponseDataOutput = EndpointActionResponseDataOutput, TParameters extends EndpointActionDataParameterTypes = EndpointActionDataParameterTypes - >( - overrides: DeepPartial> = {} - ): ActionDetails { + >({ + agents: overrideAgents, + command: overrideCommand, + ...overrides + }: DeepPartial> = {}): ActionDetails< + TOutputContent, + TParameters + > { + const agents = overrideAgents ? [...(overrideAgents as string[])] : ['agent-a']; + const command = overrideCommand ?? 'isolate'; + const details: WithAllKeys = { action: '123', - agents: ['agent-a'], + agents, agentType: 'endpoint', - command: 'isolate', + command, completedAt: '2022-04-30T16:08:47.449Z', - hosts: { 'agent-a': { name: 'Host-agent-a' } }, + hosts: agents.reduce((acc, agentId) => { + acc[agentId] = { name: `Host-${agentId}` }; + return acc; + }, {} as ActionDetails['hosts']), id: '123', isCompleted: true, isExpired: false, @@ -232,21 +245,20 @@ export class EndpointActionGenerator extends BaseDataGenerator { createdBy: 'auserid', parameters: undefined, outputs: undefined, - agentState: { - 'agent-a': { + agentState: agents.reduce((acc, agentId) => { + acc[agentId] = { errors: undefined, isCompleted: true, completedAt: '2022-04-30T16:08:47.449Z', wasSuccessful: true, - }, - }, + }; + return acc; + }, {} as ActionDetails['agentState']), alertIds: undefined, ruleId: undefined, ruleName: undefined, }; - const command = overrides.command ?? details.command; - if (command === 'get-file') { if (!details.parameters) { ( @@ -391,6 +403,20 @@ export class EndpointActionGenerator extends BaseDataGenerator { }, {}); } + if (isProcessesAction(details)) { + details.outputs = agents.reduce((acc, agentId) => { + acc[agentId] = { + type: 'json', + content: { + code: 'success', + entries: this.randomResponseActionProcesses(), + }, + }; + + return acc; + }, {} as Required>['outputs']); + } + return merge(details, overrides as ActionDetails) as unknown as ActionDetails< TOutputContent, TParameters diff --git a/x-pack/plugins/security_solution/common/endpoint/service/authz/mocks.ts b/x-pack/plugins/security_solution/common/endpoint/service/authz/mocks.ts index b8f5e5cb3ef4d..cf9cc8ef94629 100644 --- a/x-pack/plugins/security_solution/common/endpoint/service/authz/mocks.ts +++ b/x-pack/plugins/security_solution/common/endpoint/service/authz/mocks.ts @@ -8,6 +8,10 @@ import type { EndpointAuthz } from '../../types/authz'; import { getEndpointAuthzInitialState } from './authz'; +/** + * Returns the Endpoint Authz values all set to `true` (authorized) + * @param overrides + */ export const getEndpointAuthzInitialStateMock = ( overrides: Partial = {} ): EndpointAuthz => { diff --git a/x-pack/plugins/security_solution/common/endpoint/service/response_actions/type_guards.ts b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/type_guards.ts index e147e726e2190..707be0a4d1e65 100644 --- a/x-pack/plugins/security_solution/common/endpoint/service/response_actions/type_guards.ts +++ b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/type_guards.ts @@ -14,6 +14,7 @@ import type { ResponseActionsExecuteParameters, ResponseActionUploadOutputContent, ResponseActionUploadParameters, + GetProcessesActionOutputContent, } from '../../types'; import { RESPONSE_ACTION_AGENT_TYPE, RESPONSE_ACTION_TYPE } from './constants'; @@ -40,6 +41,12 @@ export const isGetFileAction = ( return action.command === 'get-file'; }; +export const isProcessesAction = ( + action: MaybeImmutable +): action is ActionDetails => { + return action.command === 'running-processes'; +}; + // type guards to ensure only the matching string values are attached to the types filter type export const isAgentType = (type: string): type is (typeof RESPONSE_ACTION_AGENT_TYPE)[number] => RESPONSE_ACTION_AGENT_TYPE.includes(type as (typeof RESPONSE_ACTION_AGENT_TYPE)[number]); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/get_processes_action.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/get_processes_action.tsx index bc11fc4653ad0..54dce8a6e4add 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/get_processes_action.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/get_processes_action.tsx @@ -6,47 +6,15 @@ */ import React, { memo, useMemo } from 'react'; -import styled from 'styled-components'; -import { EuiBasicTable, EuiSpacer } from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; -import { ResponseActionFileDownloadLink } from '../../response_action_file_download_link'; -import { KeyValueDisplay } from '../../key_value_display'; +import { RunningProcessesActionResults } from '../../running_processes_action_results'; import { useConsoleActionSubmitter } from '../hooks/use_console_action_submitter'; import type { - ActionDetails, GetProcessesActionOutputContent, - MaybeImmutable, ProcessesRequestBody, } from '../../../../../common/endpoint/types'; import { useSendGetEndpointProcessesRequest } from '../../../hooks/response_actions/use_send_get_endpoint_processes_request'; import type { ActionRequestComponentProps } from '../types'; -// @ts-expect-error TS2769 -const StyledEuiBasicTable = styled(EuiBasicTable)` - table { - background-color: transparent; - } - - .euiTableHeaderCell { - border-bottom: ${(props) => props.theme.eui.euiBorderThin}; - - .euiTableCellContent__text { - font-weight: ${(props) => props.theme.eui.euiFontWeightRegular}; - } - } - - .euiTableRow { - &:hover { - background-color: ${({ theme: { eui } }) => eui.euiColorEmptyShade} !important; - } - - .euiTableRowCell { - border-top: none !important; - border-bottom: none !important; - } - } -`; - export const GetProcessesActionResult = memo( ({ command, setStore, store, status, setStatus, ResultComponent }) => { const { endpointId, agentType } = command.commandDefinition?.meta ?? {}; @@ -84,141 +52,12 @@ export const GetProcessesActionResult = memo( // Show results return ( - {agentType === 'sentinel_one' ? ( - - ) : ( - - )} + ); } ); GetProcessesActionResult.displayName = 'GetProcessesActionResult'; - -interface EndpointRunningProcessesResultsProps { - action: MaybeImmutable>; - /** If defined, only the results for the given agent id will be displayed. Else, all agents output will be displayed */ - agentId?: string; -} - -const EndpointRunningProcessesResults = memo( - ({ action, agentId }) => { - const agentIds: string[] = agentId ? [agentId] : [...action.agents]; - const columns = useMemo( - () => [ - { - field: 'user', - 'data-test-subj': 'process_list_user', - name: i18n.translate( - 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.user', - { defaultMessage: 'USER' } - ), - width: '10%', - }, - { - field: 'pid', - 'data-test-subj': 'process_list_pid', - name: i18n.translate( - 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.pid', - { defaultMessage: 'PID' } - ), - width: '5%', - }, - { - field: 'entity_id', - 'data-test-subj': 'process_list_entity_id', - name: i18n.translate( - 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.enityId', - { defaultMessage: 'ENTITY ID' } - ), - width: '30%', - }, - - { - field: 'command', - 'data-test-subj': 'process_list_command', - name: i18n.translate( - 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.command', - { defaultMessage: 'COMMAND' } - ), - width: '55%', - }, - ], - [] - ); - - return ( - <> - {agentIds.length > 1 ? ( - agentIds.map((id) => { - const hostName = action.hosts[id].name; - - return ( -
- - } - /> - -
- ); - }) - ) : ( - - )} - - ); - } -); -EndpointRunningProcessesResults.displayName = 'EndpointRunningProcessesResults'; - -interface SentinelOneRunningProcessesResultsProps { - action: MaybeImmutable>; - /** - * If defined, the results will only be displayed for the given agent id. - * If undefined, then responses for all agents are displayed - */ - agentId?: string; -} - -const SentinelOneRunningProcessesResults = memo( - ({ action, agentId }) => { - const agentIds = agentId ? [agentId] : action.agents; - - return ( - <> - {agentIds.length === 1 ? ( - - ) : ( - agentIds.map((id) => { - return ( -
- - } - /> -
- ); - }) - )} - - ); - } -); -SentinelOneRunningProcessesResults.displayName = 'SentinelOneRunningProcessesResults'; diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx index bf19e565bac9c..9897319a24900 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx @@ -24,6 +24,11 @@ import type { import { ENDPOINT_CAPABILITIES } from '../../../../../../common/endpoint/service/response_actions/constants'; import { UPGRADE_AGENT_FOR_RESPONDER } from '../../../../../common/translations'; import type { CommandDefinition } from '../../../console'; +import { useUserPrivileges as _useUserPrivileges } from '../../../../../common/components/user_privileges'; + +jest.mock('../../../../../common/components/user_privileges'); + +const useUserPrivilegesMock = _useUserPrivileges as jest.Mock; describe('When using processes action from response actions console', () => { let mockedContext: AppContextTestRender; @@ -35,6 +40,7 @@ describe('When using processes action from response actions console', () => { >; let consoleSelectors: ReturnType; let consoleCommands: CommandDefinition[]; + let userAuthzMock: ReturnType; const setConsoleCommands = ( capabilities: EndpointCapabilities[] = [...ENDPOINT_CAPABILITIES], @@ -56,6 +62,7 @@ describe('When using processes action from response actions console', () => { beforeEach(() => { mockedContext = createAppRootMockRenderer(); + userAuthzMock = mockedContext.getUserPrivilegesMockSetter(useUserPrivilegesMock); apiMocks = responseActionsHttpMocks(mockedContext.coreStart.http); setConsoleCommands(); @@ -245,6 +252,20 @@ describe('When using processes action from response actions console', () => { beforeEach(() => { mockedContext.setExperimentalFlag({ responseActionsSentinelOneProcessesEnabled: true }); setConsoleCommands([], 'sentinel_one'); + + const processesResponse = apiMocks.responseProvider.processes(); + processesResponse.data.agentType = 'sentinel_one'; + apiMocks.responseProvider.processes.mockReturnValue(processesResponse); + apiMocks.responseProvider.processes.mockClear(); + + const actionDetails = apiMocks.responseProvider.actionDetails({ + path: '/api/endpoint/action/1.2.3', + }); + actionDetails.data.agentType = 'sentinel_one'; + apiMocks.responseProvider.actionDetails.mockReturnValue(actionDetails); + apiMocks.responseProvider.actionDetails.mockClear(); + + userAuthzMock.set({ canGetRunningProcesses: true }); }); it('should display processes command --help', async () => { @@ -293,7 +314,7 @@ describe('When using processes action from response actions console', () => { await waitFor(() => { expect(renderResult.getByTestId('getProcessesSuccessCallout').textContent).toEqual( - 'Click here to download(ZIP file passcode: elastic).' + + 'Click here to download(ZIP file passcode: Elastic@123).' + 'Files are periodically deleted to clear storage space. Download and save file locally if needed.' ); }); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx index 6d1a20a5d28f1..cba1d0aee41b4 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx @@ -16,12 +16,13 @@ import { import { css, euiStyled } from '@kbn/kibana-react-plugin/common'; import { reduce } from 'lodash'; import { i18n } from '@kbn/i18n'; -import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; +import { RunningProcessesActionResults } from '../../running_processes_action_results'; import { getAgentTypeName } from '../../../../common/translations'; import { RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP } from '../../../../../common/endpoint/service/response_actions/constants'; import { isExecuteAction, isGetFileAction, + isProcessesAction, isUploadAction, } from '../../../../../common/endpoint/service/response_actions/type_guards'; import { EndpointUploadActionResult } from '../../endpoint_upload_action_result'; @@ -86,7 +87,8 @@ const StyledEuiFlexGroup = euiStyled(EuiFlexGroup).attrs({ className: 'eui-yScrollWithShadows', gutterSize: 's', })` - max-height: 270px; + max-height: 40vh; + min-height: 270px; overflow-y: auto; `; @@ -193,9 +195,24 @@ const OutputContent = memo<{ ); } + if (isProcessesAction(action)) { + return ( + +

{OUTPUT_MESSAGES.wasSuccessful(command)}

+ + + + ); + } + if (action.agentType === 'crowdstrike') { return <>{OUTPUT_MESSAGES.submittedSuccessfully(command)}; } + return <>{OUTPUT_MESSAGES.wasSuccessful(command)}; }); @@ -209,10 +226,6 @@ export const ActionsLogExpandedTray = memo<{ }>(({ action, fromAlertWorkaround = false, 'data-test-subj': dataTestSubj }) => { const getTestId = useTestIdGenerator(dataTestSubj); - const isSentinelOneV1Enabled = useIsExperimentalFeatureEnabled( - 'responseActionsSentinelOneV1Enabled' - ); - const { hosts, startedAt, @@ -277,14 +290,11 @@ export const ActionsLogExpandedTray = memo<{ [] as string[] ).join(', ') || emptyValue, }, - ]; - - if (isSentinelOneV1Enabled) { - list.push({ + { title: OUTPUT_MESSAGES.expandSection.agentType, description: getAgentTypeName(agentType) || emptyValue, - }); - } + }, + ]; return list.map(({ title, description }) => { return { @@ -296,17 +306,7 @@ export const ActionsLogExpandedTray = memo<{ ), }; }); - }, [ - agentType, - command, - comment, - completedAt, - getTestId, - hosts, - isSentinelOneV1Enabled, - parametersList, - startedAt, - ]); + }, [agentType, command, comment, completedAt, getTestId, hosts, parametersList, startedAt]); const outputList = useMemo( () => [ diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx index 48cc21f4f5a55..b764880257b08 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx @@ -353,16 +353,15 @@ describe('Response actions history', () => { }); it('should show multiple hostnames correctly', async () => { - const data = await getActionListMock({ actionCount: 1 }); - data.data[0] = { - ...data.data[0], + const data = await getActionListMock({ + actionCount: 1, hosts: { - ...data.data[0].hosts, 'agent-b': { name: 'Host-agent-b' }, 'agent-c': { name: '' }, 'agent-d': { name: 'Host-agent-d' }, }, - }; + agentIds: ['agent-a', 'agent-b', 'agent-c', 'agent-d'], + }); useGetEndpointActionListMock.mockReturnValue({ ...getBaseMockedActionList(), @@ -376,14 +375,11 @@ describe('Response actions history', () => { }); it('should show display host is unenrolled for a single agent action when metadata host name is empty', async () => { - const data = await getActionListMock({ actionCount: 1 }); - data.data[0] = { - ...data.data[0], - hosts: { - ...data.data[0].hosts, - 'agent-a': { name: '' }, - }, - }; + const data = await getActionListMock({ + actionCount: 1, + agentIds: ['agent-a'], + hosts: { 'agent-a': { name: '' } }, + }); useGetEndpointActionListMock.mockReturnValue({ ...getBaseMockedActionList(), @@ -397,16 +393,15 @@ describe('Response actions history', () => { }); it('should show display host is unenrolled for a single agent action when metadata host names are empty', async () => { - const data = await getActionListMock({ actionCount: 1 }); - data.data[0] = { - ...data.data[0], + const data = await getActionListMock({ + actionCount: 1, + agentIds: ['agent-a', 'agent-b', 'agent-c'], hosts: { - ...data.data[0].hosts, 'agent-a': { name: '' }, 'agent-b': { name: '' }, 'agent-c': { name: '' }, }, - }; + }); useGetEndpointActionListMock.mockReturnValue({ ...getBaseMockedActionList(), diff --git a/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/index.ts b/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/index.ts new file mode 100644 index 0000000000000..b741431299ea3 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './running_processes_action_results'; diff --git a/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/running_processes_action_results.test.tsx b/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/running_processes_action_results.test.tsx new file mode 100644 index 0000000000000..2f4a25ec0cf4a --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/running_processes_action_results.test.tsx @@ -0,0 +1,99 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator'; +import type { AppContextTestRender } from '../../../common/mock/endpoint'; +import { createAppRootMockRenderer } from '../../../common/mock/endpoint'; +import type { + ActionDetails, + GetProcessesActionOutputContent, +} from '../../../../common/endpoint/types'; +import { RunningProcessesActionResults } from './running_processes_action_results'; +import { useUserPrivileges as _useUserPrivileges } from '../../../common/components/user_privileges'; +import { responseActionsHttpMocks } from '../../mocks/response_actions_http_mocks'; +import { waitFor } from '@testing-library/react'; + +jest.mock('../../../common/components/user_privileges'); + +const useUserPrivilegesMock = _useUserPrivileges as jest.Mock; + +describe('Running Processes Action Results component', () => { + let appTestContext: AppContextTestRender; + let renderResult: ReturnType; + let render: () => ReturnType; + let setUserPrivileges: ReturnType; + let action: ActionDetails; + let agentId: string | undefined; + + beforeEach(() => { + action = new EndpointActionGenerator('seed').generateActionDetails({ + agents: ['agent-a', 'agent-b'], + command: 'running-processes', + }); + + agentId = 'agent-b'; + appTestContext = createAppRootMockRenderer(); + setUserPrivileges = appTestContext.getUserPrivilegesMockSetter(useUserPrivilegesMock); + setUserPrivileges.set({ canGetRunningProcesses: true }); + + responseActionsHttpMocks(appTestContext.coreStart.http); + + render = () => { + renderResult = appTestContext.render( + + ); + + return renderResult; + }; + }); + + afterEach(() => { + setUserPrivileges.reset(); + }); + + it('should display output content for endpoint agent', () => { + render(); + + expect( + Array.from(renderResult.getByTestId('test-processListTable').querySelectorAll('th')).map( + ($th) => $th.textContent + ) + ).toEqual(['USER', 'PID', 'ENTITY ID', 'COMMAND']); + }); + + it('should display output content sentinelone agent type', async () => { + action.agentType = 'sentinel_one'; + render(); + + await waitFor(() => { + expect(renderResult.getByTestId('test-download')); + }); + }); + + it('should display nothing if agent type does not support processes', () => { + action.agentType = 'crowdstrike'; + render(); + + expect(renderResult.queryByTestId('test')).toBeNull(); + }); + + it('should display output for actions sent to multiple agents', () => { + agentId = undefined; + render(); + + expect(renderResult.queryAllByTestId('test-processListTable')).toHaveLength(2); + }); + + it('should display nothing for SentinelOne when user has no authz', () => { + setUserPrivileges.set({ canGetRunningProcesses: false }); + action.agentType = 'sentinel_one'; + render(); + + expect(renderResult.queryByTestId('test')).toBeNull(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/running_processes_action_results.tsx b/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/running_processes_action_results.tsx new file mode 100644 index 0000000000000..e35fe1fff1a08 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/running_processes_action_results/running_processes_action_results.tsx @@ -0,0 +1,285 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo, useMemo } from 'react'; +import { i18n } from '@kbn/i18n'; +import type { EuiAccordionProps, EuiTextProps } from '@elastic/eui'; +import { EuiAccordion, EuiBasicTable, EuiSpacer, EuiText, useGeneratedHtmlId } from '@elastic/eui'; +import styled from 'styled-components'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { css } from '@emotion/css'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; +import { useTestIdGenerator } from '../../hooks/use_test_id_generator'; +import { ResponseActionFileDownloadLink } from '../response_action_file_download_link'; +import type { + ActionDetails, + GetProcessesActionOutputContent, + MaybeImmutable, +} from '../../../../common/endpoint/types'; + +export interface RunningProcessesActionResultsProps { + action: MaybeImmutable>; + /** + * If defined, the results will only be displayed for the given agent id. + * If undefined, then responses for all agents are displayed + */ + agentId?: string; + textSize?: EuiTextProps['size']; + 'data-test-subj'?: string; +} + +export const RunningProcessesActionResults = memo( + ({ action, agentId, textSize = 's', 'data-test-subj': dataTestSubj }) => { + return ( + + {action.agentType === 'endpoint' ? ( + + ) : action.agentType === 'sentinel_one' ? ( + + ) : null} + + ); + } +); +RunningProcessesActionResults.displayName = 'RunningProcessesActionResults'; + +// @ts-expect-error TS2769 +const StyledEuiBasicTable = styled(EuiBasicTable)` + table { + background-color: transparent; + font-size: inherit; + } + + .euiTableHeaderCell { + border-bottom: ${(props) => props.theme.eui.euiBorderThin}; + + .euiTableCellContent__text { + font-weight: ${(props) => props.theme.eui.euiFontWeightRegular}; + } + } + + .euiTableRow { + &:hover { + background-color: ${({ theme: { eui } }) => eui.euiColorEmptyShade} !important; + } + + .euiTableRowCell { + border-top: none !important; + border-bottom: none !important; + } + } +`; + +interface EndpointRunningProcessesResultsProps { + action: MaybeImmutable>; + /** If defined, only the results for the given agent id will be displayed. Else, all agents output will be displayed */ + agentId?: string; + 'data-test-subj'?: string; +} + +/** @private */ +const EndpointRunningProcessesResults = memo( + ({ action, agentId, 'data-test-subj': dataTestSubj }) => { + const testId = useTestIdGenerator(dataTestSubj); + const agentIds: string[] = agentId ? [agentId] : [...action.agents]; + const columns = useMemo( + () => [ + { + field: 'user', + 'data-test-subj': testId('user'), + name: i18n.translate( + 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.user', + { defaultMessage: 'USER' } + ), + width: '10%', + }, + { + field: 'pid', + 'data-test-subj': testId('pid'), + name: i18n.translate( + 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.pid', + { defaultMessage: 'PID' } + ), + width: '5%', + }, + { + field: 'entity_id', + 'data-test-subj': testId('entity_id'), + name: i18n.translate( + 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.enityId', + { defaultMessage: 'ENTITY ID' } + ), + width: '30%', + }, + + { + field: 'command', + 'data-test-subj': testId('command'), + name: i18n.translate( + 'xpack.securitySolution.endpointResponseActions.getProcesses.table.header.command', + { defaultMessage: 'COMMAND' } + ), + width: '55%', + }, + ], + [testId] + ); + + const wrappingClassname = useMemo(() => { + return css({ + '.accordion-host-name-button-content': { + 'font-size': 'inherit', + }, + }); + }, []); + + return ( +
+ {agentIds.length > 1 ? ( + agentIds.map((id) => { + const hostName = action.hosts[id].name; + + return ( +
+ } + data-test-subj={testId('hostOutput')} + > + + + + +
+ ); + }) + ) : ( + + )} +
+ ); + } +); +EndpointRunningProcessesResults.displayName = 'EndpointRunningProcessesResults'; + +interface SentinelOneRunningProcessesResultsProps { + action: MaybeImmutable>; + /** + * If defined, the results will only be displayed for the given agent id. + * If undefined, then responses for all agents are displayed + */ + agentId?: string; + 'data-test-subj'?: string; +} + +/** @private */ +const SentinelOneRunningProcessesResults = memo( + ({ action, agentId, 'data-test-subj': dataTestSubj }) => { + const testId = useTestIdGenerator(dataTestSubj); + const agentIds = agentId ? [agentId] : action.agents; + const { canGetRunningProcesses } = useUserPrivileges().endpointPrivileges; + + // If user is not allowed to execute the running processes response action (but may still have + // access to the Response Actions history log), then we don't show any results because user + // does not have access to the file download apis. + if (!canGetRunningProcesses) { + return null; + } + + return ( +
+ {agentIds.length === 1 ? ( + + ) : ( + agentIds.map((id) => { + const hostName = action.hosts[id].name; + + return ( +
+ } + data-test-subj={testId('hostOutput')} + > + + + + +
+ ); + }) + )} +
+ ); + } +); +SentinelOneRunningProcessesResults.displayName = 'SentinelOneRunningProcessesResults'; + +interface HostNameHeaderProps { + hostName: string; +} + +const HostNameHeader = memo(({ hostName }) => { + return ( + + ); +}); +HostNameHeader.displayName = 'HostNameHeader'; + +interface HostProcessesAccordionProps { + buttonContent: EuiAccordionProps['buttonContent']; + children: React.ReactNode; + 'data-test-subj'?: string; +} + +const HostProcessesAccordion = memo( + ({ buttonContent, 'data-test-subj': dataTestSubj, children }) => { + const htmlId = useGeneratedHtmlId(); + + // FYI: Class name used below is defined at the top-level - under component `RunningProcessesActionResults` + return ( + + {children} + + ); + } +); +HostProcessesAccordion.displayName = 'HostProcessesAccordion'; diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts index 66c6bf2af7554..e09aa8dc9fc85 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts @@ -76,7 +76,7 @@ describe('Response console', { tags: ['@ess', '@serverless', '@skipInServerlessM cy.contains('Action pending.').should('exist'); // on success - cy.getByTestSubj('getProcessListTable', { timeout: 120000 }).within(() => { + cy.getByTestSubj('processesOutput-processListTable', { timeout: 120000 }).within(() => { ['USER', 'PID', 'ENTITY ID', 'COMMAND'].forEach((header) => { cy.contains(header); }); diff --git a/x-pack/plugins/security_solution/public/management/cypress/tasks/response_actions.ts b/x-pack/plugins/security_solution/public/management/cypress/tasks/response_actions.ts index a55e385b4b1d0..0e46b99c40d72 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/tasks/response_actions.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/tasks/response_actions.ts @@ -85,8 +85,8 @@ export const getRunningProcesses = (command: string): Cypress.Chainable // find pid of process // traverse back from last column to the second column that has pid return cy - .getByTestSubj('getProcessListTable', { timeout: 120000 }) - .findByTestSubj('process_list_command') + .getByTestSubj('processesOutput-processListTable', { timeout: 120000 }) + .findByTestSubj('processesOutput-command') .contains(command) .parents('td') .siblings('td') diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/response_actions.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/response_actions.ts index 528078ca5d417..dc9290e5a4b9a 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/response_actions.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/response_actions.ts @@ -48,34 +48,35 @@ export const sendFleetActionResponse = async ( action: ActionDetails, { state }: { state?: 'success' | 'failure' } = {} ): Promise => { - const fleetResponse = fleetActionGenerator.generateResponse({ - action_id: action.id, - agent_id: action.agents[0], - action_response: { - endpoint: { - ack: true, - }, - }, - }); + let fleetResponse: EndpointActionResponse; - // 20% of the time we generate an error - if (state === 'failure' || (!state && fleetActionGenerator.randomFloat() < 0.2)) { - fleetResponse.action_response = {}; - fleetResponse.error = 'Agent failed to deliver message to endpoint due to unknown error'; - } else { - // show it as success (generator currently always generates a `error`, so delete it) - delete fleetResponse.error; - } + for (const agentId of action.agents) { + fleetResponse = fleetActionGenerator.generateResponse({ + action_id: action.id, + agent_id: agentId, + action_response: { endpoint: { ack: true } }, + }); - await esClient.index( - { - index: AGENT_ACTIONS_RESULTS_INDEX, - body: fleetResponse, - refresh: 'wait_for', - }, - ES_INDEX_OPTIONS - ); + // 20% of the time we generate an error + if (state === 'failure' || (!state && fleetActionGenerator.randomFloat() < 0.2)) { + fleetResponse.action_response = {}; + fleetResponse.error = 'Agent failed to deliver message to endpoint due to unknown error'; + } else { + // show it as success (generator currently always generates a `error`, so delete it) + delete fleetResponse.error; + } + await esClient.index( + { + index: AGENT_ACTIONS_RESULTS_INDEX, + body: fleetResponse, + refresh: 'wait_for', + }, + ES_INDEX_OPTIONS + ); + } + + // @ts-expect-error return fleetResponse; }; export const sendEndpointActionResponse = async ( @@ -83,9 +84,11 @@ export const sendEndpointActionResponse = async ( action: ActionDetails, { state }: { state?: 'success' | 'failure' } = {} ): Promise => { - const endpointResponse = - endpointActionGenerator.generateResponse({ - agent: { id: action.agents[0] }, + let endpointResponse: LogsEndpointActionResponse; + + for (const actionAgentId of action.agents) { + endpointResponse = endpointActionGenerator.generateResponse({ + agent: { id: actionAgentId }, EndpointActions: { action_id: action.id, data: { @@ -97,175 +100,173 @@ export const sendEndpointActionResponse = async ( }, }); - // 20% of the time we generate an error - if (state === 'failure' || (state !== 'success' && endpointActionGenerator.randomFloat() < 0.2)) { - endpointResponse.error = { - message: 'Endpoint encountered an error and was unable to apply action to host', - }; - + // 20% of the time we generate an error if ( - endpointResponse.EndpointActions.data.command === 'get-file' && - endpointResponse.EndpointActions.data.output + state === 'failure' || + (state !== 'success' && endpointActionGenerator.randomFloat() < 0.2) ) { - ( + endpointResponse.error = { + message: 'Endpoint encountered an error and was unable to apply action to host', + }; + + if ( + endpointResponse.EndpointActions.data.command === 'get-file' && endpointResponse.EndpointActions.data.output - .content as unknown as ResponseActionGetFileOutputContent - ).code = endpointActionGenerator.randomGetFileFailureCode(); - } + ) { + ( + endpointResponse.EndpointActions.data.output + .content as unknown as ResponseActionGetFileOutputContent + ).code = endpointActionGenerator.randomGetFileFailureCode(); + } - if ( - endpointResponse.EndpointActions.data.command === 'scan' && - endpointResponse.EndpointActions.data.output - ) { - ( + if ( + endpointResponse.EndpointActions.data.command === 'scan' && endpointResponse.EndpointActions.data.output - .content as unknown as ResponseActionScanOutputContent - ).code = endpointActionGenerator.randomScanFailureCode(); - } + ) { + ( + endpointResponse.EndpointActions.data.output + .content as unknown as ResponseActionScanOutputContent + ).code = endpointActionGenerator.randomScanFailureCode(); + } - if ( - endpointResponse.EndpointActions.data.command === 'execute' && - endpointResponse.EndpointActions.data.output - ) { - ( + if ( + endpointResponse.EndpointActions.data.command === 'execute' && endpointResponse.EndpointActions.data.output - .content as unknown as ResponseActionExecuteOutputContent - ).stderr = 'execute command timed out'; + ) { + ( + endpointResponse.EndpointActions.data.output + .content as unknown as ResponseActionExecuteOutputContent + ).stderr = 'execute command timed out'; + } } - } - await esClient.index({ - index: ENDPOINT_ACTION_RESPONSES_INDEX, - body: endpointResponse, - refresh: 'wait_for', - }); + await esClient.index({ + index: ENDPOINT_ACTION_RESPONSES_INDEX, + body: endpointResponse, + refresh: 'wait_for', + }); - // ------------------------------------------ - // Post Action Response tasks - // ------------------------------------------ + // ------------------------------------------ + // Post Action Response tasks + // ------------------------------------------ - // For isolate, If the response is not an error, then also send a metadata update - if (action.command === 'isolate' && !endpointResponse.error) { - for (const agentId of action.agents) { + // For isolate, If the response is not an error, then also send a metadata update + if (action.command === 'isolate' && !endpointResponse.error) { await Promise.all([ - sendEndpointMetadataUpdate(esClient, agentId, { - Endpoint: { - state: { - isolation: true, - }, - }, + sendEndpointMetadataUpdate(esClient, actionAgentId, { + Endpoint: { state: { isolation: true } }, }), - checkInFleetAgent(esClient, agentId), + checkInFleetAgent(esClient, actionAgentId), ]); } - } - // For UnIsolate, if response is not an Error, then also send metadata update - if (action.command === 'unisolate' && !endpointResponse.error) { - for (const agentId of action.agents) { + // For UnIsolate, if response is not an Error, then also send metadata update + if (action.command === 'unisolate' && !endpointResponse.error) { await Promise.all([ - sendEndpointMetadataUpdate(esClient, agentId, { - Endpoint: { - state: { - isolation: false, - }, - }, + sendEndpointMetadataUpdate(esClient, actionAgentId, { + Endpoint: { state: { isolation: false } }, }), - checkInFleetAgent(esClient, agentId), + checkInFleetAgent(esClient, actionAgentId), ]); } - } - // For `get-file`, upload a file to ES - if ((action.command === 'execute' || action.command === 'get-file') && !endpointResponse.error) { - const filePath = - action.command === 'execute' - ? '/execute/file/path' - : // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - ( - action as unknown as ActionDetails< - ResponseActionGetFileOutputContent, - ResponseActionGetFileParameters - > - )?.parameters?.path!; - - const fileName = basename(filePath.replace(/\\/g, '/')); - const fileMetaDoc: FileUploadMetadata = generateFileMetadataDocumentMock({ - action_id: action.id, - agent_id: action.agents[0], - upload_start: Date.now(), - contents: [ - { - sha256: '8d61673c9d782297b3c774ded4e3d88f31a8869a8f25cf5cdd402ba6822d1d28', - file_name: fileName ?? 'bad_file.txt', - path: filePath, - size: 4, + // For `get-file`, upload a file to ES + if ( + (action.command === 'execute' || action.command === 'get-file') && + !endpointResponse.error + ) { + const filePath = + action.command === 'execute' + ? '/execute/file/path' + : // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + ( + action as unknown as ActionDetails< + ResponseActionGetFileOutputContent, + ResponseActionGetFileParameters + > + )?.parameters?.path!; + + const fileName = basename(filePath.replace(/\\/g, '/')); + const fileMetaDoc: FileUploadMetadata = generateFileMetadataDocumentMock({ + action_id: action.id, + agent_id: actionAgentId, + upload_start: Date.now(), + contents: [ + { + sha256: '8d61673c9d782297b3c774ded4e3d88f31a8869a8f25cf5cdd402ba6822d1d28', + file_name: fileName ?? 'bad_file.txt', + path: filePath, + size: 4, + type: 'file', + }, + ], + file: { + attributes: ['archive', 'compressed'], + ChunkSize: 4194304, + compression: 'deflate', + hash: { + sha256: '8d61673c9d782297b3c774ded4e3d88f31a8869a8f25cf5cdd402ba6822d1d28', + }, + mime_type: 'application/zip', + name: action.command === 'execute' ? 'full-output.zip' : 'upload.zip', + extension: 'zip', + size: 125, + Status: 'READY', type: 'file', }, - ], - file: { - attributes: ['archive', 'compressed'], - ChunkSize: 4194304, - compression: 'deflate', - hash: { - sha256: '8d61673c9d782297b3c774ded4e3d88f31a8869a8f25cf5cdd402ba6822d1d28', - }, - mime_type: 'application/zip', - name: action.command === 'execute' ? 'full-output.zip' : 'upload.zip', - extension: 'zip', - size: 125, - Status: 'READY', - type: 'file', - }, - src: 'endpoint', - }); - - // Index the file's metadata - const fileMeta = await esClient.index({ - index: FILE_STORAGE_METADATA_INDEX, - id: getFileDownloadId(action, action.agents[0]), - op_type: 'create', - refresh: 'wait_for', - body: fileMetaDoc, - }); - - // Index the file content (just one chunk) - // call to `.index()` copied from File plugin here: - // https://github.com/elastic/kibana/blob/main/src/plugins/files/server/blob_storage_service/adapters/es/content_stream/content_stream.ts#L195 - await esClient - .index( - { - index: FILE_STORAGE_DATA_INDEX, - id: `${fileMeta._id}.0`, - document: cborx.encode({ - bid: fileMeta._id, - last: true, - '@timestamp': new Date().toISOString(), - data: Buffer.from( - 'UEsDBAoACQAAAFZeRFWpAsDLHwAAABMAAAAMABwAYmFkX2ZpbGUudHh0VVQJAANTVjxjU1Y8Y3V4CwABBPUBAAAEFAAAAMOcoyEq/Q4VyG02U9O0LRbGlwP/y5SOCfRKqLz1rsBQSwcIqQLAyx8AAAATAAAAUEsBAh4DCgAJAAAAVl5EVakCwMsfAAAAEwAAAAwAGAAAAAAAAQAAAKSBAAAAAGJhZF9maWxlLnR4dFVUBQADU1Y8Y3V4CwABBPUBAAAEFAAAAFBLBQYAAAAAAQABAFIAAAB1AAAAAAA=', - 'base64' - ), - }), - refresh: 'wait_for', - op_type: 'create', - }, - { - headers: { - 'content-type': 'application/cbor', - accept: 'application/json', + src: 'endpoint', + }); + + // Index the file's metadata + const fileMeta = await esClient.index({ + index: FILE_STORAGE_METADATA_INDEX, + id: getFileDownloadId(action, actionAgentId), + op_type: 'create', + refresh: 'wait_for', + body: fileMetaDoc, + }); + + // Index the file content (just one chunk) + // call to `.index()` copied from File plugin here: + // https://github.com/elastic/kibana/blob/main/src/plugins/files/server/blob_storage_service/adapters/es/content_stream/content_stream.ts#L195 + await esClient + .index( + { + index: FILE_STORAGE_DATA_INDEX, + id: `${fileMeta._id}.0`, + document: cborx.encode({ + bid: fileMeta._id, + last: true, + '@timestamp': new Date().toISOString(), + data: Buffer.from( + 'UEsDBAoACQAAAFZeRFWpAsDLHwAAABMAAAAMABwAYmFkX2ZpbGUudHh0VVQJAANTVjxjU1Y8Y3V4CwABBPUBAAAEFAAAAMOcoyEq/Q4VyG02U9O0LRbGlwP/y5SOCfRKqLz1rsBQSwcIqQLAyx8AAAATAAAAUEsBAh4DCgAJAAAAVl5EVakCwMsfAAAAEwAAAAwAGAAAAAAAAQAAAKSBAAAAAGJhZF9maWxlLnR4dFVUBQADU1Y8Y3V4CwABBPUBAAAEFAAAAFBLBQYAAAAAAQABAFIAAAB1AAAAAAA=', + 'base64' + ), + }), + refresh: 'wait_for', + op_type: 'create', }, - } - ) - .then(() => sleep(2000)); + { + headers: { + 'content-type': 'application/cbor', + accept: 'application/json', + }, + } + ) + .then(() => sleep(2000)); + } } + // @ts-expect-error return endpointResponse as unknown as LogsEndpointActionResponse; }; + type ResponseOutput< TOutputContent extends EndpointActionResponseDataOutput = EndpointActionResponseDataOutput > = Pick['EndpointActions']['data'], 'output'>; + const getOutputDataIfNeeded = (action: ActionDetails): ResponseOutput => { const commentUppercase = (action?.comment ?? '').toUpperCase(); diff --git a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts index 9b6f001934910..141a5ebb440f6 100644 --- a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts +++ b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts @@ -267,6 +267,8 @@ export interface HttpApiTestSetupMock

{ getRegisteredRouteHandler: (method: RouterMethod, path: string) => RequestHandler; /** Retrieves the route handler configuration that was registered with the router */ getRegisteredRouteConfig: (method: RouterMethod, path: string) => RouteConfig; + /** Sets endpoint authz overrides on the data returned by `EndpointAppContext.services.getEndpointAuthz()` */ + setEndpointAuthz: (overrides: Partial) => void; /** Get a registered versioned route */ getRegisteredVersionedRoute: ( method: RouterMethod, @@ -287,8 +289,9 @@ export const createHttpApiTestSetupMock =

(): HttpApi const endpointAppContextMock = createMockEndpointAppContext(); const scopedEsClusterClientMock = elasticsearchServiceMock.createScopedClusterClient(); const savedObjectClientMock = savedObjectsClientMock.create(); + const endpointAuthz = getEndpointAuthzInitialStateMock(); const httpHandlerContextMock = requestContextMock.convertContext( - createRouteHandlerContext(scopedEsClusterClientMock, savedObjectClientMock) + createRouteHandlerContext(scopedEsClusterClientMock, savedObjectClientMock, { endpointAuthz }) ); const httpResponseMock = httpServerMock.createResponseFactory(); const getRegisteredRouteHandler: HttpApiTestSetupMock['getRegisteredRouteHandler'] = ( @@ -321,6 +324,11 @@ export const createHttpApiTestSetupMock =

(): HttpApi return handler[0]; }; + const setEndpointAuthz = (overrides: Partial) => { + Object.assign(endpointAuthz, overrides); + }; + + (endpointAppContextMock.service.getEndpointAuthz as jest.Mock).mockResolvedValue(endpointAuthz); return { routerMock, @@ -348,6 +356,7 @@ export const createHttpApiTestSetupMock =

(): HttpApi getRegisteredRouteHandler, getRegisteredRouteConfig, + setEndpointAuthz, getRegisteredVersionedRoute: getRegisteredVersionedRouteMock.bind(null, routerMock), }; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.test.ts index 2cc6d8efd199e..050de9019f21e 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.test.ts @@ -46,6 +46,7 @@ describe('Response Actions file download API', () => { const actionRequestEsSearchResponse = createActionRequestsEsSearchResultsMock(); actionRequestEsSearchResponse.hits.hits[0]._source!.EndpointActions.action_id = '321-654'; + actionRequestEsSearchResponse.hits.hits[0]._source!.EndpointActions.data.command = 'get-file'; applyEsClientSearchMock({ esClientMock, diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts index 7095b7d87a50c..2e16c57886f7d 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts @@ -6,6 +6,7 @@ */ import type { RequestHandler } from '@kbn/core/server'; +import { ensureUserHasAuthzToFilesForAction } from './utils'; import type { EndpointActionFileDownloadParams } from '../../../../common/api/endpoint'; import { EndpointActionFileDownloadSchema } from '../../../../common/api/endpoint'; import type { ResponseActionsClient } from '../../services'; @@ -47,9 +48,10 @@ export const registerActionFileDownloadRoutes = ( }, }, withEndpointAuthz( - { any: ['canWriteFileOperations', 'canWriteExecuteOperations'] }, + { any: ['canWriteFileOperations', 'canWriteExecuteOperations', 'canGetRunningProcesses'] }, logger, - getActionFileDownloadRouteHandler(endpointContext) + getActionFileDownloadRouteHandler(endpointContext), + ensureUserHasAuthzToFilesForAction ) ); }; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.test.ts index e9914dc4232d9..b2866f7cca263 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.test.ts @@ -42,6 +42,7 @@ describe('Response Action file info API', () => { const actionRequestEsSearchResponse = createActionRequestsEsSearchResultsMock(); actionRequestEsSearchResponse.hits.hits[0]._source!.EndpointActions.action_id = '321-654'; + actionRequestEsSearchResponse.hits.hits[0]._source!.EndpointActions.data.command = 'get-file'; applyEsClientSearchMock({ esClientMock, diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts index a84f3b3a8bf6f..1cb4e95e1eaf1 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts @@ -6,6 +6,7 @@ */ import type { RequestHandler } from '@kbn/core/server'; +import { ensureUserHasAuthzToFilesForAction } from './utils'; import { stringify } from '../../utils/stringify'; import type { EndpointActionFileInfoParams } from '../../../../common/api/endpoint'; import { EndpointActionFileInfoSchema } from '../../../../common/api/endpoint'; @@ -83,9 +84,10 @@ export const registerActionFileInfoRoute = ( }, }, withEndpointAuthz( - { any: ['canWriteFileOperations', 'canWriteExecuteOperations'] }, + { any: ['canWriteFileOperations', 'canWriteExecuteOperations', 'canGetRunningProcesses'] }, endpointContext.logFactory.get('actionFileInfo'), - getActionFileInfoRouteHandler(endpointContext) + getActionFileInfoRouteHandler(endpointContext), + ensureUserHasAuthzToFilesForAction ) ); }; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/utils.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/utils.test.ts new file mode 100644 index 0000000000000..eaf05e972943c --- /dev/null +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/utils.test.ts @@ -0,0 +1,80 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { HttpApiTestSetupMock } from '../../mocks'; +import { createHttpApiTestSetupMock } from '../../mocks'; +import type { LogsEndpointAction } from '../../../../common/endpoint/types'; +import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator'; +import { applyEsClientSearchMock } from '../../mocks/utils.mock'; +import { ENDPOINT_ACTIONS_INDEX } from '../../../../common/endpoint/constants'; +import { ensureUserHasAuthzToFilesForAction } from './utils'; +import type { Mutable } from 'utility-types'; +import type { KibanaRequest } from '@kbn/core-http-server'; + +describe('Route utilities', () => { + describe('#ensureUserHasAuthzToFilesForAction()', () => { + let testSetupMock: HttpApiTestSetupMock; + let actionRequestMock: LogsEndpointAction; + let httpRequestMock: Mutable>; + + beforeEach(() => { + const endpointGenerator = new EndpointActionGenerator('seed'); + + actionRequestMock = endpointGenerator.generate(); + testSetupMock = createHttpApiTestSetupMock(); + + httpRequestMock = testSetupMock.createRequestMock({ + params: { action_id: actionRequestMock.EndpointActions.action_id }, + }); + + applyEsClientSearchMock({ + esClientMock: testSetupMock.getEsClientMock(), + index: ENDPOINT_ACTIONS_INDEX, + response: endpointGenerator.toEsSearchResponse([ + endpointGenerator.toEsSearchHit(actionRequestMock), + ]), + }); + }); + + it.each` + command | authzKey | agentType + ${'get-file'} | ${'canWriteFileOperations'} | ${'endpoint'} + ${'execute'} | ${'canWriteExecuteOperations'} | ${'endpoint'} + ${'running-processes'} | ${'canGetRunningProcesses'} | ${'sentinel_one'} + `( + 'should throw when user is not authorized to `$command` for $agentType', + async ({ command, authzKey, agentType }) => { + testSetupMock.setEndpointAuthz({ [authzKey]: false }); + actionRequestMock.EndpointActions.data.command = command; + actionRequestMock.EndpointActions.input_type = agentType; + + await expect(() => + ensureUserHasAuthzToFilesForAction(testSetupMock.httpHandlerContextMock, httpRequestMock) + ).rejects.toThrow('Endpoint authorization failure'); + } + ); + + it('should throw when response action is not supported by agent type', async () => { + actionRequestMock.EndpointActions.input_type = 'sentinel_one'; + actionRequestMock.EndpointActions.data.command = 'execute'; + + await expect(() => + ensureUserHasAuthzToFilesForAction(testSetupMock.httpHandlerContextMock, httpRequestMock) + ).rejects.toThrow('Response action [execute] not supported for agent type [sentinel_one]'); + }); + + it('should throw when response action does not support access to files', async () => { + actionRequestMock.EndpointActions.data.command = 'running-processes'; + + await expect(() => + ensureUserHasAuthzToFilesForAction(testSetupMock.httpHandlerContextMock, httpRequestMock) + ).rejects.toThrow( + 'Response action [running-processes] for agent type [endpoint] does not support file downloads' + ); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/utils.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/utils.ts new file mode 100644 index 0000000000000..92033801e71b6 --- /dev/null +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/utils.ts @@ -0,0 +1,135 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaRequest } from '@kbn/core-http-server'; +import { deepFreeze } from '@kbn/std'; +import { get } from 'lodash'; +import { CustomHttpRequestError } from '../../../utils/custom_http_request_error'; +import { isActionSupportedByAgentType } from '../../../../common/endpoint/service/response_actions/is_response_action_supported'; +import { EndpointAuthorizationError } from '../../errors'; +import { fetchActionRequestById } from '../../services/actions/utils/fetch_action_request_by_id'; +import type { SecuritySolutionRequestHandlerContext } from '../../../types'; +import type { + ResponseActionAgentType, + ResponseActionsApiCommandNames, +} from '../../../../common/endpoint/service/response_actions/constants'; + +type CommandsWithFileAccess = Readonly< + Record>> +>; + +// FYI: this object here should help to quickly catch instances where we might forget to update the +// authz on the file info/download apis when a response action needs to support file downloads. +const COMMANDS_WITH_ACCESS_TO_FILES: CommandsWithFileAccess = deepFreeze({ + 'get-file': { + endpoint: true, + sentinel_one: true, + crowdstrike: false, + }, + execute: { + endpoint: true, + sentinel_one: false, + crowdstrike: false, + }, + 'running-processes': { + endpoint: false, + sentinel_one: true, + crowdstrike: false, + }, + upload: { + endpoint: false, + sentinel_one: false, + crowdstrike: false, + }, + scan: { + endpoint: false, + sentinel_one: false, + crowdstrike: false, + }, + isolate: { + endpoint: false, + sentinel_one: false, + crowdstrike: false, + }, + unisolate: { + endpoint: false, + sentinel_one: false, + crowdstrike: false, + }, + 'kill-process': { + endpoint: false, + sentinel_one: false, + crowdstrike: false, + }, + 'suspend-process': { + endpoint: false, + sentinel_one: false, + crowdstrike: false, + }, +}); + +/** + * Checks to ensure that the user has the correct authz for the response action associated with the action id. + * + * FYI: Additional check is needed because the File info and download APIs are used by multiple response actions, + * thus we want to ensure that we don't allow access to file associated with response actions the user does + * not have authz to. + * + * @param context + * @param request + */ +export const ensureUserHasAuthzToFilesForAction = async ( + context: SecuritySolutionRequestHandlerContext, + request: KibanaRequest +): Promise => { + const userAuthz = await (await context.securitySolution).getEndpointAuthz(); + const coreContext = await context.core; + const esClient = coreContext.elasticsearch.client.asInternalUser; + const { action_id: actionId } = request.params as { action_id: string }; + const { + EndpointActions: { + data: { command }, + input_type: agentType, + }, + } = await fetchActionRequestById(esClient, actionId); + + // Check if command is supported by the agent type + if (!isActionSupportedByAgentType(agentType, command, 'manual')) { + throw new CustomHttpRequestError( + `Response action [${command}] not supported for agent type [${agentType}]`, + 400 + ); + } + + // Check if the command is marked as having access to files + if (!get(COMMANDS_WITH_ACCESS_TO_FILES, `${command}.${agentType}`, false)) { + throw new CustomHttpRequestError( + `Response action [${command}] for agent type [${agentType}] does not support file downloads`, + 400 + ); + } + + let hasAuthzToCommand = false; + + switch (command) { + case 'get-file': + hasAuthzToCommand = userAuthz.canWriteFileOperations; + break; + + case 'execute': + hasAuthzToCommand = userAuthz.canWriteExecuteOperations; + break; + + case 'running-processes': + hasAuthzToCommand = userAuthz.canGetRunningProcesses; + break; + } + + if (!hasAuthzToCommand) { + throw new EndpointAuthorizationError(); + } +}; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/error_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/error_handler.ts index a14303e0004ee..ca8602e0969d1 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/error_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/error_handler.ts @@ -8,7 +8,7 @@ import type { IKibanaResponse, KibanaResponseFactory, Logger } from '@kbn/core/server'; import { FleetFileNotFound } from '@kbn/fleet-plugin/server/errors'; import { CustomHttpRequestError } from '../../utils/custom_http_request_error'; -import { NotFoundError } from '../errors'; +import { EndpointAuthorizationError, NotFoundError } from '../errors'; import { EndpointHostUnEnrolledError, EndpointHostNotFoundError } from '../services/metadata'; /** @@ -51,6 +51,10 @@ export const errorHandler = ( return res.notFound({ body: error }); } + if (error instanceof EndpointAuthorizationError) { + return res.forbidden({ body: error }); + } + // Kibana CORE will take care of `500` errors when the handler `throw`'s, including logging the error throw error; }; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.test.ts index 573b8dc9cbae5..d5cccedf7bb95 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.test.ts @@ -11,7 +11,7 @@ import { requestContextMock } from '../../lib/detection_engine/routes/__mocks__' import type { EndpointApiNeededAuthz } from './with_endpoint_authz'; import { withEndpointAuthz } from './with_endpoint_authz'; import type { EndpointAuthz } from '../../../common/endpoint/types/authz'; -import { EndpointAuthorizationError } from '../errors'; +import { EndpointAuthorizationError, NotFoundError } from '../errors'; import { getEndpointAuthzInitialStateMock } from '../../../common/endpoint/service/authz/mocks'; describe('When using `withEndpointAuthz()`', () => { @@ -105,4 +105,37 @@ describe('When using `withEndpointAuthz()`', () => { body: expect.any(EndpointAuthorizationError), }); }); + + it('should call additionalChecks callback if defined', async () => { + const additionalChecks = jest.fn(); + const routeContextMock = coreMock.createCustomRequestHandlerContext(mockContext); + await withEndpointAuthz( + { any: ['canGetRunningProcesses'] }, + logger, + mockRequestHandler, + additionalChecks + )(routeContextMock, mockRequest, mockResponse); + + expect(additionalChecks).toHaveBeenCalledWith(routeContextMock, mockRequest); + expect(mockRequestHandler).toHaveBeenCalled(); + }); + + it('should deny access if additionalChecks callback throws an error', async () => { + const error = new NotFoundError('something happen'); + const additionalChecks = jest.fn(async () => { + throw error; + }); + const routeContextMock = coreMock.createCustomRequestHandlerContext(mockContext); + await withEndpointAuthz( + { any: ['canGetRunningProcesses'] }, + logger, + mockRequestHandler, + additionalChecks + )(routeContextMock, mockRequest, mockResponse); + + expect(mockRequestHandler).not.toHaveBeenCalled(); + expect(mockResponse.notFound).toHaveBeenCalledWith({ + body: error, + }); + }); }); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.ts b/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.ts index a241148c7b714..e42064488aa59 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/with_endpoint_authz.ts @@ -5,7 +5,8 @@ * 2.0. */ -import type { RequestHandler, Logger } from '@kbn/core/server'; +import type { RequestHandler, KibanaRequest, Logger } from '@kbn/core/server'; +import { errorHandler } from './error_handler'; import { stringify } from '../utils/stringify'; import type { EndpointAuthzKeyList } from '../../../common/endpoint/types/authz'; import type { SecuritySolutionRequestHandlerContext } from '../../types'; @@ -29,11 +30,16 @@ export interface EndpointApiNeededAuthz { * @param neededAuthz * @param routeHandler * @param logger + * @param additionalChecks */ export const withEndpointAuthz = ( neededAuthz: EndpointApiNeededAuthz, logger: Logger, - routeHandler: T + routeHandler: T, + additionalChecks?: ( + context: SecuritySolutionRequestHandlerContext, + request: KibanaRequest + ) => void | Promise ): T => { const needAll: EndpointAuthzKeyList = neededAuthz.all ?? []; const needAny: EndpointAuthzKeyList = neededAuthz.any ?? []; @@ -104,6 +110,16 @@ export const withEndpointAuthz = ( } } + if (additionalChecks) { + try { + await additionalChecks(context, request); + } catch (err) { + logger.debug(() => stringify(err)); + + return errorHandler(logger, response, err); + } + } + // Authz is good call the route handler return (routeHandler as unknown as RequestHandler)(context, request, response); }; diff --git a/x-pack/test/api_integration/apis/metrics_ui/infra.ts b/x-pack/test/api_integration/apis/metrics_ui/infra.ts index c3465c68ae7fe..f70cd61dc7635 100644 --- a/x-pack/test/api_integration/apis/metrics_ui/infra.ts +++ b/x-pack/test/api_integration/apis/metrics_ui/infra.ts @@ -54,7 +54,6 @@ export default function ({ getService }: FtrProviderContext) { to: new Date(DATES['8.0.0'].logs_and_metrics.max).toISOString(), }, query: { bool: { must_not: [], filter: [], should: [], must: [] } }, - sourceId: 'default', }; const makeRequest = async ({ diff --git a/x-pack/test/api_integration/apis/metrics_ui/sources.ts b/x-pack/test/api_integration/apis/metrics_ui/sources.ts index c58b332c7102f..d9a119fa10db1 100644 --- a/x-pack/test/api_integration/apis/metrics_ui/sources.ts +++ b/x-pack/test/api_integration/apis/metrics_ui/sources.ts @@ -17,18 +17,9 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); - const SOURCE_API_URL = '/api/metrics/source/default'; + const SOURCE_API_URL = '/api/metrics/source'; + const SOURCE_ID = 'default'; const kibanaServer = getService('kibanaServer'); - const patchRequest = async ( - body: PartialMetricsSourceConfigurationProperties - ): Promise => { - const response = await supertest - .patch(SOURCE_API_URL) - .set('kbn-xsrf', 'xxx') - .send(body) - .expect(200); - return response.body; - }; describe('sources', () => { before(() => esArchiver.load('x-pack/test/functional/es_archives/infra/metrics_and_logs')); @@ -36,6 +27,17 @@ export default function ({ getService }: FtrProviderContext) { before(() => kibanaServer.savedObjects.cleanStandardList()); after(() => kibanaServer.savedObjects.cleanStandardList()); + const patchRequest = async ( + body: PartialMetricsSourceConfigurationProperties + ): Promise => { + const response = await supertest + .patch(`${SOURCE_API_URL}/${SOURCE_ID}`) + .set('kbn-xsrf', 'xxx') + .send(body) + .expect(200); + return response.body; + }; + describe('patch request', () => { it('applies all top-level field updates to an existing source', async () => { const creationResponse = await patchRequest({ @@ -103,28 +105,65 @@ export default function ({ getService }: FtrProviderContext) { it('validates anomalyThreshold is between range 1-100', async () => { // create config with bad request await supertest - .patch(SOURCE_API_URL) + .patch(`${SOURCE_API_URL}/${SOURCE_ID}`) .set('kbn-xsrf', 'xxx') .send({ name: 'NAME', anomalyThreshold: -20 }) .expect(400); // create config with good request await supertest - .patch(SOURCE_API_URL) + .patch(`${SOURCE_API_URL}/${SOURCE_ID}`) .set('kbn-xsrf', 'xxx') .send({ name: 'NAME', anomalyThreshold: 20 }) .expect(200); await supertest - .patch(SOURCE_API_URL) + .patch(`${SOURCE_API_URL}/${SOURCE_ID}`) .set('kbn-xsrf', 'xxx') .send({ anomalyThreshold: -2 }) .expect(400); await supertest - .patch(SOURCE_API_URL) + .patch(`${SOURCE_API_URL}/${SOURCE_ID}`) .set('kbn-xsrf', 'xxx') .send({ anomalyThreshold: 101 }) .expect(400); }); }); + + describe('has data', () => { + const makeRequest = async (params?: { + modules?: string[]; + expectedHttpStatusCode?: number; + }) => { + const { modules, expectedHttpStatusCode = 200 } = params ?? {}; + return supertest + .get(`${SOURCE_API_URL}/hasData`) + .query(modules ? { modules } : '') + .set('kbn-xsrf', 'xxx') + .expect(expectedHttpStatusCode); + }; + + before(() => patchRequest({ name: 'default', metricAlias: 'metrics-*,metricbeat-*' })); + + it('should return "hasData" true when modules is "system"', async () => { + const response = await makeRequest({ modules: ['system'] }); + expect(response.body.hasData).to.be(true); + }); + it('should return "hasData" false when modules is "nginx"', async () => { + const response = await makeRequest({ modules: ['nginx'] }); + expect(response.body.hasData).to.be(true); + }); + + it('should return "hasData" true when modules is not passed', async () => { + const response = await makeRequest(); + expect(response.body.hasData).to.be(true); + }); + + it('should fail when "modules" size is greater than 5', async () => { + await makeRequest({ + modules: ['system', 'nginx', 'kubernetes', 'aws', 'kafka', 'azure'], + expectedHttpStatusCode: 400, + }); + }); + }); }); } diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/infra/infra.ts b/x-pack/test_serverless/api_integration/test_suites/observability/infra/infra.ts index edceb0b13a174..f196598aa37fd 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/infra/infra.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/infra/infra.ts @@ -89,7 +89,6 @@ export default function ({ getService }: FtrProviderContext) { from: timeRange.from, to: timeRange.to, }, - sourceId: 'default', }, roleAuthc );