diff --git a/.buildkite/scripts/steps/capture_oas_snapshot.sh b/.buildkite/scripts/steps/capture_oas_snapshot.sh index 9768ff50c8fa5..fadd7276b47cc 100755 --- a/.buildkite/scripts/steps/capture_oas_snapshot.sh +++ b/.buildkite/scripts/steps/capture_oas_snapshot.sh @@ -5,7 +5,7 @@ set -euo pipefail source .buildkite/scripts/common/util.sh echo --- Capture OAS snapshot -cmd="node scripts/capture_oas_snapshot --include-path /api/status" +cmd="node scripts/capture_oas_snapshot --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules" if is_pr && ! is_auto_commit_disabled; then cmd="$cmd --update" fi diff --git a/oas_docs/bundle.json b/oas_docs/bundle.json index 3c6756b1da369..fbf194c8491a2 100644 --- a/oas_docs/bundle.json +++ b/oas_docs/bundle.json @@ -344,9 +344,4713 @@ }, "openapi": "3.0.0", "paths": { + "/api/alerting/rule/{id}": { + "delete": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Delete a rule", + "tags": [ + "alerting" + ] + }, + "get": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Get rule details", + "tags": [ + "alerting" + ] + }, + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", + "in": "path", + "name": "id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "enabled": { + "default": true, + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "schedule": { + "additionalProperties": false, + "description": "The check interval, which specifies how frequently the rule conditions are checked.", + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "description": "The tags for the rule.", + "items": { + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "rule_type_id", + "consumer", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Create a rule", + "tags": [ + "alerting" + ] + }, + "put": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Update a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_disable": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "untrack": { + "description": "Defines whether this rule's alerts should be untracked.", + "type": "boolean" + } + }, + "type": "object", + "x-oas-optional": true + } + } + } + }, + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Disable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_enable": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Enable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_mute_all": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Mute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_unmute_all": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Unmute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_update_api_key": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Update the API key for a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Mute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Unmute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rules/_find": { + "get": { + "operationId": "%2Fapi%2Falerting%2Frules%2F_find#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The number of rules to return per page.", + "in": "query", + "name": "per_page", + "required": false, + "schema": { + "default": 10, + "minimum": 0, + "type": "number" + } + }, + { + "description": "The page number to return.", + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "minimum": 1, + "type": "number" + } + }, + { + "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", + "in": "query", + "name": "search", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "The default operator to use for the simple_query_string.", + "in": "query", + "name": "default_search_operator", + "required": false, + "schema": { + "default": "OR", + "enum": [ + "OR", + "AND" + ], + "type": "string" + } + }, + { + "description": "The fields to perform the simple_query_string parsed query against.", + "in": "query", + "name": "search_fields", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", + "in": "query", + "name": "sort_field", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "Determines the sort order.", + "in": "query", + "name": "sort_order", + "required": false, + "schema": { + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + }, + { + "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", + "in": "query", + "name": "has_reference", + "required": false, + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "id" + ], + "type": "object" + } + }, + { + "in": "query", + "name": "fields", + "required": false, + "schema": { + "items": { + "description": "The fields to return in the `attributes` key of the response.", + "type": "string" + }, + "type": "array" + } + }, + { + "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", + "in": "query", + "name": "filter", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filter_consumers", + "required": false, + "schema": { + "items": { + "description": "List of consumers to filter.", + "type": "string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Get information about rules", + "tags": [ + "alerting" + ] + } + }, "/api/status": { "get": { - "operationId": "/api/status#0", + "operationId": "%2Fapi%2Fstatus#0", "parameters": [ { "description": "The version of the API to use", @@ -435,6 +5139,9 @@ } ], "tags": [ + { + "name": "alerting" + }, { "name": "system" } diff --git a/oas_docs/bundle.serverless.json b/oas_docs/bundle.serverless.json index 3c6756b1da369..fbf194c8491a2 100644 --- a/oas_docs/bundle.serverless.json +++ b/oas_docs/bundle.serverless.json @@ -344,9 +344,4713 @@ }, "openapi": "3.0.0", "paths": { + "/api/alerting/rule/{id}": { + "delete": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Delete a rule", + "tags": [ + "alerting" + ] + }, + "get": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Get rule details", + "tags": [ + "alerting" + ] + }, + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", + "in": "path", + "name": "id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "enabled": { + "default": true, + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "schedule": { + "additionalProperties": false, + "description": "The check interval, which specifies how frequently the rule conditions are checked.", + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "description": "The tags for the rule.", + "items": { + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "rule_type_id", + "consumer", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Create a rule", + "tags": [ + "alerting" + ] + }, + "put": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Update a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_disable": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "untrack": { + "description": "Defines whether this rule's alerts should be untracked.", + "type": "boolean" + } + }, + "type": "object", + "x-oas-optional": true + } + } + } + }, + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Disable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_enable": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Enable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_mute_all": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Mute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_unmute_all": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Unmute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_update_api_key": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Update the API key for a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Mute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { + "post": { + "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Unmute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rules/_find": { + "get": { + "operationId": "%2Fapi%2Falerting%2Frules%2F_find#0", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The number of rules to return per page.", + "in": "query", + "name": "per_page", + "required": false, + "schema": { + "default": 10, + "minimum": 0, + "type": "number" + } + }, + { + "description": "The page number to return.", + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "minimum": 1, + "type": "number" + } + }, + { + "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", + "in": "query", + "name": "search", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "The default operator to use for the simple_query_string.", + "in": "query", + "name": "default_search_operator", + "required": false, + "schema": { + "default": "OR", + "enum": [ + "OR", + "AND" + ], + "type": "string" + } + }, + { + "description": "The fields to perform the simple_query_string parsed query against.", + "in": "query", + "name": "search_fields", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", + "in": "query", + "name": "sort_field", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "Determines the sort order.", + "in": "query", + "name": "sort_order", + "required": false, + "schema": { + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + }, + { + "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", + "in": "query", + "name": "has_reference", + "required": false, + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "id" + ], + "type": "object" + } + }, + { + "in": "query", + "name": "fields", + "required": false, + "schema": { + "items": { + "description": "The fields to return in the `attributes` key of the response.", + "type": "string" + }, + "type": "array" + } + }, + { + "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", + "in": "query", + "name": "filter", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filter_consumers", + "required": false, + "schema": { + "items": { + "description": "List of consumers to filter.", + "type": "string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Get information about rules", + "tags": [ + "alerting" + ] + } + }, "/api/status": { "get": { - "operationId": "/api/status#0", + "operationId": "%2Fapi%2Fstatus#0", "parameters": [ { "description": "The version of the API to use", @@ -435,6 +5139,9 @@ } ], "tags": [ + { + "name": "alerting" + }, { "name": "system" } diff --git a/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap b/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap index 3e16455f5006e..a3c634f582d43 100644 --- a/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap +++ b/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap @@ -44,7 +44,7 @@ Object { "paths": Object { "/foo/{id}": Object { "get": Object { - "operationId": "/foo/{id}#0", + "operationId": "%2Ffoo%2F%7Bid%7D#0", "parameters": Array [ Object { "description": "The version of the API to use", @@ -138,7 +138,7 @@ Object { "/bar": Object { "get": Object { "deprecated": true, - "operationId": "/bar#0", + "operationId": "%2Fbar#0", "parameters": Array [ Object { "description": "The version of the API to use", @@ -229,7 +229,7 @@ OK response oas-test-version-2", "/foo/{id}/{path*}": Object { "delete": Object { "description": "route description", - "operationId": "/foo/{id}/{path*}#2", + "operationId": "%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#2", "parameters": Array [ Object { "description": "The version of the API to use", @@ -267,7 +267,7 @@ OK response oas-test-version-2", }, "get": Object { "description": "route description", - "operationId": "/foo/{id}/{path*}#0", + "operationId": "%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#0", "parameters": Array [ Object { "description": "The version of the API to use", @@ -413,7 +413,7 @@ OK response oas-test-version-2", }, "post": Object { "description": "route description", - "operationId": "/foo/{id}/{path*}#1", + "operationId": "%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#1", "parameters": Array [ Object { "description": "The version of the API to use", @@ -570,7 +570,7 @@ OK response oas-test-version-2", }, "/no-xsrf/{id}/{path*}": Object { "post": Object { - "operationId": "/no-xsrf/{id}/{path*}#1", + "operationId": "%2Fno-xsrf%2F%7Bid%7D%2F%7Bpath*%7D#1", "parameters": Array [ Object { "description": "The version of the API to use", @@ -721,7 +721,7 @@ Object { "paths": Object { "/recursive": Object { "get": Object { - "operationId": "/recursive#0", + "operationId": "%2Frecursive#0", "parameters": Array [ Object { "description": "The version of the API to use", @@ -804,7 +804,7 @@ Object { "paths": Object { "/foo/{id}": Object { "get": Object { - "operationId": "/foo/{id}#0", + "operationId": "%2Ffoo%2F%7Bid%7D#0", "parameters": Array [ Object { "description": "The version of the API to use", @@ -842,7 +842,7 @@ Object { }, "/test": Object { "get": Object { - "operationId": "/test#0", + "operationId": "%2Ftest#0", "parameters": Array [ Object { "description": "The version of the API to use", diff --git a/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts b/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts index 09bb6064c2bcb..760deff020022 100644 --- a/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts +++ b/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts @@ -33,7 +33,7 @@ export const sharedOas = { '/bar': { get: { deprecated: true, - operationId: '/bar#0', + operationId: '%2Fbar#0', parameters: [ { description: 'The version of the API to use', @@ -152,7 +152,7 @@ export const sharedOas = { '/foo/{id}/{path*}': { get: { description: 'route description', - operationId: '/foo/{id}/{path*}#0', + operationId: '%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#0', parameters: [ { description: 'The version of the API to use', @@ -276,7 +276,7 @@ export const sharedOas = { }, post: { description: 'route description', - operationId: '/foo/{id}/{path*}#1', + operationId: '%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#1', parameters: [ { description: 'The version of the API to use', diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.test.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.test.ts index 5c783e739d045..71f3ff1eeca70 100644 --- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.test.ts +++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.test.ts @@ -110,6 +110,39 @@ describe('processEnum', () => { ], }, }, + { + name: 'correctly transforms schema.nullable inputs', + input: { + anyOf: [ + { + description: 'test', + type: 'object', + properties: { + test: { + type: 'string', + }, + }, + required: ['test'], + }, + { + enum: [], + nullable: true, + type: undefined, + }, + ], + } as OpenAPIV3.SchemaObject, + expected: { + description: 'test', + type: 'object', + properties: { + test: { + type: 'string', + }, + }, + required: ['test'], + nullable: true, + }, + }, ])('$name', ({ input, expected }) => { processEnum(input); expect(input).toEqual(expected); diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.ts index 7bbb7ae2c26d0..fb2e3856ae495 100644 --- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.ts +++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/enum.ts @@ -9,8 +9,38 @@ import type { OpenAPIV3 } from 'openapi-types'; import { isReferenceObject } from '../../../common'; -export const processEnum = (schema: OpenAPIV3.SchemaObject) => { - if (!schema.anyOf) return; +/** Identify special case output of schema.nullable() */ +const isNullableOutput = (schema: OpenAPIV3.ReferenceObject | OpenAPIV3.SchemaObject) => { + return ( + !isReferenceObject(schema) && + Object.keys(schema).length === 3 && + schema.enum?.length === 0 && + schema.nullable === true && + schema.type === undefined + ); +}; + +/** + * Handle special case output of schema.nullable() + * + * We go from: + * { anyOf: [ { type: 'string' }, { nullable: true, enum: [] } ] } + * + * To: + * { type: 'string', nullable: true } + */ +const processNullableOutput = (schema: OpenAPIV3.SchemaObject) => { + if (schema.anyOf!.length !== 2) return false; + const idx = schema.anyOf!.findIndex((item) => isNullableOutput(item)); + if (idx === -1) return false; + const anyOf = schema.anyOf!; + delete schema.anyOf; + schema.nullable = true; + Object.assign(schema, anyOf[1 - idx]); + return true; +}; + +const prettifyEnum = (schema: OpenAPIV3.SchemaObject) => { const result: unknown[] = []; let type: OpenAPIV3.SchemaObject['type']; for (const item of schema.anyOf!) { @@ -24,3 +54,9 @@ export const processEnum = (schema: OpenAPIV3.SchemaObject) => { schema.enum = result; delete schema.anyOf; }; + +export const processEnum = (schema: OpenAPIV3.SchemaObject) => { + if (!schema.anyOf) return; + if (processNullableOutput(schema)) return; + prettifyEnum(schema); +}; diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.test.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.test.ts index fd7b127ef8726..ae257aaec1edf 100644 --- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.test.ts +++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.test.ts @@ -11,13 +11,10 @@ import { joi2JsonInternal } from '../../parse'; import { processObject } from './object'; test.each([ - [ - schema.object({}), - { type: 'object', properties: {}, additionalProperties: false, required: [] }, - ], + [schema.object({}), { type: 'object', properties: {}, additionalProperties: false }], [ schema.object({ never: schema.never() }), - { type: 'object', properties: {}, additionalProperties: false, required: [] }, + { type: 'object', properties: {}, additionalProperties: false }, ], [ schema.object( diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.ts index ec5888f986bd6..0b21134061c78 100644 --- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.ts +++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/post_process_mutations/mutations/object.ts @@ -38,7 +38,7 @@ const populateRequiredFields = (schema: OpenAPIV3.SchemaObject): void => { } } - schema.required = required; + if (required.length > 0) schema.required = required; }; const removeNeverType = (schema: OpenAPIV3.SchemaObject): void => { diff --git a/packages/kbn-router-to-openapispec/src/operation_id_counter.test.ts b/packages/kbn-router-to-openapispec/src/operation_id_counter.test.ts new file mode 100644 index 0000000000000..270b6b6e2c982 --- /dev/null +++ b/packages/kbn-router-to-openapispec/src/operation_id_counter.test.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { createOperationIdCounter } from './operation_id_counter'; + +test('empty case', () => { + const opIdCounter = createOperationIdCounter(); + expect(opIdCounter('')).toBe('#0'); +}); + +test('other cases', () => { + const opIdCounter = createOperationIdCounter(); + const tests = [ + ['/', '%2F#0'], + ['/api/cool', '%2Fapi%2Fcool#0'], + ['/api/cool', '%2Fapi%2Fcool#1'], + ['/api/cool', '%2Fapi%2Fcool#2'], + ['/api/cool/{variable}', '%2Fapi%2Fcool%2F%7Bvariable%7D#0'], + ['/api/cool/{optionalVariable?}', '%2Fapi%2Fcool%2F%7BoptionalVariable%3F%7D#0'], + ['/api/cool/{optionalVariable?}', '%2Fapi%2Fcool%2F%7BoptionalVariable%3F%7D#1'], + ]; + + tests.forEach(([input, expected]) => { + expect(opIdCounter(input)).toBe(expected); + }); +}); diff --git a/packages/kbn-router-to-openapispec/src/operation_id_counter.ts b/packages/kbn-router-to-openapispec/src/operation_id_counter.ts index 91fe2adf395d8..0842ec88d094f 100644 --- a/packages/kbn-router-to-openapispec/src/operation_id_counter.ts +++ b/packages/kbn-router-to-openapispec/src/operation_id_counter.ts @@ -11,6 +11,7 @@ export type OperationIdCounter = (name: string) => string; export const createOperationIdCounter = () => { const operationIdCounters = new Map(); return (name: string): string => { + name = encodeURIComponent(name); // Aliases an operationId to ensure it is unique across // multiple method+path combinations sharing a name. // "search" -> "search#0", "search#1", etc.