From a124493b8c5aa1dc71c4cf8f2caf134c4355987f Mon Sep 17 00:00:00 2001 From: Rodney Norris Date: Wed, 23 Oct 2024 18:44:23 -0500 Subject: [PATCH 01/99] [Search][Fix] Inference Endpoints deep link & Side Nav access (#197461) --- packages/deeplinks/search/constants.ts | 2 +- .../collectors/application_usage/schema.ts | 2 +- src/plugins/telemetry/schema/oss_plugins.json | 2 +- .../common/utils/licensing.test.ts | 96 +++++++++++++++++++ .../common/utils/licensing.ts | 16 ++++ .../public/navigation_tree.ts | 2 +- .../enterprise_search/public/plugin.ts | 21 +++- .../tests/solution_navigation.ts | 32 +++---- .../security_and_spaces/tests/catalogue.ts | 1 - 9 files changed, 151 insertions(+), 23 deletions(-) create mode 100644 x-pack/plugins/enterprise_search/common/utils/licensing.test.ts create mode 100644 x-pack/plugins/enterprise_search/common/utils/licensing.ts diff --git a/packages/deeplinks/search/constants.ts b/packages/deeplinks/search/constants.ts index c4a598145c87c..a2a17b20efba8 100644 --- a/packages/deeplinks/search/constants.ts +++ b/packages/deeplinks/search/constants.ts @@ -9,7 +9,7 @@ export const ENTERPRISE_SEARCH_APP_ID = 'enterpriseSearch'; export const ENTERPRISE_SEARCH_CONTENT_APP_ID = 'enterpriseSearchContent'; -export const ENTERPRISE_SEARCH_RELEVANCE_APP_ID = 'enterpriseSearchRelevance'; +export const ENTERPRISE_SEARCH_RELEVANCE_APP_ID = 'searchInferenceEndpoints'; export const ENTERPRISE_SEARCH_APPLICATIONS_APP_ID = 'enterpriseSearchApplications'; export const ENTERPRISE_SEARCH_ANALYTICS_APP_ID = 'enterpriseSearchAnalytics'; export const ENTERPRISE_SEARCH_APPSEARCH_APP_ID = 'appSearch'; diff --git a/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts b/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts index 3c40e197dbad3..88d60b1a86b2e 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts @@ -136,7 +136,7 @@ export const applicationUsageSchema = { canvas: commonSchema, enterpriseSearch: commonSchema, enterpriseSearchContent: commonSchema, - enterpriseSearchRelevance: commonSchema, + searchInferenceEndpoints: commonSchema, enterpriseSearchAnalytics: commonSchema, enterpriseSearchApplications: commonSchema, enterpriseSearchAISearch: commonSchema, diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index a3e46f5684135..c71718cfaa5a6 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -2098,7 +2098,7 @@ } } }, - "enterpriseSearchRelevance": { + "searchInferenceEndpoints": { "properties": { "appId": { "type": "keyword", diff --git a/x-pack/plugins/enterprise_search/common/utils/licensing.test.ts b/x-pack/plugins/enterprise_search/common/utils/licensing.test.ts new file mode 100644 index 0000000000000..7b5fbc3088984 --- /dev/null +++ b/x-pack/plugins/enterprise_search/common/utils/licensing.test.ts @@ -0,0 +1,96 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ILicense } from '@kbn/licensing-plugin/public'; + +import { hasEnterpriseLicense } from './licensing'; + +describe('licensing utils', () => { + const baseLicense: ILicense = { + isActive: true, + type: 'trial', + isAvailable: true, + signature: 'fake', + toJSON: jest.fn(), + getUnavailableReason: jest.fn().mockReturnValue(undefined), + hasAtLeast: jest.fn().mockReturnValue(false), + check: jest.fn().mockReturnValue({ state: 'valid' }), + getFeature: jest.fn().mockReturnValue({ isAvailable: false, isEnabled: false }), + }; + describe('hasEnterpriseLicense', () => { + let license: ILicense; + beforeEach(() => { + jest.resetAllMocks(); + license = { + ...baseLicense, + }; + }); + it('returns true for active enterprise license', () => { + license.type = 'enterprise'; + + expect(hasEnterpriseLicense(license)).toEqual(true); + }); + it('returns true for active trial license', () => { + expect(hasEnterpriseLicense(license)).toEqual(true); + }); + it('returns false for active basic license', () => { + license.type = 'basic'; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for active gold license', () => { + license.type = 'gold'; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for active platinum license', () => { + license.type = 'platinum'; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for inactive enterprise license', () => { + license.type = 'enterprise'; + license.isActive = false; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for inactive trial license', () => { + license.isActive = false; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for inactive basic license', () => { + license.type = 'basic'; + license.isActive = false; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for inactive gold license', () => { + license.type = 'gold'; + license.isActive = false; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for inactive platinum license', () => { + license.type = 'platinum'; + license.isActive = false; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for active license is missing type', () => { + delete license.type; + + expect(hasEnterpriseLicense(license)).toEqual(false); + }); + it('returns false for null license', () => { + expect(hasEnterpriseLicense(null)).toEqual(false); + }); + it('returns false for undefined license', () => { + expect(hasEnterpriseLicense(undefined)).toEqual(false); + }); + }); +}); diff --git a/x-pack/plugins/enterprise_search/common/utils/licensing.ts b/x-pack/plugins/enterprise_search/common/utils/licensing.ts new file mode 100644 index 0000000000000..a78e603b3650d --- /dev/null +++ b/x-pack/plugins/enterprise_search/common/utils/licensing.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ILicense } from '@kbn/licensing-plugin/public'; + +/* hasEnterpriseLicense return if the given license is an active `enterprise` or `trial` license + */ +export function hasEnterpriseLicense(license: ILicense | null | undefined): boolean { + if (license === undefined || license === null) return false; + const qualifyingLicenses = ['enterprise', 'trial']; + return license.isActive && qualifyingLicenses.includes(license?.type ?? ''); +} diff --git a/x-pack/plugins/enterprise_search/public/navigation_tree.ts b/x-pack/plugins/enterprise_search/public/navigation_tree.ts index 2f4e5a17ab335..2f41db6bef486 100644 --- a/x-pack/plugins/enterprise_search/public/navigation_tree.ts +++ b/x-pack/plugins/enterprise_search/public/navigation_tree.ts @@ -209,7 +209,7 @@ export const getNavigationTreeDefinition = ({ }), }, { - children: [{ link: 'enterpriseSearchRelevance:inferenceEndpoints' }], + children: [{ link: 'searchInferenceEndpoints:inferenceEndpoints' }], id: 'relevance', title: i18n.translate('xpack.enterpriseSearch.searchNav.relevance', { defaultMessage: 'Relevance', diff --git a/x-pack/plugins/enterprise_search/public/plugin.ts b/x-pack/plugins/enterprise_search/public/plugin.ts index a1558c4855aa7..06f14ba3d7037 100644 --- a/x-pack/plugins/enterprise_search/public/plugin.ts +++ b/x-pack/plugins/enterprise_search/public/plugin.ts @@ -19,6 +19,8 @@ import { PluginInitializerContext, DEFAULT_APP_CATEGORIES, AppDeepLink, + type AppUpdater, + AppStatus, } from '@kbn/core/public'; import { DataPublicPluginStart } from '@kbn/data-plugin/public'; @@ -53,8 +55,8 @@ import { SEARCH_RELEVANCE_PLUGIN, } from '../common/constants'; import { registerLocators } from '../common/locators'; - import { ClientConfigType, InitialAppData } from '../common/types'; +import { hasEnterpriseLicense } from '../common/utils/licensing'; import { ENGINES_PATH } from './applications/app_search/routes'; import { SEARCH_APPLICATIONS_PATH, PLAYGROUND_PATH } from './applications/applications/routes'; @@ -134,7 +136,7 @@ const contentLinks: AppDeepLink[] = [ const relevanceLinks: AppDeepLink[] = [ { - id: 'searchInferenceEndpoints', + id: 'inferenceEndpoints', path: `/${INFERENCE_ENDPOINTS_PATH}`, title: i18n.translate( 'xpack.enterpriseSearch.navigation.relevanceInferenceEndpointsLinkLabel', @@ -180,6 +182,7 @@ const appSearchLinks: AppDeepLink[] = [ export class EnterpriseSearchPlugin implements Plugin { private config: ClientConfigType; + private enterpriseLicenseAppUpdater$ = new BehaviorSubject(() => ({})); constructor(initializerContext: PluginInitializerContext) { this.config = initializerContext.config.get(); @@ -440,6 +443,8 @@ export class EnterpriseSearchPlugin implements Plugin { deepLinks: relevanceLinks, euiIconType: SEARCH_RELEVANCE_PLUGIN.LOGO, id: SEARCH_RELEVANCE_PLUGIN.ID, + status: AppStatus.inaccessible, + updater$: this.enterpriseLicenseAppUpdater$, mount: async (params: AppMountParameters) => { const kibanaDeps = await this.getKibanaDeps(core, params, cloud); const { chrome, http } = kibanaDeps.core; @@ -615,6 +620,18 @@ export class EnterpriseSearchPlugin implements Plugin { ); }); + plugins.licensing?.license$.subscribe((license) => { + if (hasEnterpriseLicense(license)) { + this.enterpriseLicenseAppUpdater$.next(() => ({ + status: AppStatus.accessible, + })); + } else { + this.enterpriseLicenseAppUpdater$.next(() => ({ + status: AppStatus.inaccessible, + })); + } + }); + // Return empty start contract rather than void in order for plugins // that depend on the enterprise search plugin to determine whether it is enabled or not return {}; diff --git a/x-pack/test/functional_search/tests/solution_navigation.ts b/x-pack/test/functional_search/tests/solution_navigation.ts index 8a06ad1193372..66bf8369b668f 100644 --- a/x-pack/test/functional_search/tests/solution_navigation.ts +++ b/x-pack/test/functional_search/tests/solution_navigation.ts @@ -47,6 +47,7 @@ export default function searchSolutionNavigation({ await solutionNavigation.sidenav.expectLinkExists({ text: 'Playground' }); await solutionNavigation.sidenav.expectLinkExists({ text: 'Search applications' }); await solutionNavigation.sidenav.expectLinkExists({ text: 'Behavioral Analytics' }); + await solutionNavigation.sidenav.expectLinkExists({ text: 'Inference Endpoints' }); await solutionNavigation.sidenav.expectLinkExists({ text: 'App Search' }); await solutionNavigation.sidenav.expectLinkExists({ text: 'Workplace Search' }); await solutionNavigation.sidenav.expectLinkExists({ text: 'Other tools' }); @@ -184,20 +185,19 @@ export default function searchSolutionNavigation({ // check Relevance // > Inference Endpoints - // TODO: FTRs don't have enterprise license, so inference endpoints not shown - // await solutionNavigation.sidenav.clickLink({ - // deepLinkId: 'enterpriseSearchRelevance:inferenceEndpoints', - // }); - // await solutionNavigation.sidenav.expectLinkActive({ - // deepLinkId: 'enterpriseSearchRelevance:inferenceEndpoints', - // }); - // await solutionNavigation.breadcrumbs.expectBreadcrumbExists({ text: 'Relevance' }); - // await solutionNavigation.breadcrumbs.expectBreadcrumbExists({ - // text: 'Inference Endpoints', - // }); - // await solutionNavigation.breadcrumbs.expectBreadcrumbExists({ - // deepLinkId: 'enterpriseSearchRelevance:inferenceEndpoints', - // }); + await solutionNavigation.sidenav.clickLink({ + deepLinkId: 'searchInferenceEndpoints:inferenceEndpoints', + }); + await solutionNavigation.sidenav.expectLinkActive({ + deepLinkId: 'searchInferenceEndpoints:inferenceEndpoints', + }); + await solutionNavigation.breadcrumbs.expectBreadcrumbExists({ text: 'Relevance' }); + await solutionNavigation.breadcrumbs.expectBreadcrumbExists({ + text: 'Inference Endpoints', + }); + await solutionNavigation.breadcrumbs.expectBreadcrumbExists({ + deepLinkId: 'searchInferenceEndpoints:inferenceEndpoints', + }); // check Enterprise Search // > App Search @@ -296,8 +296,8 @@ export default function searchSolutionNavigation({ 'enterpriseSearchApplications:playground', 'enterpriseSearchApplications:searchApplications', 'enterpriseSearchAnalytics', - // 'relevance', - // 'enterpriseSearchRelevance:inferenceEndpoints', + 'relevance', + 'searchInferenceEndpoints:inferenceEndpoints', 'entsearch', 'appSearch:engines', 'workplaceSearch', diff --git a/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts b/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts index c8182c4310c33..ddcc187fad6a4 100644 --- a/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts +++ b/x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts @@ -93,7 +93,6 @@ export default function catalogueTests({ getService }: FtrProviderContext) { 'enterpriseSearchVectorSearch', 'enterpriseSearchSemanticSearch', 'enterpriseSearchElasticsearch', - 'enterpriseSearchRelevance', 'searchInferenceEndpoints', 'appSearch', 'observabilityAIAssistant', From 19fa5fda1b38aa854f9c4259b71da888dd25f52f Mon Sep 17 00:00:00 2001 From: christineweng <18648970+christineweng@users.noreply.github.com> Date: Wed, 23 Oct 2024 18:48:57 -0500 Subject: [PATCH 02/99] [Security Solution][Document Flyout] Update footer with proper background color (#197524) ## Summary Fix a small UI bug where the alert flyout footer is missing background color (currently the background is white). ![image](https://github.com/user-attachments/assets/a049d3cd-ca52-460e-b671-1414e11c2dd1) --- .../flyout/document_details/right/footer.tsx | 52 +++++++++---------- 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx index be162a24dde20..e5a5fb12915a6 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx @@ -8,9 +8,7 @@ import type { FC } from 'react'; import React, { useCallback, useMemo, useState } from 'react'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; -import styled from 'styled-components'; -import { euiThemeVars } from '@kbn/ui-theme'; -import { EuiFlexGroup, EuiFlexItem, useEuiTheme } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, useEuiTheme, EuiFlyoutFooter, EuiPanel } from '@elastic/eui'; import { find } from 'lodash/fp'; import { FLYOUT_FOOTER_TEST_ID } from './test_ids'; import type { Status } from '../../../../common/api/detection_engine'; @@ -27,10 +25,6 @@ import { useExceptionFlyout } from '../../../detections/components/alerts_table/ import { isActiveTimeline } from '../../../helpers'; import { useEventFilterModal } from '../../../detections/components/alerts_table/timeline_actions/use_event_filter_modal'; -const StyledEuiFlyoutFooter = styled('div')` - padding: ${euiThemeVars.euiPanelPaddingModifiers.paddingMedium}; -`; - interface AlertSummaryData { /** * Status of the alert (open, closed...) @@ -182,27 +176,29 @@ export const PanelFooter: FC = ({ isPreview }) => { return ( <> - - - - {dataAsNestedObject && ( - - )} - - - + + + + + {dataAsNestedObject && ( + + )} + + + + {openAddExceptionFlyout && alertSummaryData.ruleId != null && From b5f51e4ac449fcc6f3040542454d4738f063310d Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:32:06 +1100 Subject: [PATCH 03/99] skip failing test suite (#197151) --- x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts index a5ab52a7bdb76..2dbd905b4df93 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts @@ -25,7 +25,8 @@ import { } from '../../tasks/live_query'; import { generateRandomStringName, interceptCaseId } from '../../tasks/integrations'; -describe('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] }, () => { +// Failing: See https://github.com/elastic/kibana/issues/197151 +describe.skip('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] }, () => { let ruleId: string; let packId: string; let packName: string; From de876fbd1b7a216565eb24b75b8453ee16a4641a Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Wed, 23 Oct 2024 20:25:17 -0600 Subject: [PATCH 04/99] [Security assistant] Conversation pagination patch MIN (#197305) --- ..._fetch_current_user_conversations.test.tsx | 2 +- .../use_fetch_current_user_conversations.ts | 8 +- .../impl/assistant/helpers.test.ts | 2 +- .../scripts/create_conversations.js | 9 + .../scripts/create_conversations_script.ts | 165 ++++++++++++++++++ .../__mocks__/conversations_schema.mock.ts | 5 +- .../server/ai_assistant_data_clients/find.ts | 90 ++++++++-- .../server/ai_assistant_data_clients/index.ts | 6 + .../user_conversations/create_route.test.ts | 46 ----- .../routes/user_conversations/create_route.ts | 21 --- .../routes/user_conversations/find_route.ts | 15 +- .../e2e/ai_assistant/conversations.cy.ts | 12 +- 12 files changed, 278 insertions(+), 103 deletions(-) create mode 100644 x-pack/plugins/elastic_assistant/scripts/create_conversations.js create mode 100644 x-pack/plugins/elastic_assistant/scripts/create_conversations_script.ts diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.test.tsx index 652764212e996..f10c7d07a35d6 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.test.tsx +++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.test.tsx @@ -52,7 +52,7 @@ describe('useFetchCurrentUserConversations', () => { method: 'GET', query: { page: 1, - perPage: 100, + per_page: 99, }, version: '2023-10-31', signal: undefined, diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.ts index 68612e3e22397..9006ca387e086 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.ts +++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/conversations/use_fetch_current_user_conversations.ts @@ -15,7 +15,7 @@ import { Conversation } from '../../../assistant_context/types'; export interface FetchConversationsResponse { page: number; - perPage: number; + per_page: number; total: number; data: Conversation[]; } @@ -40,13 +40,13 @@ export interface UseFetchCurrentUserConversationsParams { */ const query = { page: 1, - perPage: 100, + per_page: 99, }; export const CONVERSATIONS_QUERY_KEYS = [ ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_FIND, query.page, - query.perPage, + query.per_page, API_VERSIONS.public.v1, ]; @@ -69,7 +69,7 @@ export const useFetchCurrentUserConversations = ({ { select: (data) => onFetch(data), keepPreviousData: true, - initialData: { page: 1, perPage: 100, total: 0, data: [] }, + initialData: { ...query, total: 0, data: [] }, refetchOnWindowFocus, enabled: isAssistantEnabled, } diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/helpers.test.ts b/x-pack/packages/kbn-elastic-assistant/impl/assistant/helpers.test.ts index 5559e273f06b5..26609dea82164 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/helpers.test.ts +++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/helpers.test.ts @@ -110,7 +110,7 @@ describe('helpers', () => { }; const conversationsData = { page: 1, - perPage: 10, + per_page: 10, total: 2, data: Object.values(baseConversations).map((c) => c), }; diff --git a/x-pack/plugins/elastic_assistant/scripts/create_conversations.js b/x-pack/plugins/elastic_assistant/scripts/create_conversations.js new file mode 100644 index 0000000000000..b08f1419af0c9 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/scripts/create_conversations.js @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +require('../../../../src/setup_node_env'); +require('./create_conversations_script').create(); diff --git a/x-pack/plugins/elastic_assistant/scripts/create_conversations_script.ts b/x-pack/plugins/elastic_assistant/scripts/create_conversations_script.ts new file mode 100644 index 0000000000000..2fd388e299f6f --- /dev/null +++ b/x-pack/plugins/elastic_assistant/scripts/create_conversations_script.ts @@ -0,0 +1,165 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { randomBytes } from 'node:crypto'; +import yargs from 'yargs/yargs'; +import { ToolingLog } from '@kbn/tooling-log'; +import axios from 'axios'; +import { + API_VERSIONS, + ConversationCreateProps, + ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL, +} from '@kbn/elastic-assistant-common'; +import pLimit from 'p-limit'; +import { getCreateConversationSchemaMock } from '../server/__mocks__/conversations_schema.mock'; + +/** + * Developer script for creating conversations. + * node x-pack/plugins/elastic_assistant/scripts/create_conversations + */ +export const create = async () => { + const logger = new ToolingLog({ + level: 'info', + writeTo: process.stdout, + }); + const argv = yargs(process.argv.slice(2)) + .option('count', { + type: 'number', + description: 'Number of conversations to create', + default: 100, + }) + .option('kibana', { + type: 'string', + description: 'Kibana url including auth', + default: `http://elastic:changeme@localhost:5601`, + }) + .parse(); + const kibanaUrl = removeTrailingSlash(argv.kibana); + const count = Number(argv.count); + logger.info(`Kibana URL: ${kibanaUrl}`); + const connectorsApiUrl = `${kibanaUrl}/api/actions/connectors`; + const conversationsCreateUrl = `${kibanaUrl}${ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL}`; + + try { + logger.info(`Fetching available connectors...`); + const { data: connectors } = await axios.get(connectorsApiUrl, { + headers: requestHeaders, + }); + const aiConnectors = connectors.filter( + ({ connector_type_id: connectorTypeId }: { connector_type_id: string }) => + AllowedActionTypeIds.includes(connectorTypeId) + ); + if (aiConnectors.length === 0) { + throw new Error('No AI connectors found, create an AI connector to use this script'); + } + + logger.info(`Creating ${count} conversations...`); + if (count > 999) { + logger.info(`This may take a couple of minutes...`); + } + + const promises = Array.from({ length: count }, (_, i) => + limit(() => + retryRequest( + () => + axios.post( + conversationsCreateUrl, + getCreateConversationSchemaMock({ + ...getMockConversationContent(), + apiConfig: { + actionTypeId: aiConnectors[0].connector_type_id, + connectorId: aiConnectors[0].id, + }, + }), + { headers: requestHeaders } + ), + 3, // Retry up to 3 times + 1000 // Delay of 1 second between retries + ) + ) + ); + + const results = await Promise.allSettled(promises); + + const successfulResults = results.filter((result) => result.status === 'fulfilled'); + const errorResults = results.filter( + (result) => result.status === 'rejected' + ) as PromiseRejectedResult[]; + const conversationsCreated = successfulResults.length; + + if (count > conversationsCreated) { + const errorExample = + errorResults.length > 0 ? errorResults[0]?.reason?.message ?? 'unknown' : 'unknown'; + throw new Error( + `Failed to create all conversations. Expected count: ${count}, Created count: ${conversationsCreated}. Reason: ${errorExample}` + ); + } + logger.info(`Successfully created ${successfulResults.length} conversations.`); + } catch (e) { + logger.error(e); + } +}; +// Set the concurrency limit (e.g., 50 requests at a time) +const limit = pLimit(50); + +// Retry helper function +const retryRequest = async ( + fn: () => Promise, + retries: number = 3, + delay: number = 1000 +): Promise => { + try { + return await fn(); + } catch (e) { + if (retries > 0) { + await new Promise((res) => setTimeout(res, delay)); + return retryRequest(fn, retries - 1, delay); + } + throw e; // If retries are exhausted, throw the error + } +}; + +const getMockConversationContent = (): Partial => ({ + title: `A ${randomBytes(4).toString('hex')} title`, + isDefault: false, + messages: [ + { + content: 'Hello robot', + role: 'user', + timestamp: '2019-12-13T16:40:33.400Z', + traceData: { + traceId: '1', + transactionId: '2', + }, + }, + { + content: 'Hello human', + role: 'assistant', + timestamp: '2019-12-13T16:41:33.400Z', + traceData: { + traceId: '3', + transactionId: '4', + }, + }, + ], +}); + +export const AllowedActionTypeIds = ['.bedrock', '.gen-ai', '.gemini']; + +const requestHeaders = { + 'kbn-xsrf': 'xxx', + 'Content-Type': 'application/json', + 'elastic-api-version': API_VERSIONS.public.v1, +}; + +function removeTrailingSlash(url: string) { + if (url.endsWith('/')) { + return url.slice(0, -1); + } else { + return url; + } +} diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/conversations_schema.mock.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/conversations_schema.mock.ts index 7594839bd21b4..278dfc9fe829b 100644 --- a/x-pack/plugins/elastic_assistant/server/__mocks__/conversations_schema.mock.ts +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/conversations_schema.mock.ts @@ -60,7 +60,9 @@ export const getConversationSearchEsMock = () => { return searchResponse; }; -export const getCreateConversationSchemaMock = (): ConversationCreateProps => ({ +export const getCreateConversationSchemaMock = ( + rest?: Partial +): ConversationCreateProps => ({ title: 'Welcome', apiConfig: { actionTypeId: '.gen-ai', @@ -82,6 +84,7 @@ export const getCreateConversationSchemaMock = (): ConversationCreateProps => ({ }, ], category: 'assistant', + ...rest, }); export const getUpdateConversationSchemaMock = ( diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/find.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/find.ts index 101354a6802b7..9f37e45250a9c 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/find.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/find.ts @@ -9,6 +9,7 @@ import { AggregationsAggregationContainer, MappingRuntimeFields, Sort, + SearchResponse, } from '@elastic/elasticsearch/lib/api/types'; import { ElasticsearchClient, Logger } from '@kbn/core/server'; @@ -27,6 +28,10 @@ interface FindOptions { runtimeMappings?: MappingRuntimeFields | undefined; logger: Logger; aggs?: Record; + mSearch?: { + filter: string; + perPage: number; + }; } export interface FindResponse { @@ -47,6 +52,7 @@ export const findDocuments = async ({ sortOrder, logger, aggs, + mSearch, }: FindOptions): Promise> => { const query = getQueryFilter({ filter }); let sort: Sort | undefined; @@ -61,28 +67,78 @@ export const findDocuments = async ({ }; } try { - const response = await esClient.search({ - body: { - query, - track_total_hits: true, - sort, - }, - _source: true, - from: (page - 1) * perPage, + if (mSearch == null) { + const response = await esClient.search({ + body: { + query, + track_total_hits: true, + sort, + }, + _source: true, + from: (page - 1) * perPage, + ignore_unavailable: true, + index, + seq_no_primary_term: true, + size: perPage, + aggs, + }); + + return { + data: response, + page, + perPage, + total: + (typeof response.hits.total === 'number' + ? response.hits.total + : response.hits.total?.value) ?? 0, + }; + } + const mSearchQueryBody = { + body: [ + { index }, + { + query, + size: perPage, + aggs, + seq_no_primary_term: true, + from: (page - 1) * perPage, + sort, + _source: true, + }, + { index }, + { + query: getQueryFilter({ filter: mSearch.filter }), + size: mSearch.perPage, + aggs, + seq_no_primary_term: true, + from: (page - 1) * mSearch.perPage, + sort, + _source: true, + }, + ], ignore_unavailable: true, index, - seq_no_primary_term: true, - size: perPage, - aggs, + }; + const response = await esClient.msearch>(mSearchQueryBody); + let responseStats: Omit, 'hits'> = { + took: 0, + _shards: { total: 0, successful: 0, skipped: 0, failed: 0 }, + timed_out: false, + }; + // flatten the results of the combined find queries into a single array of hits: + const results = response.responses.flatMap((res) => { + const mResponse = res as SearchResponse; + const { hits, ...responseBody } = mResponse; + // assign whatever the last stats are, they are only used for type + responseStats = { ...responseStats, ...responseBody }; + return hits?.hits ?? []; }); + return { - data: response, + data: { ...responseStats, hits: { hits: results } }, page, - perPage, - total: - (typeof response.hits.total === 'number' - ? response.hits.total // This format is to be removed in 8.0 - : response.hits.total?.value) ?? 0, + perPage: perPage + mSearch.perPage, + total: results.length, }; } catch (err) { logger.error(`Error fetching documents: ${err}`); diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts index cc74e1f03d3d9..706e4444488d9 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/index.ts @@ -100,6 +100,7 @@ export class AIAssistantDataClient { filter, fields, aggs, + mSearch, }: { perPage: number; page: number; @@ -108,6 +109,10 @@ export class AIAssistantDataClient { filter?: string; fields?: string[]; aggs?: Record; + mSearch?: { + filter: string; + perPage: number; + }; }): Promise>> => { const esClient = await this.options.elasticsearchClientPromise; return findDocuments({ @@ -121,6 +126,7 @@ export class AIAssistantDataClient { sortOrder: sortOrder as estypes.SortOrder, logger: this.options.logger, aggs, + mSearch, }); }; } diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts index 085cf9388d45a..0659b8d43a38f 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.test.ts @@ -100,52 +100,6 @@ describe('Create conversation route', () => { expect(result.badRequest).toHaveBeenCalled(); }); - - test('escapes colons when querying for existing titles', async () => { - const request = requestMock.create({ - method: 'post', - path: ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL, - body: { - ...getCreateConversationSchemaMock(), - title: 'test: Malware infection: with credential theft attempt - 2875e', // <-- contains colons - }, - }); - - await server.inject(request, requestContextMock.convertContext(context)); - - expect( - clients.elasticAssistant.getAIAssistantConversationsDataClient.findDocuments - ).toHaveBeenCalledWith({ - fields: ['title'], - filter: - 'users:{ name: "my_username" } AND title:test\\: Malware infection\\: with credential theft attempt - 2875e', - page: 1, - perPage: 100, - }); - }); - - test('escapes quotes when querying for existing titles', async () => { - const request = requestMock.create({ - method: 'post', - path: ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL, - body: { - ...getCreateConversationSchemaMock(), - title: '"Malware infection with credential theft attempt - 2875e"', // <-- contains quotes - }, - }); - - await server.inject(request, requestContextMock.convertContext(context)); - - expect( - clients.elasticAssistant.getAIAssistantConversationsDataClient.findDocuments - ).toHaveBeenCalledWith({ - fields: ['title'], - filter: - 'users:{ name: "my_username" } AND title:\\"Malware infection with credential theft attempt - 2875e\\"', - page: 1, - perPage: 100, - }); - }); }); describe('conversation containing messages', () => { const getMessage = (role: string = 'user') => ({ diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.ts index a0dcbe04ba1d1..b92ad5462963e 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/create_route.ts @@ -14,7 +14,6 @@ import { API_VERSIONS, } from '@kbn/elastic-assistant-common'; import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common'; -import { escapeKuery } from '@kbn/es-query'; import { ElasticAssistantPluginRouter } from '../../types'; import { buildResponse } from '../utils'; @@ -56,26 +55,6 @@ export const createConversationRoute = (router: ElasticAssistantPluginRouter): v } const dataClient = await ctx.elasticAssistant.getAIAssistantConversationsDataClient(); - const currentUser = ctx.elasticAssistant.getCurrentUser(); - const userFilter = currentUser?.username - ? `name: "${currentUser?.username}"` - : `id: "${currentUser?.profile_uid}"`; - - const escapedTitle = escapeKuery(request.body.title); - - const result = await dataClient?.findDocuments({ - perPage: 100, - page: 1, - filter: `users:{ ${userFilter} } AND title:${escapedTitle}`, - fields: ['title'], - }); - if (result?.data != null && result.total > 0) { - return assistantResponse.error({ - statusCode: 409, - body: `conversation title: "${request.body.title}" already exists`, - }); - } - const createdConversation = await dataClient?.createConversation({ conversation: request.body, }); diff --git a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/find_route.ts b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/find_route.ts index 6a2c3afc41374..e7ce80039beb0 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/user_conversations/find_route.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/user_conversations/find_route.ts @@ -61,13 +61,24 @@ export const findUserConversationsRoute = (router: ElasticAssistantPluginRouter) const userFilter = currentUser?.username ? `name: "${currentUser?.username}"` : `id: "${currentUser?.profile_uid}"`; + + const MAX_CONVERSATION_TOTAL = query.per_page; + // TODO remove once we have pagination https://github.com/elastic/kibana/issues/192714 + // do a separate search for default conversations and non-default conversations to ensure defaults always get included + // MUST MATCH THE LENGTH OF BASE_SECURITY_CONVERSATIONS from 'x-pack/plugins/security_solution/public/assistant/content/conversations/index.tsx' + const MAX_DEFAULT_CONVERSATION_TOTAL = 7; + const nonDefaultSize = MAX_CONVERSATION_TOTAL - MAX_DEFAULT_CONVERSATION_TOTAL; const result = await dataClient?.findDocuments({ - perPage: query.per_page, + perPage: nonDefaultSize, page: query.page, sortField: query.sort_field, sortOrder: query.sort_order, - filter: `users:{ ${userFilter} }${additionalFilter}`, + filter: `users:{ ${userFilter} }${additionalFilter} and not is_default: true`, fields: query.fields, + mSearch: { + filter: `users:{ ${userFilter} }${additionalFilter} and is_default: true`, + perPage: MAX_DEFAULT_CONVERSATION_TOTAL, + }, }); if (result) { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/ai_assistant/conversations.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/ai_assistant/conversations.cy.ts index c91ee7de475e3..4d87cce1fdaa8 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/ai_assistant/conversations.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/ai_assistant/conversations.cy.ts @@ -23,7 +23,6 @@ import { typeAndSendMessage, assertErrorResponse, selectRule, - assertErrorToastShown, updateConversationTitle, } from '../../tasks/assistant'; import { deleteConversations } from '../../tasks/api_calls/assistant'; @@ -146,7 +145,7 @@ describe('AI Assistant Conversations', { tags: ['@ess', '@serverless'] }, () => assertConnectorSelected(bedrockConnectorAPIPayload.name); assertMessageSent('goodbye'); }); - it('Correctly titles new conversations, and only allows one conversation called "New chat" at a time', () => { + it('Correctly creates and titles new conversations, and allows title updates', () => { visitGetStartedPage(); openAssistant(); createNewChat(); @@ -155,14 +154,7 @@ describe('AI Assistant Conversations', { tags: ['@ess', '@serverless'] }, () => typeAndSendMessage('hello'); assertMessageSent('hello'); assertConversationTitle('Unexpected API Error: - Connection error.'); - updateConversationTitle('New chat'); - selectConversation('Welcome'); - createNewChat(); - assertErrorToastShown('Error creating conversation with title New chat'); - selectConversation('New chat'); - updateConversationTitle('My other chat'); - createNewChat(); - assertNewConversation(false, 'New chat'); + updateConversationTitle('Something else'); }); }); }); From 23848ddea6185cadbf0fdd6fe59cd6b6b0c60ec0 Mon Sep 17 00:00:00 2001 From: Henry Liu <645599166@qq.com> Date: Thu, 24 Oct 2024 11:09:51 +0800 Subject: [PATCH 05/99] [DataView] show empty matching sources when no matched index pattern (#195537) ## Summary Closes #194736 Show empty matching sources when no matched index pattern in create data view panel ### Before ![image](https://github.com/user-attachments/assets/84bbc6b7-5ec7-4755-92fb-c2f52b38d7c1) ### After ![image](https://github.com/user-attachments/assets/af5ac7c2-4346-4f97-82aa-e4c54659d9a9) --------- Co-authored-by: Matthias Wilhelm Co-authored-by: Elastic Machine Co-authored-by: Davis McPhee --- .../preview_panel/preview_panel.tsx | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/plugins/data_view_editor/public/components/preview_panel/preview_panel.tsx b/src/plugins/data_view_editor/public/components/preview_panel/preview_panel.tsx index 62de466889990..44322d92a42b3 100644 --- a/src/plugins/data_view_editor/public/components/preview_panel/preview_panel.tsx +++ b/src/plugins/data_view_editor/public/components/preview_panel/preview_panel.tsx @@ -86,17 +86,18 @@ export const PreviewPanel = ({ type, allowHidden, title = '', matchedIndices$ }: query={title} /> - {Boolean(title) && currentlyVisibleIndices.length > 0 && ( - setViewMode(id as ViewMode)} - /> - )} + {Boolean(title) && + (matched.exactMatchedIndices.length > 0 || matched.partialMatchedIndices.length > 0) && ( + setViewMode(id as ViewMode)} + /> + )} {indicesListContent} ); From 7dd66b3fd97809ce563f323397fc810c2ac21d1a Mon Sep 17 00:00:00 2001 From: "fangshun@" <71168119+fangshun-z@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:11:11 +0800 Subject: [PATCH 06/99] fix: remove the _score field (#197197) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #189624 Before: ![Pasted Graphic 1](https://github.com/user-attachments/assets/7669c66a-339c-40a5-8a20-8d6ca452612c) After: ![Pasted Graphic](https://github.com/user-attachments/assets/d4fa2ac6-9be1-4c77-8976-1df568b8aa7a) --------- Signed-off-by: fangshun Co-authored-by: Davis McPhee --- .../public/components/doc_viewer_source/source.test.tsx | 2 ++ .../public/components/doc_viewer_source/source.tsx | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.test.tsx b/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.test.tsx index 5cd4d8b7ba00b..67c4dd65a6634 100644 --- a/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.test.tsx +++ b/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.test.tsx @@ -103,5 +103,7 @@ describe('Source Viewer component', () => { ); const jsonCodeEditor = comp.find(JsonCodeEditorCommon); expect(jsonCodeEditor).not.toBe(null); + expect(jsonCodeEditor.props().jsonValue).toContain('_source'); + expect(jsonCodeEditor.props().jsonValue).not.toContain('_score'); }); }); diff --git a/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.tsx b/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.tsx index 0dbaabb4ba55a..5b4ba36cd03f1 100644 --- a/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.tsx +++ b/src/plugins/unified_doc_viewer/public/components/doc_viewer_source/source.tsx @@ -18,6 +18,7 @@ import type { DataView } from '@kbn/data-views-plugin/public'; import type { DataTableRecord } from '@kbn/discover-utils/types'; import { ElasticRequestState } from '@kbn/unified-doc-viewer'; import { isLegacyTableEnabled, SEARCH_FIELDS_FROM_SOURCE } from '@kbn/discover-utils'; +import { omit } from 'lodash'; import { getUnifiedDocViewerServices } from '../../plugin'; import { useEsDocSearch } from '../../hooks'; import { getHeight, DEFAULT_MARGIN_BOTTOM } from './get_height'; @@ -70,7 +71,7 @@ export const DocViewerSource = ({ useEffect(() => { if (requestState === ElasticRequestState.Found && hit) { - setJsonValue(JSON.stringify(hit.raw, undefined, 2)); + setJsonValue(JSON.stringify(omit(hit.raw, '_score'), undefined, 2)); } }, [requestState, hit]); From aaa9604973bfdf99cb43f959974f48423aa6122e Mon Sep 17 00:00:00 2001 From: Kate Sosedova <36230123+ek-so@users.noreply.github.com> Date: Thu, 24 Oct 2024 05:23:56 +0200 Subject: [PATCH 07/99] Small UI fixes for new Space creation/settings page (#197303) ## Summary [According to this PRD](https://docs.google.com/document/d/1HC_YjDtIzRvweU-oy6K2DevKfSvwfdHHZbjLFA43xls/edit#heading=h.jf3bwdwv0goe). * Solution selection inside space settings is now full width (point 7) * "Solution view" in features visibility section is not bold anymore (point 8) * Slightly tweaked placement for header and badges (point 14) ![CleanShot 2024-10-22 at 18 47 34@2x](https://github.com/user-attachments/assets/831772e4-e342-4999-baa4-79ec7341ffa9) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine --- .../__snapshots__/enabled_features.test.tsx.snap | 10 ++++------ .../components/enabled_features/enabled_features.tsx | 10 ++++------ .../components/solution_view/solution_view.tsx | 5 +++-- .../spaces/public/management/edit_space/edit_space.tsx | 4 ++-- 4 files changed, 13 insertions(+), 16 deletions(-) diff --git a/x-pack/plugins/spaces/public/management/components/enabled_features/__snapshots__/enabled_features.test.tsx.snap b/x-pack/plugins/spaces/public/management/components/enabled_features/__snapshots__/enabled_features.test.tsx.snap index 9babe0f169992..c3558f91936ba 100644 --- a/x-pack/plugins/spaces/public/management/components/enabled_features/__snapshots__/enabled_features.test.tsx.snap +++ b/x-pack/plugins/spaces/public/management/components/enabled_features/__snapshots__/enabled_features.test.tsx.snap @@ -29,12 +29,10 @@ exports[`EnabledFeatures renders as expected 1`] = ` id="xpack.spaces.management.enabledSpaceFeatures.chooseFeaturesToDisplayMessage" values={ Object { - "solutionView": - - , + "solutionView": , } } /> diff --git a/x-pack/plugins/spaces/public/management/components/enabled_features/enabled_features.tsx b/x-pack/plugins/spaces/public/management/components/enabled_features/enabled_features.tsx index 377f4c51ff0c5..e045321cafac6 100644 --- a/x-pack/plugins/spaces/public/management/components/enabled_features/enabled_features.tsx +++ b/x-pack/plugins/spaces/public/management/components/enabled_features/enabled_features.tsx @@ -43,12 +43,10 @@ export const EnabledFeatures: FunctionComponent = (props) => { defaultMessage="Choose the features to display in the navigation menu for users of this space. If you want to focus on a single solution, you can simplify the navigation even more by selecting a {solutionView}." values={{ solutionView: ( - - - + ), }} /> diff --git a/x-pack/plugins/spaces/public/management/components/solution_view/solution_view.tsx b/x-pack/plugins/spaces/public/management/components/solution_view/solution_view.tsx index 4bf5e437f7350..2d4818ff0b934 100644 --- a/x-pack/plugins/spaces/public/management/components/solution_view/solution_view.tsx +++ b/x-pack/plugins/spaces/public/management/components/solution_view/solution_view.tsx @@ -111,7 +111,7 @@ export const SolutionView: FunctionComponent = ({ return ( - + @@ -163,6 +163,7 @@ export const SolutionView: FunctionComponent = ({ onChange={(solution) => { onChange({ ...space, solution }); }} + fullWidth={true} placeholder={i18n.translate( 'xpack.spaces.management.navigation.solutionViewDefaultValue', { defaultMessage: 'Select solution view' } @@ -180,7 +181,7 @@ export const SolutionView: FunctionComponent = ({ /> - + = ({ > - + @@ -246,7 +246,7 @@ export const EditSpace: FC = ({ - +
{shouldShowSolutionBadge ? ( Date: Thu, 24 Oct 2024 17:32:18 +1100 Subject: [PATCH 08/99] [api-docs] 2024-10-24 Daily api_docs build (#197564) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/870 --- api_docs/actions.devdocs.json | 39 +++- api_docs/actions.mdx | 4 +- api_docs/advanced_settings.mdx | 2 +- .../ai_assistant_management_selection.mdx | 2 +- api_docs/aiops.mdx | 2 +- api_docs/alerting.mdx | 2 +- api_docs/apm.mdx | 2 +- api_docs/apm_data_access.mdx | 2 +- api_docs/banners.mdx | 2 +- api_docs/bfetch.mdx | 2 +- api_docs/canvas.mdx | 2 +- api_docs/cases.mdx | 2 +- api_docs/charts.mdx | 2 +- api_docs/cloud.mdx | 2 +- api_docs/cloud_data_migration.mdx | 2 +- api_docs/cloud_defend.mdx | 2 +- api_docs/cloud_security_posture.mdx | 2 +- api_docs/console.mdx | 2 +- api_docs/content_management.mdx | 2 +- api_docs/controls.mdx | 2 +- api_docs/custom_integrations.mdx | 2 +- api_docs/dashboard.mdx | 2 +- api_docs/dashboard_enhanced.mdx | 2 +- api_docs/data.mdx | 2 +- api_docs/data_quality.mdx | 2 +- api_docs/data_query.mdx | 2 +- api_docs/data_search.mdx | 2 +- api_docs/data_usage.mdx | 2 +- api_docs/data_view_editor.mdx | 2 +- api_docs/data_view_field_editor.mdx | 2 +- api_docs/data_view_management.mdx | 2 +- api_docs/data_views.mdx | 2 +- api_docs/data_visualizer.mdx | 2 +- api_docs/dataset_quality.mdx | 2 +- api_docs/deprecations_by_api.mdx | 10 +- api_docs/deprecations_by_plugin.mdx | 4 +- api_docs/deprecations_by_team.mdx | 2 +- api_docs/dev_tools.mdx | 2 +- api_docs/discover.mdx | 2 +- api_docs/discover_enhanced.mdx | 2 +- api_docs/discover_shared.mdx | 2 +- api_docs/ecs_data_quality_dashboard.mdx | 2 +- api_docs/elastic_assistant.mdx | 2 +- api_docs/embeddable.devdocs.json | 24 +-- api_docs/embeddable.mdx | 2 +- api_docs/embeddable_enhanced.mdx | 2 +- api_docs/encrypted_saved_objects.mdx | 2 +- api_docs/enterprise_search.mdx | 2 +- api_docs/entities_data_access.mdx | 2 +- api_docs/entity_manager.devdocs.json | 6 +- api_docs/entity_manager.mdx | 2 +- api_docs/es_ui_shared.mdx | 2 +- api_docs/esql.mdx | 2 +- api_docs/esql_data_grid.mdx | 2 +- api_docs/event_annotation.mdx | 2 +- api_docs/event_annotation_listing.mdx | 2 +- api_docs/event_log.mdx | 2 +- api_docs/exploratory_view.mdx | 2 +- api_docs/expression_error.mdx | 2 +- api_docs/expression_gauge.mdx | 2 +- api_docs/expression_heatmap.mdx | 2 +- api_docs/expression_image.mdx | 2 +- api_docs/expression_legacy_metric_vis.mdx | 2 +- api_docs/expression_metric.mdx | 2 +- api_docs/expression_metric_vis.mdx | 2 +- api_docs/expression_partition_vis.mdx | 2 +- api_docs/expression_repeat_image.mdx | 2 +- api_docs/expression_reveal_image.mdx | 2 +- api_docs/expression_shape.mdx | 2 +- api_docs/expression_tagcloud.mdx | 2 +- api_docs/expression_x_y.mdx | 2 +- api_docs/expressions.mdx | 2 +- api_docs/features.mdx | 2 +- api_docs/field_formats.mdx | 2 +- api_docs/fields_metadata.mdx | 2 +- api_docs/file_upload.mdx | 2 +- api_docs/files.mdx | 2 +- api_docs/files_management.mdx | 2 +- api_docs/fleet.mdx | 2 +- api_docs/global_search.mdx | 2 +- api_docs/guided_onboarding.mdx | 2 +- api_docs/home.mdx | 2 +- api_docs/image_embeddable.mdx | 2 +- api_docs/index_lifecycle_management.mdx | 2 +- api_docs/index_management.mdx | 2 +- api_docs/inference.mdx | 2 +- api_docs/infra.mdx | 2 +- api_docs/ingest_pipelines.mdx | 2 +- api_docs/inspector.mdx | 2 +- api_docs/integration_assistant.mdx | 2 +- api_docs/interactive_setup.mdx | 2 +- api_docs/inventory.devdocs.json | 4 +- api_docs/inventory.mdx | 2 +- api_docs/investigate.mdx | 2 +- api_docs/investigate_app.devdocs.json | 2 +- api_docs/investigate_app.mdx | 2 +- api_docs/kbn_actions_types.mdx | 2 +- api_docs/kbn_ai_assistant.mdx | 2 +- api_docs/kbn_ai_assistant_common.mdx | 2 +- api_docs/kbn_aiops_components.mdx | 2 +- api_docs/kbn_aiops_log_pattern_analysis.mdx | 2 +- api_docs/kbn_aiops_log_rate_analysis.mdx | 2 +- .../kbn_alerting_api_integration_helpers.mdx | 2 +- api_docs/kbn_alerting_comparators.mdx | 2 +- api_docs/kbn_alerting_state_types.mdx | 2 +- api_docs/kbn_alerting_types.mdx | 2 +- api_docs/kbn_alerts_as_data_utils.mdx | 2 +- api_docs/kbn_alerts_grouping.mdx | 2 +- api_docs/kbn_alerts_ui_shared.mdx | 2 +- api_docs/kbn_analytics.mdx | 2 +- api_docs/kbn_analytics_collection_utils.mdx | 2 +- api_docs/kbn_apm_config_loader.mdx | 2 +- api_docs/kbn_apm_data_view.mdx | 2 +- api_docs/kbn_apm_synthtrace.mdx | 2 +- .../kbn_apm_synthtrace_client.devdocs.json | 2 +- api_docs/kbn_apm_synthtrace_client.mdx | 2 +- api_docs/kbn_apm_types.mdx | 2 +- api_docs/kbn_apm_utils.mdx | 2 +- api_docs/kbn_avc_banner.mdx | 2 +- api_docs/kbn_axe_config.mdx | 2 +- api_docs/kbn_bfetch_error.mdx | 2 +- api_docs/kbn_calculate_auto.mdx | 2 +- .../kbn_calculate_width_from_char_count.mdx | 2 +- api_docs/kbn_cases_components.mdx | 2 +- api_docs/kbn_cbor.mdx | 2 +- api_docs/kbn_cell_actions.mdx | 2 +- api_docs/kbn_chart_expressions_common.mdx | 2 +- api_docs/kbn_chart_icons.mdx | 2 +- api_docs/kbn_ci_stats_core.mdx | 2 +- api_docs/kbn_ci_stats_performance_metrics.mdx | 2 +- api_docs/kbn_ci_stats_reporter.mdx | 2 +- api_docs/kbn_cli_dev_mode.mdx | 2 +- api_docs/kbn_cloud_security_posture.mdx | 2 +- .../kbn_cloud_security_posture_common.mdx | 2 +- api_docs/kbn_code_editor.mdx | 2 +- api_docs/kbn_code_editor_mock.mdx | 2 +- api_docs/kbn_code_owners.mdx | 2 +- api_docs/kbn_coloring.mdx | 2 +- api_docs/kbn_config.mdx | 2 +- api_docs/kbn_config_mocks.mdx | 2 +- api_docs/kbn_config_schema.mdx | 2 +- .../kbn_content_management_content_editor.mdx | 2 +- ...ent_management_content_insights_public.mdx | 2 +- ...ent_management_content_insights_server.mdx | 2 +- ...bn_content_management_favorites_public.mdx | 2 +- ...bn_content_management_favorites_server.mdx | 2 +- ...tent_management_tabbed_table_list_view.mdx | 2 +- ...kbn_content_management_table_list_view.mdx | 2 +- ...tent_management_table_list_view_common.mdx | 2 +- ...ntent_management_table_list_view_table.mdx | 2 +- .../kbn_content_management_user_profiles.mdx | 2 +- api_docs/kbn_content_management_utils.mdx | 2 +- api_docs/kbn_core_analytics_browser.mdx | 2 +- .../kbn_core_analytics_browser_internal.mdx | 2 +- api_docs/kbn_core_analytics_browser_mocks.mdx | 2 +- api_docs/kbn_core_analytics_server.mdx | 2 +- .../kbn_core_analytics_server_internal.mdx | 2 +- api_docs/kbn_core_analytics_server_mocks.mdx | 2 +- api_docs/kbn_core_application_browser.mdx | 2 +- .../kbn_core_application_browser_internal.mdx | 2 +- .../kbn_core_application_browser_mocks.mdx | 2 +- api_docs/kbn_core_application_common.mdx | 2 +- api_docs/kbn_core_apps_browser_internal.mdx | 2 +- api_docs/kbn_core_apps_browser_mocks.mdx | 2 +- api_docs/kbn_core_apps_server_internal.mdx | 2 +- api_docs/kbn_core_base_browser_mocks.mdx | 2 +- api_docs/kbn_core_base_common.mdx | 2 +- api_docs/kbn_core_base_server_internal.mdx | 2 +- api_docs/kbn_core_base_server_mocks.mdx | 2 +- .../kbn_core_capabilities_browser_mocks.mdx | 2 +- api_docs/kbn_core_capabilities_common.mdx | 2 +- api_docs/kbn_core_capabilities_server.mdx | 2 +- .../kbn_core_capabilities_server_mocks.mdx | 2 +- api_docs/kbn_core_chrome_browser.devdocs.json | 2 +- api_docs/kbn_core_chrome_browser.mdx | 2 +- api_docs/kbn_core_chrome_browser_mocks.mdx | 2 +- api_docs/kbn_core_config_server_internal.mdx | 2 +- api_docs/kbn_core_custom_branding_browser.mdx | 2 +- ..._core_custom_branding_browser_internal.mdx | 2 +- ...kbn_core_custom_branding_browser_mocks.mdx | 2 +- api_docs/kbn_core_custom_branding_common.mdx | 2 +- api_docs/kbn_core_custom_branding_server.mdx | 2 +- ...n_core_custom_branding_server_internal.mdx | 2 +- .../kbn_core_custom_branding_server_mocks.mdx | 2 +- api_docs/kbn_core_deprecations_browser.mdx | 2 +- ...kbn_core_deprecations_browser_internal.mdx | 2 +- .../kbn_core_deprecations_browser_mocks.mdx | 2 +- api_docs/kbn_core_deprecations_common.mdx | 2 +- api_docs/kbn_core_deprecations_server.mdx | 2 +- .../kbn_core_deprecations_server_internal.mdx | 2 +- .../kbn_core_deprecations_server_mocks.mdx | 2 +- api_docs/kbn_core_doc_links_browser.mdx | 2 +- api_docs/kbn_core_doc_links_browser_mocks.mdx | 2 +- api_docs/kbn_core_doc_links_server.mdx | 2 +- api_docs/kbn_core_doc_links_server_mocks.mdx | 2 +- ...e_elasticsearch_client_server_internal.mdx | 2 +- ...core_elasticsearch_client_server_mocks.mdx | 2 +- api_docs/kbn_core_elasticsearch_server.mdx | 2 +- ...kbn_core_elasticsearch_server_internal.mdx | 2 +- .../kbn_core_elasticsearch_server_mocks.mdx | 2 +- .../kbn_core_environment_server_internal.mdx | 2 +- .../kbn_core_environment_server_mocks.mdx | 2 +- .../kbn_core_execution_context_browser.mdx | 2 +- ...ore_execution_context_browser_internal.mdx | 2 +- ...n_core_execution_context_browser_mocks.mdx | 2 +- .../kbn_core_execution_context_common.mdx | 2 +- .../kbn_core_execution_context_server.mdx | 2 +- ...core_execution_context_server_internal.mdx | 2 +- ...bn_core_execution_context_server_mocks.mdx | 2 +- api_docs/kbn_core_fatal_errors_browser.mdx | 2 +- .../kbn_core_fatal_errors_browser_mocks.mdx | 2 +- api_docs/kbn_core_feature_flags_browser.mdx | 2 +- ...bn_core_feature_flags_browser_internal.mdx | 2 +- .../kbn_core_feature_flags_browser_mocks.mdx | 2 +- api_docs/kbn_core_feature_flags_server.mdx | 2 +- ...kbn_core_feature_flags_server_internal.mdx | 2 +- .../kbn_core_feature_flags_server_mocks.mdx | 2 +- api_docs/kbn_core_http_browser.mdx | 2 +- api_docs/kbn_core_http_browser_internal.mdx | 2 +- api_docs/kbn_core_http_browser_mocks.mdx | 2 +- api_docs/kbn_core_http_common.mdx | 2 +- .../kbn_core_http_context_server_mocks.mdx | 2 +- ...re_http_request_handler_context_server.mdx | 2 +- api_docs/kbn_core_http_resources_server.mdx | 2 +- ...bn_core_http_resources_server_internal.mdx | 2 +- .../kbn_core_http_resources_server_mocks.mdx | 2 +- .../kbn_core_http_router_server_internal.mdx | 2 +- .../kbn_core_http_router_server_mocks.mdx | 2 +- api_docs/kbn_core_http_server.devdocs.json | 66 ++++--- api_docs/kbn_core_http_server.mdx | 4 +- api_docs/kbn_core_http_server_internal.mdx | 2 +- api_docs/kbn_core_http_server_mocks.mdx | 2 +- api_docs/kbn_core_i18n_browser.mdx | 2 +- api_docs/kbn_core_i18n_browser_mocks.mdx | 2 +- api_docs/kbn_core_i18n_server.mdx | 2 +- api_docs/kbn_core_i18n_server_internal.mdx | 2 +- api_docs/kbn_core_i18n_server_mocks.mdx | 2 +- ...n_core_injected_metadata_browser_mocks.mdx | 2 +- ...kbn_core_integrations_browser_internal.mdx | 2 +- .../kbn_core_integrations_browser_mocks.mdx | 2 +- api_docs/kbn_core_lifecycle_browser.mdx | 2 +- api_docs/kbn_core_lifecycle_browser_mocks.mdx | 2 +- api_docs/kbn_core_lifecycle_server.mdx | 2 +- api_docs/kbn_core_lifecycle_server_mocks.mdx | 2 +- api_docs/kbn_core_logging_browser_mocks.mdx | 2 +- api_docs/kbn_core_logging_common_internal.mdx | 2 +- api_docs/kbn_core_logging_server.mdx | 2 +- api_docs/kbn_core_logging_server_internal.mdx | 2 +- api_docs/kbn_core_logging_server_mocks.mdx | 2 +- ...ore_metrics_collectors_server_internal.mdx | 2 +- ...n_core_metrics_collectors_server_mocks.mdx | 2 +- api_docs/kbn_core_metrics_server.mdx | 2 +- api_docs/kbn_core_metrics_server_internal.mdx | 2 +- api_docs/kbn_core_metrics_server_mocks.mdx | 2 +- api_docs/kbn_core_mount_utils_browser.mdx | 2 +- api_docs/kbn_core_node_server.mdx | 2 +- api_docs/kbn_core_node_server_internal.mdx | 2 +- api_docs/kbn_core_node_server_mocks.mdx | 2 +- api_docs/kbn_core_notifications_browser.mdx | 2 +- ...bn_core_notifications_browser_internal.mdx | 2 +- .../kbn_core_notifications_browser_mocks.mdx | 2 +- api_docs/kbn_core_overlays_browser.mdx | 2 +- .../kbn_core_overlays_browser_internal.mdx | 2 +- api_docs/kbn_core_overlays_browser_mocks.mdx | 2 +- api_docs/kbn_core_plugins_browser.mdx | 2 +- api_docs/kbn_core_plugins_browser_mocks.mdx | 2 +- .../kbn_core_plugins_contracts_browser.mdx | 2 +- .../kbn_core_plugins_contracts_server.mdx | 2 +- api_docs/kbn_core_plugins_server.mdx | 2 +- api_docs/kbn_core_plugins_server_mocks.mdx | 2 +- api_docs/kbn_core_preboot_server.mdx | 2 +- api_docs/kbn_core_preboot_server_mocks.mdx | 2 +- api_docs/kbn_core_rendering_browser_mocks.mdx | 2 +- .../kbn_core_rendering_server_internal.mdx | 2 +- api_docs/kbn_core_rendering_server_mocks.mdx | 2 +- api_docs/kbn_core_root_server_internal.mdx | 2 +- .../kbn_core_saved_objects_api_browser.mdx | 2 +- ...core_saved_objects_api_server.devdocs.json | 18 +- .../kbn_core_saved_objects_api_server.mdx | 2 +- ...bn_core_saved_objects_api_server_mocks.mdx | 2 +- ...ore_saved_objects_base_server_internal.mdx | 2 +- ...n_core_saved_objects_base_server_mocks.mdx | 2 +- api_docs/kbn_core_saved_objects_browser.mdx | 2 +- ...bn_core_saved_objects_browser_internal.mdx | 2 +- .../kbn_core_saved_objects_browser_mocks.mdx | 2 +- ...kbn_core_saved_objects_common.devdocs.json | 24 +-- api_docs/kbn_core_saved_objects_common.mdx | 2 +- ..._objects_import_export_server_internal.mdx | 2 +- ...ved_objects_import_export_server_mocks.mdx | 2 +- ...aved_objects_migration_server_internal.mdx | 2 +- ...e_saved_objects_migration_server_mocks.mdx | 2 +- ...kbn_core_saved_objects_server.devdocs.json | 18 +- api_docs/kbn_core_saved_objects_server.mdx | 2 +- ...kbn_core_saved_objects_server_internal.mdx | 2 +- .../kbn_core_saved_objects_server_mocks.mdx | 2 +- .../kbn_core_saved_objects_utils_server.mdx | 2 +- api_docs/kbn_core_security_browser.mdx | 2 +- .../kbn_core_security_browser_internal.mdx | 2 +- api_docs/kbn_core_security_browser_mocks.mdx | 2 +- api_docs/kbn_core_security_common.mdx | 2 +- api_docs/kbn_core_security_server.mdx | 2 +- .../kbn_core_security_server_internal.mdx | 2 +- api_docs/kbn_core_security_server_mocks.mdx | 2 +- api_docs/kbn_core_status_common.mdx | 2 +- api_docs/kbn_core_status_common_internal.mdx | 2 +- api_docs/kbn_core_status_server.mdx | 2 +- api_docs/kbn_core_status_server_internal.mdx | 2 +- api_docs/kbn_core_status_server_mocks.mdx | 2 +- ...core_test_helpers_deprecations_getters.mdx | 2 +- ...n_core_test_helpers_http_setup_browser.mdx | 2 +- api_docs/kbn_core_test_helpers_kbn_server.mdx | 2 +- .../kbn_core_test_helpers_model_versions.mdx | 2 +- ...n_core_test_helpers_so_type_serializer.mdx | 2 +- api_docs/kbn_core_test_helpers_test_utils.mdx | 2 +- api_docs/kbn_core_theme_browser.mdx | 2 +- api_docs/kbn_core_theme_browser_mocks.mdx | 2 +- api_docs/kbn_core_ui_settings_browser.mdx | 2 +- .../kbn_core_ui_settings_browser_internal.mdx | 2 +- .../kbn_core_ui_settings_browser_mocks.mdx | 2 +- api_docs/kbn_core_ui_settings_common.mdx | 2 +- api_docs/kbn_core_ui_settings_server.mdx | 2 +- .../kbn_core_ui_settings_server_internal.mdx | 2 +- .../kbn_core_ui_settings_server_mocks.mdx | 2 +- api_docs/kbn_core_usage_data_server.mdx | 2 +- .../kbn_core_usage_data_server_internal.mdx | 2 +- api_docs/kbn_core_usage_data_server_mocks.mdx | 2 +- api_docs/kbn_core_user_profile_browser.mdx | 2 +- ...kbn_core_user_profile_browser_internal.mdx | 2 +- .../kbn_core_user_profile_browser_mocks.mdx | 2 +- api_docs/kbn_core_user_profile_common.mdx | 2 +- api_docs/kbn_core_user_profile_server.mdx | 2 +- .../kbn_core_user_profile_server_internal.mdx | 2 +- .../kbn_core_user_profile_server_mocks.mdx | 2 +- api_docs/kbn_core_user_settings_server.mdx | 2 +- .../kbn_core_user_settings_server_mocks.mdx | 2 +- api_docs/kbn_crypto.mdx | 2 +- api_docs/kbn_crypto_browser.mdx | 2 +- api_docs/kbn_custom_icons.mdx | 2 +- api_docs/kbn_custom_integrations.mdx | 2 +- api_docs/kbn_cypress_config.mdx | 2 +- api_docs/kbn_data_forge.mdx | 2 +- api_docs/kbn_data_service.mdx | 2 +- api_docs/kbn_data_stream_adapter.mdx | 2 +- api_docs/kbn_data_view_utils.mdx | 2 +- api_docs/kbn_datemath.mdx | 2 +- api_docs/kbn_deeplinks_analytics.mdx | 2 +- api_docs/kbn_deeplinks_devtools.mdx | 2 +- api_docs/kbn_deeplinks_fleet.mdx | 2 +- api_docs/kbn_deeplinks_management.mdx | 2 +- api_docs/kbn_deeplinks_ml.mdx | 2 +- api_docs/kbn_deeplinks_observability.mdx | 2 +- api_docs/kbn_deeplinks_search.devdocs.json | 4 +- api_docs/kbn_deeplinks_search.mdx | 2 +- api_docs/kbn_deeplinks_security.mdx | 2 +- api_docs/kbn_deeplinks_shared.mdx | 2 +- api_docs/kbn_default_nav_analytics.mdx | 2 +- api_docs/kbn_default_nav_devtools.mdx | 2 +- api_docs/kbn_default_nav_management.mdx | 2 +- api_docs/kbn_default_nav_ml.mdx | 2 +- api_docs/kbn_dev_cli_errors.mdx | 2 +- api_docs/kbn_dev_cli_runner.mdx | 2 +- api_docs/kbn_dev_proc_runner.mdx | 2 +- api_docs/kbn_dev_utils.mdx | 2 +- api_docs/kbn_discover_utils.mdx | 2 +- api_docs/kbn_doc_links.mdx | 2 +- api_docs/kbn_docs_utils.mdx | 2 +- api_docs/kbn_dom_drag_drop.mdx | 2 +- api_docs/kbn_ebt_tools.mdx | 2 +- api_docs/kbn_ecs_data_quality_dashboard.mdx | 2 +- api_docs/kbn_elastic_agent_utils.mdx | 2 +- api_docs/kbn_elastic_assistant.mdx | 2 +- api_docs/kbn_elastic_assistant_common.mdx | 2 +- api_docs/kbn_entities_schema.devdocs.json | 19 +- api_docs/kbn_entities_schema.mdx | 4 +- api_docs/kbn_es.mdx | 2 +- api_docs/kbn_es_archiver.mdx | 2 +- api_docs/kbn_es_errors.mdx | 2 +- api_docs/kbn_es_query.mdx | 2 +- api_docs/kbn_es_types.mdx | 2 +- api_docs/kbn_eslint_plugin_imports.mdx | 2 +- api_docs/kbn_esql_ast.mdx | 2 +- api_docs/kbn_esql_editor.mdx | 2 +- api_docs/kbn_esql_utils.mdx | 2 +- api_docs/kbn_esql_validation_autocomplete.mdx | 2 +- api_docs/kbn_event_annotation_common.mdx | 2 +- api_docs/kbn_event_annotation_components.mdx | 2 +- api_docs/kbn_expandable_flyout.mdx | 2 +- api_docs/kbn_field_types.mdx | 2 +- api_docs/kbn_field_utils.mdx | 2 +- api_docs/kbn_find_used_node_modules.mdx | 2 +- api_docs/kbn_formatters.mdx | 2 +- .../kbn_ftr_common_functional_services.mdx | 2 +- .../kbn_ftr_common_functional_ui_services.mdx | 2 +- api_docs/kbn_generate.mdx | 2 +- api_docs/kbn_generate_console_definitions.mdx | 2 +- api_docs/kbn_generate_csv.mdx | 2 +- api_docs/kbn_grid_layout.mdx | 2 +- api_docs/kbn_grouping.mdx | 2 +- api_docs/kbn_guided_onboarding.mdx | 2 +- api_docs/kbn_handlebars.mdx | 2 +- api_docs/kbn_hapi_mocks.mdx | 2 +- api_docs/kbn_health_gateway_server.mdx | 2 +- api_docs/kbn_home_sample_data_card.mdx | 2 +- api_docs/kbn_home_sample_data_tab.mdx | 2 +- api_docs/kbn_i18n.mdx | 2 +- api_docs/kbn_i18n_react.mdx | 2 +- api_docs/kbn_import_resolver.mdx | 2 +- .../kbn_index_management_shared_types.mdx | 2 +- api_docs/kbn_inference_integration_flyout.mdx | 2 +- api_docs/kbn_infra_forge.mdx | 2 +- api_docs/kbn_interpreter.mdx | 2 +- .../kbn_investigation_shared.devdocs.json | 10 +- api_docs/kbn_investigation_shared.mdx | 2 +- api_docs/kbn_io_ts_utils.mdx | 2 +- api_docs/kbn_ipynb.mdx | 2 +- api_docs/kbn_item_buffer.mdx | 2 +- api_docs/kbn_jest_serializers.mdx | 2 +- api_docs/kbn_journeys.mdx | 2 +- api_docs/kbn_json_ast.mdx | 2 +- api_docs/kbn_json_schemas.mdx | 2 +- api_docs/kbn_kibana_manifest_schema.mdx | 2 +- api_docs/kbn_language_documentation.mdx | 2 +- api_docs/kbn_lens_embeddable_utils.mdx | 2 +- api_docs/kbn_lens_formula_docs.mdx | 2 +- api_docs/kbn_logging.mdx | 2 +- api_docs/kbn_logging_mocks.mdx | 2 +- api_docs/kbn_managed_content_badge.mdx | 2 +- api_docs/kbn_managed_vscode_config.mdx | 2 +- api_docs/kbn_management_cards_navigation.mdx | 2 +- .../kbn_management_settings_application.mdx | 2 +- ...ent_settings_components_field_category.mdx | 2 +- ...gement_settings_components_field_input.mdx | 2 +- ...nagement_settings_components_field_row.mdx | 2 +- ...bn_management_settings_components_form.mdx | 2 +- ...n_management_settings_field_definition.mdx | 2 +- api_docs/kbn_management_settings_ids.mdx | 2 +- ...n_management_settings_section_registry.mdx | 2 +- api_docs/kbn_management_settings_types.mdx | 2 +- .../kbn_management_settings_utilities.mdx | 2 +- api_docs/kbn_management_storybook_config.mdx | 2 +- api_docs/kbn_manifest.mdx | 2 +- api_docs/kbn_mapbox_gl.mdx | 2 +- api_docs/kbn_maps_vector_tile_utils.mdx | 2 +- api_docs/kbn_ml_agg_utils.mdx | 2 +- api_docs/kbn_ml_anomaly_utils.mdx | 2 +- api_docs/kbn_ml_cancellable_search.mdx | 2 +- api_docs/kbn_ml_category_validator.mdx | 2 +- api_docs/kbn_ml_chi2test.mdx | 2 +- .../kbn_ml_data_frame_analytics_utils.mdx | 2 +- api_docs/kbn_ml_data_grid.mdx | 2 +- api_docs/kbn_ml_date_picker.mdx | 2 +- api_docs/kbn_ml_date_utils.mdx | 2 +- api_docs/kbn_ml_error_utils.mdx | 2 +- api_docs/kbn_ml_field_stats_flyout.mdx | 2 +- api_docs/kbn_ml_in_memory_table.mdx | 2 +- api_docs/kbn_ml_is_defined.mdx | 2 +- api_docs/kbn_ml_is_populated_object.mdx | 2 +- api_docs/kbn_ml_kibana_theme.mdx | 2 +- api_docs/kbn_ml_local_storage.mdx | 2 +- api_docs/kbn_ml_nested_property.mdx | 2 +- api_docs/kbn_ml_number_utils.mdx | 2 +- api_docs/kbn_ml_parse_interval.mdx | 2 +- api_docs/kbn_ml_query_utils.mdx | 2 +- api_docs/kbn_ml_random_sampler_utils.mdx | 2 +- api_docs/kbn_ml_route_utils.mdx | 2 +- api_docs/kbn_ml_runtime_field_utils.mdx | 2 +- api_docs/kbn_ml_string_hash.mdx | 2 +- api_docs/kbn_ml_time_buckets.mdx | 2 +- api_docs/kbn_ml_trained_models_utils.mdx | 2 +- api_docs/kbn_ml_ui_actions.mdx | 2 +- api_docs/kbn_ml_url_state.mdx | 2 +- api_docs/kbn_ml_validators.mdx | 2 +- api_docs/kbn_mock_idp_utils.mdx | 2 +- api_docs/kbn_monaco.mdx | 2 +- api_docs/kbn_object_versioning.mdx | 2 +- api_docs/kbn_object_versioning_utils.mdx | 2 +- api_docs/kbn_observability_alert_details.mdx | 2 +- .../kbn_observability_alerting_rule_utils.mdx | 2 +- .../kbn_observability_alerting_test_data.mdx | 2 +- ...ility_get_padded_alert_time_range_util.mdx | 2 +- api_docs/kbn_observability_logs_overview.mdx | 2 +- ...kbn_observability_synthetics_test_data.mdx | 2 +- api_docs/kbn_openapi_bundler.mdx | 2 +- api_docs/kbn_openapi_generator.mdx | 2 +- api_docs/kbn_optimizer.mdx | 2 +- api_docs/kbn_optimizer_webpack_helpers.mdx | 2 +- api_docs/kbn_osquery_io_ts_types.mdx | 2 +- api_docs/kbn_panel_loader.mdx | 2 +- ..._performance_testing_dataset_extractor.mdx | 2 +- api_docs/kbn_plugin_check.mdx | 2 +- api_docs/kbn_plugin_generator.mdx | 2 +- api_docs/kbn_plugin_helpers.mdx | 2 +- api_docs/kbn_presentation_containers.mdx | 2 +- api_docs/kbn_presentation_publishing.mdx | 2 +- api_docs/kbn_product_doc_artifact_builder.mdx | 2 +- api_docs/kbn_profiling_utils.mdx | 2 +- api_docs/kbn_random_sampling.mdx | 2 +- api_docs/kbn_react_field.mdx | 2 +- api_docs/kbn_react_hooks.mdx | 2 +- api_docs/kbn_react_kibana_context_common.mdx | 2 +- api_docs/kbn_react_kibana_context_render.mdx | 2 +- api_docs/kbn_react_kibana_context_root.mdx | 2 +- api_docs/kbn_react_kibana_context_styled.mdx | 2 +- api_docs/kbn_react_kibana_context_theme.mdx | 2 +- api_docs/kbn_react_kibana_mount.mdx | 2 +- api_docs/kbn_recently_accessed.mdx | 2 +- api_docs/kbn_repo_file_maps.mdx | 2 +- api_docs/kbn_repo_linter.mdx | 2 +- api_docs/kbn_repo_path.mdx | 2 +- api_docs/kbn_repo_source_classifier.mdx | 2 +- api_docs/kbn_reporting_common.mdx | 2 +- api_docs/kbn_reporting_csv_share_panel.mdx | 2 +- api_docs/kbn_reporting_export_types_csv.mdx | 2 +- .../kbn_reporting_export_types_csv_common.mdx | 2 +- api_docs/kbn_reporting_export_types_pdf.mdx | 2 +- .../kbn_reporting_export_types_pdf_common.mdx | 2 +- api_docs/kbn_reporting_export_types_png.mdx | 2 +- .../kbn_reporting_export_types_png_common.mdx | 2 +- api_docs/kbn_reporting_mocks_server.mdx | 2 +- api_docs/kbn_reporting_public.mdx | 2 +- api_docs/kbn_reporting_server.mdx | 2 +- api_docs/kbn_resizable_layout.mdx | 2 +- .../kbn_response_ops_feature_flag_service.mdx | 2 +- .../kbn_response_ops_rule_params.devdocs.json | 177 ++++++++++++++++++ api_docs/kbn_response_ops_rule_params.mdx | 33 ++++ api_docs/kbn_rison.mdx | 2 +- api_docs/kbn_rollup.mdx | 2 +- api_docs/kbn_router_to_openapispec.mdx | 2 +- api_docs/kbn_router_utils.mdx | 2 +- api_docs/kbn_rrule.mdx | 2 +- api_docs/kbn_rule_data_utils.devdocs.json | 30 +++ api_docs/kbn_rule_data_utils.mdx | 4 +- api_docs/kbn_saved_objects_settings.mdx | 2 +- api_docs/kbn_screenshotting_server.mdx | 2 +- api_docs/kbn_search_api_keys_components.mdx | 2 +- api_docs/kbn_search_api_keys_server.mdx | 2 +- api_docs/kbn_search_api_panels.mdx | 2 +- api_docs/kbn_search_connectors.mdx | 2 +- api_docs/kbn_search_errors.mdx | 2 +- api_docs/kbn_search_index_documents.mdx | 2 +- api_docs/kbn_search_response_warnings.mdx | 2 +- api_docs/kbn_search_shared_ui.mdx | 2 +- api_docs/kbn_search_types.mdx | 2 +- api_docs/kbn_security_api_key_management.mdx | 2 +- api_docs/kbn_security_authorization_core.mdx | 2 +- ...kbn_security_authorization_core_common.mdx | 2 +- api_docs/kbn_security_form_components.mdx | 2 +- api_docs/kbn_security_hardening.mdx | 2 +- api_docs/kbn_security_plugin_types_common.mdx | 2 +- api_docs/kbn_security_plugin_types_public.mdx | 2 +- api_docs/kbn_security_plugin_types_server.mdx | 2 +- .../kbn_security_role_management_model.mdx | 2 +- api_docs/kbn_security_solution_common.mdx | 2 +- ...kbn_security_solution_distribution_bar.mdx | 2 +- api_docs/kbn_security_solution_features.mdx | 2 +- api_docs/kbn_security_solution_navigation.mdx | 2 +- ...bn_security_solution_side_nav.devdocs.json | 16 -- api_docs/kbn_security_solution_side_nav.mdx | 4 +- ...kbn_security_solution_storybook_config.mdx | 2 +- api_docs/kbn_security_ui_components.mdx | 2 +- .../kbn_securitysolution_autocomplete.mdx | 2 +- api_docs/kbn_securitysolution_data_table.mdx | 2 +- api_docs/kbn_securitysolution_ecs.mdx | 2 +- api_docs/kbn_securitysolution_es_utils.mdx | 2 +- ...ritysolution_exception_list_components.mdx | 2 +- api_docs/kbn_securitysolution_hook_utils.mdx | 2 +- ..._securitysolution_io_ts_alerting_types.mdx | 2 +- .../kbn_securitysolution_io_ts_list_types.mdx | 2 +- api_docs/kbn_securitysolution_io_ts_types.mdx | 2 +- api_docs/kbn_securitysolution_io_ts_utils.mdx | 2 +- api_docs/kbn_securitysolution_list_api.mdx | 2 +- .../kbn_securitysolution_list_constants.mdx | 2 +- api_docs/kbn_securitysolution_list_hooks.mdx | 2 +- api_docs/kbn_securitysolution_list_utils.mdx | 2 +- api_docs/kbn_securitysolution_rules.mdx | 2 +- api_docs/kbn_securitysolution_t_grid.mdx | 2 +- api_docs/kbn_securitysolution_utils.mdx | 2 +- api_docs/kbn_server_http_tools.mdx | 2 +- api_docs/kbn_server_route_repository.mdx | 2 +- .../kbn_server_route_repository_client.mdx | 2 +- .../kbn_server_route_repository_utils.mdx | 2 +- api_docs/kbn_serverless_common_settings.mdx | 2 +- .../kbn_serverless_observability_settings.mdx | 2 +- api_docs/kbn_serverless_project_switcher.mdx | 2 +- api_docs/kbn_serverless_search_settings.mdx | 2 +- api_docs/kbn_serverless_security_settings.mdx | 2 +- api_docs/kbn_serverless_storybook_config.mdx | 2 +- api_docs/kbn_shared_svg.mdx | 2 +- api_docs/kbn_shared_ux_avatar_solution.mdx | 2 +- .../kbn_shared_ux_button_exit_full_screen.mdx | 2 +- api_docs/kbn_shared_ux_button_toolbar.mdx | 2 +- api_docs/kbn_shared_ux_card_no_data.mdx | 2 +- api_docs/kbn_shared_ux_card_no_data_mocks.mdx | 2 +- api_docs/kbn_shared_ux_chrome_navigation.mdx | 2 +- api_docs/kbn_shared_ux_error_boundary.mdx | 2 +- api_docs/kbn_shared_ux_file_context.mdx | 2 +- api_docs/kbn_shared_ux_file_image.mdx | 2 +- api_docs/kbn_shared_ux_file_image_mocks.mdx | 2 +- api_docs/kbn_shared_ux_file_mocks.mdx | 2 +- api_docs/kbn_shared_ux_file_picker.mdx | 2 +- api_docs/kbn_shared_ux_file_types.mdx | 2 +- api_docs/kbn_shared_ux_file_upload.mdx | 2 +- api_docs/kbn_shared_ux_file_util.mdx | 2 +- api_docs/kbn_shared_ux_link_redirect_app.mdx | 2 +- .../kbn_shared_ux_link_redirect_app_mocks.mdx | 2 +- api_docs/kbn_shared_ux_markdown.mdx | 2 +- api_docs/kbn_shared_ux_markdown_mocks.mdx | 2 +- .../kbn_shared_ux_page_analytics_no_data.mdx | 2 +- ...shared_ux_page_analytics_no_data_mocks.mdx | 2 +- .../kbn_shared_ux_page_kibana_no_data.mdx | 2 +- ...bn_shared_ux_page_kibana_no_data_mocks.mdx | 2 +- .../kbn_shared_ux_page_kibana_template.mdx | 2 +- ...n_shared_ux_page_kibana_template_mocks.mdx | 2 +- api_docs/kbn_shared_ux_page_no_data.mdx | 2 +- .../kbn_shared_ux_page_no_data_config.mdx | 2 +- ...bn_shared_ux_page_no_data_config_mocks.mdx | 2 +- api_docs/kbn_shared_ux_page_no_data_mocks.mdx | 2 +- api_docs/kbn_shared_ux_page_solution_nav.mdx | 2 +- .../kbn_shared_ux_prompt_no_data_views.mdx | 2 +- ...n_shared_ux_prompt_no_data_views_mocks.mdx | 2 +- api_docs/kbn_shared_ux_prompt_not_found.mdx | 2 +- api_docs/kbn_shared_ux_router.mdx | 2 +- api_docs/kbn_shared_ux_router_mocks.mdx | 2 +- api_docs/kbn_shared_ux_storybook_config.mdx | 2 +- api_docs/kbn_shared_ux_storybook_mock.mdx | 2 +- api_docs/kbn_shared_ux_tabbed_modal.mdx | 2 +- api_docs/kbn_shared_ux_table_persist.mdx | 2 +- api_docs/kbn_shared_ux_utility.mdx | 2 +- api_docs/kbn_slo_schema.mdx | 2 +- api_docs/kbn_some_dev_log.mdx | 2 +- api_docs/kbn_sort_predicates.mdx | 2 +- api_docs/kbn_sse_utils.mdx | 2 +- api_docs/kbn_sse_utils_client.mdx | 2 +- api_docs/kbn_sse_utils_server.mdx | 2 +- api_docs/kbn_std.mdx | 2 +- api_docs/kbn_stdio_dev_helpers.mdx | 2 +- api_docs/kbn_storybook.mdx | 2 +- api_docs/kbn_synthetics_e2e.mdx | 2 +- api_docs/kbn_synthetics_private_location.mdx | 2 +- api_docs/kbn_telemetry_tools.mdx | 2 +- api_docs/kbn_test.mdx | 2 +- api_docs/kbn_test_eui_helpers.mdx | 2 +- api_docs/kbn_test_jest_helpers.mdx | 2 +- api_docs/kbn_test_subj_selector.mdx | 2 +- api_docs/kbn_timerange.mdx | 2 +- api_docs/kbn_tooling_log.mdx | 2 +- api_docs/kbn_triggers_actions_ui_types.mdx | 2 +- api_docs/kbn_try_in_console.mdx | 2 +- api_docs/kbn_ts_projects.mdx | 2 +- api_docs/kbn_typed_react_router_config.mdx | 2 +- api_docs/kbn_ui_actions_browser.mdx | 2 +- api_docs/kbn_ui_shared_deps_src.mdx | 2 +- api_docs/kbn_ui_theme.mdx | 2 +- api_docs/kbn_unified_data_table.mdx | 2 +- api_docs/kbn_unified_doc_viewer.mdx | 2 +- api_docs/kbn_unified_field_list.mdx | 2 +- api_docs/kbn_unsaved_changes_badge.mdx | 2 +- api_docs/kbn_unsaved_changes_prompt.mdx | 2 +- api_docs/kbn_use_tracked_promise.mdx | 2 +- api_docs/kbn_user_profile_components.mdx | 2 +- api_docs/kbn_utility_types.mdx | 2 +- api_docs/kbn_utility_types_jest.mdx | 2 +- api_docs/kbn_utils.mdx | 2 +- api_docs/kbn_visualization_ui_components.mdx | 2 +- api_docs/kbn_visualization_utils.mdx | 2 +- api_docs/kbn_xstate_utils.mdx | 2 +- api_docs/kbn_yarn_lock_validator.mdx | 2 +- api_docs/kbn_zod.mdx | 2 +- api_docs/kbn_zod_helpers.mdx | 2 +- api_docs/kibana_overview.mdx | 2 +- api_docs/kibana_react.mdx | 2 +- api_docs/kibana_utils.mdx | 2 +- api_docs/kubernetes_security.mdx | 2 +- api_docs/lens.mdx | 2 +- api_docs/license_api_guard.mdx | 2 +- api_docs/license_management.mdx | 2 +- api_docs/licensing.mdx | 2 +- api_docs/links.mdx | 2 +- api_docs/lists.mdx | 2 +- api_docs/logs_data_access.mdx | 2 +- api_docs/logs_explorer.mdx | 2 +- api_docs/logs_shared.mdx | 2 +- api_docs/management.mdx | 2 +- api_docs/maps.mdx | 2 +- api_docs/maps_ems.mdx | 2 +- api_docs/metrics_data_access.mdx | 2 +- api_docs/ml.mdx | 2 +- api_docs/mock_idp_plugin.mdx | 2 +- api_docs/monitoring.mdx | 2 +- api_docs/monitoring_collection.mdx | 2 +- api_docs/navigation.mdx | 2 +- api_docs/newsfeed.mdx | 2 +- api_docs/no_data_page.mdx | 2 +- api_docs/notifications.mdx | 2 +- api_docs/observability.mdx | 2 +- api_docs/observability_a_i_assistant.mdx | 2 +- api_docs/observability_a_i_assistant_app.mdx | 2 +- .../observability_ai_assistant_management.mdx | 2 +- api_docs/observability_logs_explorer.mdx | 2 +- api_docs/observability_onboarding.mdx | 2 +- api_docs/observability_shared.devdocs.json | 10 +- api_docs/observability_shared.mdx | 2 +- api_docs/osquery.mdx | 2 +- api_docs/painless_lab.mdx | 2 +- api_docs/plugin_directory.mdx | 19 +- api_docs/presentation_panel.mdx | 2 +- api_docs/presentation_util.mdx | 2 +- api_docs/profiling.mdx | 2 +- api_docs/profiling_data_access.mdx | 2 +- api_docs/remote_clusters.mdx | 2 +- api_docs/reporting.mdx | 2 +- api_docs/rollup.mdx | 2 +- api_docs/rule_registry.mdx | 2 +- api_docs/runtime_fields.mdx | 2 +- api_docs/saved_objects.devdocs.json | 16 +- api_docs/saved_objects.mdx | 2 +- api_docs/saved_objects_finder.mdx | 2 +- api_docs/saved_objects_management.mdx | 2 +- api_docs/saved_objects_tagging.mdx | 2 +- api_docs/saved_objects_tagging_oss.mdx | 2 +- api_docs/saved_search.mdx | 2 +- api_docs/screenshot_mode.mdx | 2 +- api_docs/screenshotting.mdx | 2 +- api_docs/search_assistant.mdx | 2 +- api_docs/search_connectors.mdx | 2 +- api_docs/search_homepage.mdx | 2 +- api_docs/search_indices.devdocs.json | 2 +- api_docs/search_indices.mdx | 2 +- api_docs/search_inference_endpoints.mdx | 2 +- api_docs/search_notebooks.mdx | 2 +- api_docs/search_playground.mdx | 2 +- api_docs/security.mdx | 2 +- api_docs/security_solution.mdx | 2 +- api_docs/security_solution_ess.mdx | 2 +- api_docs/security_solution_serverless.mdx | 2 +- api_docs/serverless.mdx | 2 +- api_docs/serverless_observability.mdx | 2 +- api_docs/serverless_search.mdx | 2 +- api_docs/session_view.mdx | 2 +- api_docs/share.devdocs.json | 14 ++ api_docs/share.mdx | 4 +- api_docs/slo.mdx | 2 +- api_docs/snapshot_restore.mdx | 2 +- api_docs/spaces.mdx | 2 +- api_docs/stack_alerts.mdx | 2 +- api_docs/stack_connectors.mdx | 2 +- api_docs/task_manager.mdx | 2 +- api_docs/telemetry.mdx | 2 +- api_docs/telemetry_collection_manager.mdx | 2 +- api_docs/telemetry_collection_xpack.mdx | 2 +- api_docs/telemetry_management_section.mdx | 2 +- api_docs/threat_intelligence.mdx | 2 +- api_docs/timelines.mdx | 2 +- api_docs/transform.mdx | 2 +- api_docs/triggers_actions_ui.mdx | 2 +- api_docs/ui_actions.mdx | 2 +- api_docs/ui_actions_enhanced.mdx | 2 +- api_docs/unified_doc_viewer.mdx | 2 +- api_docs/unified_histogram.mdx | 2 +- api_docs/unified_search.mdx | 2 +- api_docs/unified_search_autocomplete.mdx | 2 +- api_docs/uptime.mdx | 2 +- api_docs/url_forwarding.mdx | 2 +- api_docs/usage_collection.mdx | 2 +- api_docs/ux.mdx | 2 +- api_docs/vis_default_editor.mdx | 2 +- api_docs/vis_type_gauge.mdx | 2 +- api_docs/vis_type_heatmap.mdx | 2 +- api_docs/vis_type_pie.mdx | 2 +- api_docs/vis_type_table.mdx | 2 +- api_docs/vis_type_timelion.mdx | 2 +- api_docs/vis_type_timeseries.mdx | 2 +- api_docs/vis_type_vega.mdx | 2 +- api_docs/vis_type_vislib.mdx | 2 +- api_docs/vis_type_xy.mdx | 2 +- api_docs/visualizations.mdx | 2 +- 776 files changed, 1193 insertions(+), 890 deletions(-) create mode 100644 api_docs/kbn_response_ops_rule_params.devdocs.json create mode 100644 api_docs/kbn_response_ops_rule_params.mdx diff --git a/api_docs/actions.devdocs.json b/api_docs/actions.devdocs.json index f3a3f95a0ad77..d93ecea54b849 100644 --- a/api_docs/actions.devdocs.json +++ b/api_docs/actions.devdocs.json @@ -3804,9 +3804,9 @@ "section": "def-common.ActionTypeExecutorResult", "text": "ActionTypeExecutorResult" }, - ">; create: ({ action: { actionTypeId, name, config, secrets }, options, }: ", - "CreateOptions", - ") => Promise<", + ">; create: ({ action, options, }: Omit<", + "ConnectorCreateParams", + ", \"context\">) => Promise<", "Connector", ">; update: ({ id, action, }: Pick<", "ConnectorUpdateParams", @@ -5014,6 +5014,39 @@ "returnComment": [], "initialIsOpen": false }, + { + "parentPluginId": "actions", + "id": "def-common.validateEmptyStrings", + "type": "Function", + "tags": [], + "label": "validateEmptyStrings", + "description": [], + "signature": [ + "(value: unknown) => void" + ], + "path": "x-pack/plugins/actions/common/validate_empty_strings.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "actions", + "id": "def-common.validateEmptyStrings.$1", + "type": "Unknown", + "tags": [], + "label": "value", + "description": [], + "signature": [ + "unknown" + ], + "path": "x-pack/plugins/actions/common/validate_empty_strings.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, { "parentPluginId": "actions", "id": "def-common.withoutMustacheTemplate", diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx index 086dc91b415e8..a49c423172348 100644 --- a/api_docs/actions.mdx +++ b/api_docs/actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions title: "actions" image: https://source.unsplash.com/400x175/?github description: API docs for the actions plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions'] --- import actionsObj from './actions.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-o | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 320 | 0 | 314 | 37 | +| 322 | 0 | 316 | 37 | ## Client diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx index 094bdec905469..ff62d1b2a4bbd 100644 --- a/api_docs/advanced_settings.mdx +++ b/api_docs/advanced_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings title: "advancedSettings" image: https://source.unsplash.com/400x175/?github description: API docs for the advancedSettings plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings'] --- import advancedSettingsObj from './advanced_settings.devdocs.json'; diff --git a/api_docs/ai_assistant_management_selection.mdx b/api_docs/ai_assistant_management_selection.mdx index 41ac77f84104b..756105b5a1908 100644 --- a/api_docs/ai_assistant_management_selection.mdx +++ b/api_docs/ai_assistant_management_selection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiAssistantManagementSelection title: "aiAssistantManagementSelection" image: https://source.unsplash.com/400x175/?github description: API docs for the aiAssistantManagementSelection plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiAssistantManagementSelection'] --- import aiAssistantManagementSelectionObj from './ai_assistant_management_selection.devdocs.json'; diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx index 17d1ceee9d7ff..48c1e2b19f79b 100644 --- a/api_docs/aiops.mdx +++ b/api_docs/aiops.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops title: "aiops" image: https://source.unsplash.com/400x175/?github description: API docs for the aiops plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops'] --- import aiopsObj from './aiops.devdocs.json'; diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx index b83d5f9c750cc..47142887fa805 100644 --- a/api_docs/alerting.mdx +++ b/api_docs/alerting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting title: "alerting" image: https://source.unsplash.com/400x175/?github description: API docs for the alerting plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting'] --- import alertingObj from './alerting.devdocs.json'; diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx index a112234127df2..e75feac606bd1 100644 --- a/api_docs/apm.mdx +++ b/api_docs/apm.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm title: "apm" image: https://source.unsplash.com/400x175/?github description: API docs for the apm plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm'] --- import apmObj from './apm.devdocs.json'; diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx index 339ebaf4f5389..07df3f6fa8c5b 100644 --- a/api_docs/apm_data_access.mdx +++ b/api_docs/apm_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess title: "apmDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the apmDataAccess plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess'] --- import apmDataAccessObj from './apm_data_access.devdocs.json'; diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx index 8d2ee365061c6..302118326c78a 100644 --- a/api_docs/banners.mdx +++ b/api_docs/banners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners title: "banners" image: https://source.unsplash.com/400x175/?github description: API docs for the banners plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners'] --- import bannersObj from './banners.devdocs.json'; diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx index 9662a90c22627..09ce66160bfd5 100644 --- a/api_docs/bfetch.mdx +++ b/api_docs/bfetch.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch title: "bfetch" image: https://source.unsplash.com/400x175/?github description: API docs for the bfetch plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch'] --- import bfetchObj from './bfetch.devdocs.json'; diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx index 433bd281157ca..36b47bb7f8bcf 100644 --- a/api_docs/canvas.mdx +++ b/api_docs/canvas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas title: "canvas" image: https://source.unsplash.com/400x175/?github description: API docs for the canvas plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas'] --- import canvasObj from './canvas.devdocs.json'; diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx index 2213f517514f7..fa3cac359fc2c 100644 --- a/api_docs/cases.mdx +++ b/api_docs/cases.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases title: "cases" image: https://source.unsplash.com/400x175/?github description: API docs for the cases plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases'] --- import casesObj from './cases.devdocs.json'; diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx index 315f75c88443a..180097fe56d30 100644 --- a/api_docs/charts.mdx +++ b/api_docs/charts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts title: "charts" image: https://source.unsplash.com/400x175/?github description: API docs for the charts plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts'] --- import chartsObj from './charts.devdocs.json'; diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx index 536dd23ea5078..b7558e9167aa9 100644 --- a/api_docs/cloud.mdx +++ b/api_docs/cloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud title: "cloud" image: https://source.unsplash.com/400x175/?github description: API docs for the cloud plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud'] --- import cloudObj from './cloud.devdocs.json'; diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx index 36bec7ada0161..64aee2e82c03d 100644 --- a/api_docs/cloud_data_migration.mdx +++ b/api_docs/cloud_data_migration.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration title: "cloudDataMigration" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDataMigration plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration'] --- import cloudDataMigrationObj from './cloud_data_migration.devdocs.json'; diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx index 42a532fd51356..bc087e97f247c 100644 --- a/api_docs/cloud_defend.mdx +++ b/api_docs/cloud_defend.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend title: "cloudDefend" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDefend plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend'] --- import cloudDefendObj from './cloud_defend.devdocs.json'; diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx index de8694bc100a8..cfb0dde9e416d 100644 --- a/api_docs/cloud_security_posture.mdx +++ b/api_docs/cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture title: "cloudSecurityPosture" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudSecurityPosture plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture'] --- import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json'; diff --git a/api_docs/console.mdx b/api_docs/console.mdx index ab22dfa3eb524..caff30aa86d4e 100644 --- a/api_docs/console.mdx +++ b/api_docs/console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console title: "console" image: https://source.unsplash.com/400x175/?github description: API docs for the console plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console'] --- import consoleObj from './console.devdocs.json'; diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx index 3e7ac9aefea9e..40017b429d4d3 100644 --- a/api_docs/content_management.mdx +++ b/api_docs/content_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement title: "contentManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the contentManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement'] --- import contentManagementObj from './content_management.devdocs.json'; diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx index ad588bedc7bcc..0f9868a9036b1 100644 --- a/api_docs/controls.mdx +++ b/api_docs/controls.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls title: "controls" image: https://source.unsplash.com/400x175/?github description: API docs for the controls plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls'] --- import controlsObj from './controls.devdocs.json'; diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx index 241e70a6701f6..a9bf6349b0641 100644 --- a/api_docs/custom_integrations.mdx +++ b/api_docs/custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations title: "customIntegrations" image: https://source.unsplash.com/400x175/?github description: API docs for the customIntegrations plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations'] --- import customIntegrationsObj from './custom_integrations.devdocs.json'; diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx index f296e4bcf45fe..b2bd33c80faad 100644 --- a/api_docs/dashboard.mdx +++ b/api_docs/dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard title: "dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboard plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard'] --- import dashboardObj from './dashboard.devdocs.json'; diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx index b6e253bdeac20..a65c8143c45b2 100644 --- a/api_docs/dashboard_enhanced.mdx +++ b/api_docs/dashboard_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced title: "dashboardEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboardEnhanced plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced'] --- import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json'; diff --git a/api_docs/data.mdx b/api_docs/data.mdx index c2c1e120912d9..d873cc7f4efb7 100644 --- a/api_docs/data.mdx +++ b/api_docs/data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data title: "data" image: https://source.unsplash.com/400x175/?github description: API docs for the data plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data'] --- import dataObj from './data.devdocs.json'; diff --git a/api_docs/data_quality.mdx b/api_docs/data_quality.mdx index 3c8a78f752e00..0065e2a6f6d5e 100644 --- a/api_docs/data_quality.mdx +++ b/api_docs/data_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataQuality title: "dataQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the dataQuality plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataQuality'] --- import dataQualityObj from './data_quality.devdocs.json'; diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx index 47dfc97f200df..ca44d49059d16 100644 --- a/api_docs/data_query.mdx +++ b/api_docs/data_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query title: "data.query" image: https://source.unsplash.com/400x175/?github description: API docs for the data.query plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query'] --- import dataQueryObj from './data_query.devdocs.json'; diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx index a01ba05a09591..7e99d3af89836 100644 --- a/api_docs/data_search.mdx +++ b/api_docs/data_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search title: "data.search" image: https://source.unsplash.com/400x175/?github description: API docs for the data.search plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search'] --- import dataSearchObj from './data_search.devdocs.json'; diff --git a/api_docs/data_usage.mdx b/api_docs/data_usage.mdx index b651ab5e4e5a0..237ae559cf4d1 100644 --- a/api_docs/data_usage.mdx +++ b/api_docs/data_usage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataUsage title: "dataUsage" image: https://source.unsplash.com/400x175/?github description: API docs for the dataUsage plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataUsage'] --- import dataUsageObj from './data_usage.devdocs.json'; diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx index 857413c5dc8eb..e2453bc3d86da 100644 --- a/api_docs/data_view_editor.mdx +++ b/api_docs/data_view_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor title: "dataViewEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewEditor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor'] --- import dataViewEditorObj from './data_view_editor.devdocs.json'; diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx index ad62738c38e82..8c0a8ed40c542 100644 --- a/api_docs/data_view_field_editor.mdx +++ b/api_docs/data_view_field_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor title: "dataViewFieldEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewFieldEditor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor'] --- import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json'; diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx index ec29d2f07d6c2..284c2e8ee4a18 100644 --- a/api_docs/data_view_management.mdx +++ b/api_docs/data_view_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement title: "dataViewManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement'] --- import dataViewManagementObj from './data_view_management.devdocs.json'; diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx index 402b8ebb7d47c..0864197e33ed0 100644 --- a/api_docs/data_views.mdx +++ b/api_docs/data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews title: "dataViews" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViews plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews'] --- import dataViewsObj from './data_views.devdocs.json'; diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx index 6ef2c39902ba1..c556ba10fb53d 100644 --- a/api_docs/data_visualizer.mdx +++ b/api_docs/data_visualizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer title: "dataVisualizer" image: https://source.unsplash.com/400x175/?github description: API docs for the dataVisualizer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer'] --- import dataVisualizerObj from './data_visualizer.devdocs.json'; diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx index e1b82c70171f5..7a045e1655b15 100644 --- a/api_docs/dataset_quality.mdx +++ b/api_docs/dataset_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality title: "datasetQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the datasetQuality plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality'] --- import datasetQualityObj from './dataset_quality.devdocs.json'; diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx index 6e1af31607b8d..f40dfe4df4086 100644 --- a/api_docs/deprecations_by_api.mdx +++ b/api_docs/deprecations_by_api.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api title: Deprecated API usage by API description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -48,7 +48,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | securitySolution | - | | | @kbn/core-saved-objects-api-browser, @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-api-server-internal, @kbn/core-saved-objects-import-export-server-internal, @kbn/core-saved-objects-server-internal, @kbn/core-saved-objects-browser-mocks, fleet, graph, lists, osquery, securitySolution, alerting | - | | | @kbn/core-saved-objects-common, @kbn/core-saved-objects-server, @kbn/core, @kbn/alerting-types, alerting, actions, savedSearch, canvas, enterpriseSearch, securitySolution, taskManager, @kbn/core-saved-objects-server-internal, @kbn/core-saved-objects-api-server | - | -| | @kbn/core-saved-objects-api-browser, @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-api-server, @kbn/core, home, savedObjectsTagging, canvas, savedObjects, savedObjectsTaggingOss, lists, securitySolution, upgradeAssistant, savedObjectsManagement, @kbn/core-saved-objects-import-export-server-internal, @kbn/core-saved-objects-browser-mocks, @kbn/core-ui-settings-server-internal | - | +| | @kbn/core-saved-objects-api-browser, @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-api-server, @kbn/core, savedObjectsTagging, home, canvas, savedObjects, savedObjectsTaggingOss, lists, securitySolution, upgradeAssistant, savedObjectsManagement, @kbn/core-saved-objects-import-export-server-internal, @kbn/core-saved-objects-browser-mocks, @kbn/core-ui-settings-server-internal | - | | | @kbn/core-saved-objects-migration-server-internal, dataViews, actions, data, alerting, lens, cases, savedSearch, canvas, savedObjectsTagging, graph, lists, maps, visualizations, securitySolution, dashboard, @kbn/core-test-helpers-so-type-serializer | - | | | @kbn/esql-utils, @kbn/securitysolution-utils, securitySolution | - | | | security, securitySolution, cloudLinks, cases | - | @@ -128,10 +128,10 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | spaces, savedObjectsManagement | - | | | unifiedSearch | - | | | unifiedSearch | - | -| | dashboard, lens, canvas | - | +| | lens, dashboard, canvas | - | | | lens | - | | | lens | - | -| | dashboard, lens, investigateApp | - | +| | lens, dashboard, investigateApp | - | | | @kbn/core, lens, savedObjects | - | | | canvas | - | | | canvas | - | @@ -180,7 +180,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | fleet, apm, security, securitySolution | 8.8.0 | | | fleet, apm, security, securitySolution | 8.8.0 | | | spaces, @kbn/security-authorization-core, security, alerting, cases, @kbn/security-role-management-model | 8.8.0 | -| | embeddable, presentationUtil, dashboard, lens, discover, graph, links | 8.8.0 | +| | embeddable, presentationUtil, lens, dashboard, discover, graph, links | 8.8.0 | | | security, @kbn/security-role-management-model | 8.8.0 | | | apm | 8.8.0 | | | security | 8.8.0 diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx index f5d2a6fcded41..fed25b9f32c17 100644 --- a/api_docs/deprecations_by_plugin.mdx +++ b/api_docs/deprecations_by_plugin.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin title: Deprecated API usage by plugin description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -511,7 +511,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [plugin.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/plugin.ts#:~:text=license%24), [license_state.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/lib/license_state.test.ts#:~:text=license%24), [license_state.test.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/lib/license_state.test.ts#:~:text=license%24) | 8.8.0 | | | [plugin.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/plugin.ts#:~:text=authz) | - | | | [plugin.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/plugin.ts#:~:text=index) | - | -| | [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/types/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/types/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/types/types.ts#:~:text=SavedObjectAttributes), [update.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/update.ts#:~:text=SavedObjectAttributes), [update.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/update.ts#:~:text=SavedObjectAttributes), [update.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/update.ts#:~:text=SavedObjectAttributes), [actions_client.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/actions_client/actions_client.ts#:~:text=SavedObjectAttributes)+ 14 more | - | +| | [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/types/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/types/types.ts#:~:text=SavedObjectAttributes), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/types/types.ts#:~:text=SavedObjectAttributes), [update.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/application/connector/methods/update/update.ts#:~:text=SavedObjectAttributes)+ 20 more | - | | | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/saved_objects/index.ts#:~:text=migrations), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/saved_objects/index.ts#:~:text=migrations) | - | | | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/saved_objects/index.ts#:~:text=convertToMultiNamespaceTypeVersion), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/saved_objects/index.ts#:~:text=convertToMultiNamespaceTypeVersion) | - | | | [plugin.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/plugin.ts#:~:text=audit), [plugin.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/server/plugin.ts#:~:text=audit) | - | diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx index 720346e389d94..ac584066eadcc 100644 --- a/api_docs/deprecations_by_team.mdx +++ b/api_docs/deprecations_by_team.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam slug: /kibana-dev-docs/api-meta/deprecations-due-by-team title: Deprecated APIs due to be removed, by team description: Lists the teams that are referencing deprecated APIs with a remove by date. -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx index b1d46f78733f6..85dd600914163 100644 --- a/api_docs/dev_tools.mdx +++ b/api_docs/dev_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools title: "devTools" image: https://source.unsplash.com/400x175/?github description: API docs for the devTools plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools'] --- import devToolsObj from './dev_tools.devdocs.json'; diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx index 35a9dc5f815e8..62abae585dbd1 100644 --- a/api_docs/discover.mdx +++ b/api_docs/discover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover title: "discover" image: https://source.unsplash.com/400x175/?github description: API docs for the discover plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover'] --- import discoverObj from './discover.devdocs.json'; diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx index cdec938f3cdde..833bdf4819004 100644 --- a/api_docs/discover_enhanced.mdx +++ b/api_docs/discover_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced title: "discoverEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverEnhanced plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced'] --- import discoverEnhancedObj from './discover_enhanced.devdocs.json'; diff --git a/api_docs/discover_shared.mdx b/api_docs/discover_shared.mdx index ed34c9b7d26b0..813a3771168b8 100644 --- a/api_docs/discover_shared.mdx +++ b/api_docs/discover_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverShared title: "discoverShared" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverShared plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverShared'] --- import discoverSharedObj from './discover_shared.devdocs.json'; diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx index 4642fd072ef04..2fe07075f57bd 100644 --- a/api_docs/ecs_data_quality_dashboard.mdx +++ b/api_docs/ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard title: "ecsDataQualityDashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the ecsDataQualityDashboard plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard'] --- import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx index 5722396a73f0d..53aa63bb34677 100644 --- a/api_docs/elastic_assistant.mdx +++ b/api_docs/elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant title: "elasticAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the elasticAssistant plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant'] --- import elasticAssistantObj from './elastic_assistant.devdocs.json'; diff --git a/api_docs/embeddable.devdocs.json b/api_docs/embeddable.devdocs.json index 6632c89f16408..07af1a6da01b0 100644 --- a/api_docs/embeddable.devdocs.json +++ b/api_docs/embeddable.devdocs.json @@ -7998,14 +7998,6 @@ "deprecated": true, "trackAdoption": false, "references": [ - { - "plugin": "dashboard", - "path": "src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx" - }, - { - "plugin": "dashboard", - "path": "src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx" - }, { "plugin": "lens", "path": "x-pack/plugins/lens/public/embeddable/embeddable_component.tsx" @@ -8014,6 +8006,14 @@ "plugin": "lens", "path": "x-pack/plugins/lens/public/embeddable/embeddable_component.tsx" }, + { + "plugin": "dashboard", + "path": "src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx" + }, + { + "plugin": "dashboard", + "path": "src/plugins/dashboard/public/dashboard_container/component/grid/dashboard_grid_item.tsx" + }, { "plugin": "canvas", "path": "x-pack/plugins/canvas/canvas_plugin_src/renderers/embeddable/embeddable.tsx" @@ -14866,6 +14866,10 @@ "deprecated": true, "trackAdoption": false, "references": [ + { + "plugin": "lens", + "path": "x-pack/plugins/lens/public/embeddable/embeddable_component.tsx" + }, { "plugin": "dashboard", "path": "src/plugins/dashboard/public/services/dashboard_content_management_service/lib/migrate_dashboard_input.ts" @@ -14878,10 +14882,6 @@ "plugin": "dashboard", "path": "src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx" }, - { - "plugin": "lens", - "path": "x-pack/plugins/lens/public/embeddable/embeddable_component.tsx" - }, { "plugin": "investigateApp", "path": "x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx" diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx index 4d2b6ae31ec33..ebb7bf2aea1fd 100644 --- a/api_docs/embeddable.mdx +++ b/api_docs/embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable title: "embeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddable plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable'] --- import embeddableObj from './embeddable.devdocs.json'; diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx index 01a48826572f0..dacf9c33bd9d4 100644 --- a/api_docs/embeddable_enhanced.mdx +++ b/api_docs/embeddable_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced title: "embeddableEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddableEnhanced plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced'] --- import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json'; diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx index 0daf90c42d212..ef6ee7db8bd30 100644 --- a/api_docs/encrypted_saved_objects.mdx +++ b/api_docs/encrypted_saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects title: "encryptedSavedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the encryptedSavedObjects plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects'] --- import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json'; diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx index 85bbe03fac19d..a76e8f8e4c008 100644 --- a/api_docs/enterprise_search.mdx +++ b/api_docs/enterprise_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch title: "enterpriseSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the enterpriseSearch plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch'] --- import enterpriseSearchObj from './enterprise_search.devdocs.json'; diff --git a/api_docs/entities_data_access.mdx b/api_docs/entities_data_access.mdx index 8b5eb703ed019..a5d3c06a5d3bb 100644 --- a/api_docs/entities_data_access.mdx +++ b/api_docs/entities_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entitiesDataAccess title: "entitiesDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the entitiesDataAccess plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entitiesDataAccess'] --- import entitiesDataAccessObj from './entities_data_access.devdocs.json'; diff --git a/api_docs/entity_manager.devdocs.json b/api_docs/entity_manager.devdocs.json index 9a3cf733daedf..a3f5fff48eb99 100644 --- a/api_docs/entity_manager.devdocs.json +++ b/api_docs/entity_manager.devdocs.json @@ -251,7 +251,7 @@ "section": "def-common.ServerRoute", "text": "ServerRoute" }, - "<\"PATCH /internal/entities/definition/{id}\", Zod.ZodObject<{ path: Zod.ZodObject<{ id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; }, { id: string; }>; query: Zod.ZodObject<{ installOnly: Zod.ZodDefault, Zod.ZodBoolean]>, boolean, boolean | \"true\" | \"false\">>>; }, \"strip\", Zod.ZodTypeAny, { installOnly: boolean; }, { installOnly?: boolean | \"true\" | \"false\" | undefined; }>; body: Zod.ZodObject; filter: Zod.ZodOptional>; version: Zod.ZodOptional>; name: Zod.ZodOptional; description: Zod.ZodOptional>; metrics: Zod.ZodOptional; body: Zod.ZodObject; filter: Zod.ZodOptional>; version: Zod.ZodOptional>; name: Zod.ZodOptional; description: Zod.ZodOptional>; metrics: Zod.ZodOptional; lookbackPeriod?: string | undefined; } | undefined; })[] | undefined; identityFields?: (string | { field: string; optional: false; })[] | undefined; displayNameTemplate?: string | undefined; staticFields?: Record | undefined; latest?: { settings?: { frequency?: string | undefined; syncField?: string | undefined; syncDelay?: string | undefined; } | undefined; lookbackPeriod?: string | undefined; timestampField?: string | undefined; } | undefined; installedComponents?: { id: string; type: \"transform\" | \"template\" | \"ingest_pipeline\"; }[] | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { query: { installOnly: boolean; }; path: { id: string; }; body: { version: string; type?: string | undefined; filter?: string | undefined; name?: string | undefined; description?: string | undefined; metrics?: { name: string; metrics: ({ name: string; field: string; aggregation: ", + "; filter?: string | undefined; } | { name: string; aggregation: \"doc_count\"; filter?: string | undefined; } | { name: string; field: string; percentile: number; aggregation: \"percentile\"; filter?: string | undefined; })[]; equation: string; }[] | undefined; indexPatterns?: string[] | undefined; metadata?: (string | { source: string; destination?: string | undefined; aggregation?: { type: \"terms\"; limit?: number | undefined; lookbackPeriod?: string | undefined; } | { type: \"top_value\"; sort: Record; lookbackPeriod?: string | undefined; } | undefined; })[] | undefined; identityFields?: (string | { field: string; optional: false; })[] | undefined; displayNameTemplate?: string | undefined; staticFields?: Record | undefined; latest?: { settings?: { frequency?: string | undefined; syncField?: string | undefined; syncDelay?: string | undefined; } | undefined; lookbackPeriod?: string | undefined; timestampField?: string | undefined; } | undefined; installedComponents?: { id: string; type: \"transform\" | \"template\" | \"ingest_pipeline\"; }[] | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { path: { id: string; }; body: { version: string; type?: string | undefined; filter?: string | undefined; name?: string | undefined; description?: string | undefined; metrics?: { name: string; metrics: ({ name: string; field: string; aggregation: ", { "pluginId": "@kbn/entities-schema", "scope": "common", @@ -315,7 +315,7 @@ "section": "def-common.BasicAggregations", "text": "BasicAggregations" }, - "; filter?: string | undefined; } | { name: string; aggregation: \"doc_count\"; filter?: string | undefined; } | { name: string; field: string; percentile: number; aggregation: \"percentile\"; filter?: string | undefined; })[]; equation: string; }[] | undefined; indexPatterns?: string[] | undefined; metadata?: ({ destination: string; source: string; aggregation: { type: \"terms\"; limit: number; lookbackPeriod?: string | undefined; } | { type: \"top_value\"; sort: Record; lookbackPeriod?: string | undefined; }; } | { destination: string; source: string; aggregation: { type: \"terms\"; limit: number; lookbackPeriod: undefined; }; })[] | undefined; identityFields?: ({ field: string; optional: false; } | { field: string; optional: boolean; })[] | undefined; displayNameTemplate?: string | undefined; staticFields?: Record | undefined; latest?: { settings?: { frequency?: string | undefined; syncField?: string | undefined; syncDelay?: string | undefined; } | undefined; lookbackPeriod?: string | undefined; timestampField?: string | undefined; } | undefined; installedComponents?: { id: string; type: \"transform\" | \"template\" | \"ingest_pipeline\"; }[] | undefined; }; }, { query: { installOnly?: boolean | \"true\" | \"false\" | undefined; }; path: { id: string; }; body: { version: string; type?: string | undefined; filter?: string | undefined; name?: string | undefined; description?: string | undefined; metrics?: { name: string; metrics: ({ name: string; field: string; aggregation: ", + "; filter?: string | undefined; } | { name: string; aggregation: \"doc_count\"; filter?: string | undefined; } | { name: string; field: string; percentile: number; aggregation: \"percentile\"; filter?: string | undefined; })[]; equation: string; }[] | undefined; indexPatterns?: string[] | undefined; metadata?: ({ destination: string; source: string; aggregation: { type: \"terms\"; limit: number; lookbackPeriod?: string | undefined; } | { type: \"top_value\"; sort: Record; lookbackPeriod?: string | undefined; }; } | { destination: string; source: string; aggregation: { type: \"terms\"; limit: number; lookbackPeriod: undefined; }; })[] | undefined; identityFields?: ({ field: string; optional: false; } | { field: string; optional: boolean; })[] | undefined; displayNameTemplate?: string | undefined; staticFields?: Record | undefined; latest?: { settings?: { frequency?: string | undefined; syncField?: string | undefined; syncDelay?: string | undefined; } | undefined; lookbackPeriod?: string | undefined; timestampField?: string | undefined; } | undefined; installedComponents?: { id: string; type: \"transform\" | \"template\" | \"ingest_pipeline\"; }[] | undefined; }; }, { path: { id: string; }; body: { version: string; type?: string | undefined; filter?: string | undefined; name?: string | undefined; description?: string | undefined; metrics?: { name: string; metrics: ({ name: string; field: string; aggregation: ", { "pluginId": "@kbn/entities-schema", "scope": "common", diff --git a/api_docs/entity_manager.mdx b/api_docs/entity_manager.mdx index 838e66336d32a..c36740b357133 100644 --- a/api_docs/entity_manager.mdx +++ b/api_docs/entity_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entityManager title: "entityManager" image: https://source.unsplash.com/400x175/?github description: API docs for the entityManager plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entityManager'] --- import entityManagerObj from './entity_manager.devdocs.json'; diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx index 5c7b2c44d3ed6..4e1de1a29784c 100644 --- a/api_docs/es_ui_shared.mdx +++ b/api_docs/es_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared title: "esUiShared" image: https://source.unsplash.com/400x175/?github description: API docs for the esUiShared plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared'] --- import esUiSharedObj from './es_ui_shared.devdocs.json'; diff --git a/api_docs/esql.mdx b/api_docs/esql.mdx index cf32accf6abb8..afceea1f7de7c 100644 --- a/api_docs/esql.mdx +++ b/api_docs/esql.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esql title: "esql" image: https://source.unsplash.com/400x175/?github description: API docs for the esql plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esql'] --- import esqlObj from './esql.devdocs.json'; diff --git a/api_docs/esql_data_grid.mdx b/api_docs/esql_data_grid.mdx index e2d1a850e9241..b3087a962c271 100644 --- a/api_docs/esql_data_grid.mdx +++ b/api_docs/esql_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esqlDataGrid title: "esqlDataGrid" image: https://source.unsplash.com/400x175/?github description: API docs for the esqlDataGrid plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esqlDataGrid'] --- import esqlDataGridObj from './esql_data_grid.devdocs.json'; diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx index ee07f7105352c..54123f4610ba9 100644 --- a/api_docs/event_annotation.mdx +++ b/api_docs/event_annotation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation title: "eventAnnotation" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotation plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation'] --- import eventAnnotationObj from './event_annotation.devdocs.json'; diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx index 5bbe6479f6116..c485b23676e7f 100644 --- a/api_docs/event_annotation_listing.mdx +++ b/api_docs/event_annotation_listing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing title: "eventAnnotationListing" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotationListing plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing'] --- import eventAnnotationListingObj from './event_annotation_listing.devdocs.json'; diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx index cd21281184379..e2b397d3bb984 100644 --- a/api_docs/event_log.mdx +++ b/api_docs/event_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog title: "eventLog" image: https://source.unsplash.com/400x175/?github description: API docs for the eventLog plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog'] --- import eventLogObj from './event_log.devdocs.json'; diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx index 2bf13bbbe7dba..068195e9d3ea6 100644 --- a/api_docs/exploratory_view.mdx +++ b/api_docs/exploratory_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView title: "exploratoryView" image: https://source.unsplash.com/400x175/?github description: API docs for the exploratoryView plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView'] --- import exploratoryViewObj from './exploratory_view.devdocs.json'; diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx index 774a05f8f345e..875a1ddc34349 100644 --- a/api_docs/expression_error.mdx +++ b/api_docs/expression_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError title: "expressionError" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionError plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError'] --- import expressionErrorObj from './expression_error.devdocs.json'; diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx index 63c3151e8a1dd..5bc088e9bd810 100644 --- a/api_docs/expression_gauge.mdx +++ b/api_docs/expression_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge title: "expressionGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionGauge plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge'] --- import expressionGaugeObj from './expression_gauge.devdocs.json'; diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx index eb18d1cac26ca..54d32d9c90919 100644 --- a/api_docs/expression_heatmap.mdx +++ b/api_docs/expression_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap title: "expressionHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionHeatmap plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap'] --- import expressionHeatmapObj from './expression_heatmap.devdocs.json'; diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx index 7246080baa148..00b63f0a85d73 100644 --- a/api_docs/expression_image.mdx +++ b/api_docs/expression_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage title: "expressionImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionImage plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage'] --- import expressionImageObj from './expression_image.devdocs.json'; diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx index 1593bc4d7c1fe..f7ffe93ecd00c 100644 --- a/api_docs/expression_legacy_metric_vis.mdx +++ b/api_docs/expression_legacy_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis title: "expressionLegacyMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionLegacyMetricVis plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis'] --- import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json'; diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx index 0ad608ac54949..77e0d44399c95 100644 --- a/api_docs/expression_metric.mdx +++ b/api_docs/expression_metric.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric title: "expressionMetric" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetric plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric'] --- import expressionMetricObj from './expression_metric.devdocs.json'; diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx index 99d176b11ea2b..df5075a758f47 100644 --- a/api_docs/expression_metric_vis.mdx +++ b/api_docs/expression_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis title: "expressionMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetricVis plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis'] --- import expressionMetricVisObj from './expression_metric_vis.devdocs.json'; diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx index e727fbb817adc..eedf21e3d5a2c 100644 --- a/api_docs/expression_partition_vis.mdx +++ b/api_docs/expression_partition_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis title: "expressionPartitionVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionPartitionVis plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis'] --- import expressionPartitionVisObj from './expression_partition_vis.devdocs.json'; diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx index 6235ea045c712..5a748cb636b26 100644 --- a/api_docs/expression_repeat_image.mdx +++ b/api_docs/expression_repeat_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage title: "expressionRepeatImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRepeatImage plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage'] --- import expressionRepeatImageObj from './expression_repeat_image.devdocs.json'; diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx index 205ba906c1fb1..4edb5f79f1dba 100644 --- a/api_docs/expression_reveal_image.mdx +++ b/api_docs/expression_reveal_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage title: "expressionRevealImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRevealImage plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage'] --- import expressionRevealImageObj from './expression_reveal_image.devdocs.json'; diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx index 1528b031ff485..969b4cf2a3529 100644 --- a/api_docs/expression_shape.mdx +++ b/api_docs/expression_shape.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape title: "expressionShape" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionShape plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape'] --- import expressionShapeObj from './expression_shape.devdocs.json'; diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx index 2d0dce1478f38..2a1257749a765 100644 --- a/api_docs/expression_tagcloud.mdx +++ b/api_docs/expression_tagcloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud title: "expressionTagcloud" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionTagcloud plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud'] --- import expressionTagcloudObj from './expression_tagcloud.devdocs.json'; diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx index 05039e00ed3f4..f1ba395a431d0 100644 --- a/api_docs/expression_x_y.mdx +++ b/api_docs/expression_x_y.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY title: "expressionXY" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionXY plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY'] --- import expressionXYObj from './expression_x_y.devdocs.json'; diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx index 6429e6986503f..bdfc24d1bbe40 100644 --- a/api_docs/expressions.mdx +++ b/api_docs/expressions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions title: "expressions" image: https://source.unsplash.com/400x175/?github description: API docs for the expressions plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions'] --- import expressionsObj from './expressions.devdocs.json'; diff --git a/api_docs/features.mdx b/api_docs/features.mdx index d7bd3ec4f6b15..882d8f233a855 100644 --- a/api_docs/features.mdx +++ b/api_docs/features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features title: "features" image: https://source.unsplash.com/400x175/?github description: API docs for the features plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features'] --- import featuresObj from './features.devdocs.json'; diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx index ce6582accf7d8..bbcdc5585132e 100644 --- a/api_docs/field_formats.mdx +++ b/api_docs/field_formats.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats title: "fieldFormats" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldFormats plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats'] --- import fieldFormatsObj from './field_formats.devdocs.json'; diff --git a/api_docs/fields_metadata.mdx b/api_docs/fields_metadata.mdx index 3092178667566..51bfa557f1a06 100644 --- a/api_docs/fields_metadata.mdx +++ b/api_docs/fields_metadata.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldsMetadata title: "fieldsMetadata" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldsMetadata plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldsMetadata'] --- import fieldsMetadataObj from './fields_metadata.devdocs.json'; diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx index e7084ec363d82..c4b1e5458ccfe 100644 --- a/api_docs/file_upload.mdx +++ b/api_docs/file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload title: "fileUpload" image: https://source.unsplash.com/400x175/?github description: API docs for the fileUpload plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload'] --- import fileUploadObj from './file_upload.devdocs.json'; diff --git a/api_docs/files.mdx b/api_docs/files.mdx index 341c9b85a3bee..2e12a3f096900 100644 --- a/api_docs/files.mdx +++ b/api_docs/files.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files title: "files" image: https://source.unsplash.com/400x175/?github description: API docs for the files plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files'] --- import filesObj from './files.devdocs.json'; diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx index e6f7f9266ebe9..fe460af770aeb 100644 --- a/api_docs/files_management.mdx +++ b/api_docs/files_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement title: "filesManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the filesManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement'] --- import filesManagementObj from './files_management.devdocs.json'; diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx index 548b460dc8ee1..5b4fbf3f6469c 100644 --- a/api_docs/fleet.mdx +++ b/api_docs/fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet title: "fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the fleet plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet'] --- import fleetObj from './fleet.devdocs.json'; diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx index f37e9ce8ff244..ecad7e72cd6de 100644 --- a/api_docs/global_search.mdx +++ b/api_docs/global_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch title: "globalSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the globalSearch plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch'] --- import globalSearchObj from './global_search.devdocs.json'; diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx index da8b599277ae8..7981a41fc3b09 100644 --- a/api_docs/guided_onboarding.mdx +++ b/api_docs/guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding title: "guidedOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the guidedOnboarding plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding'] --- import guidedOnboardingObj from './guided_onboarding.devdocs.json'; diff --git a/api_docs/home.mdx b/api_docs/home.mdx index f01667c56b793..f482fd5259c78 100644 --- a/api_docs/home.mdx +++ b/api_docs/home.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home title: "home" image: https://source.unsplash.com/400x175/?github description: API docs for the home plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home'] --- import homeObj from './home.devdocs.json'; diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx index 4fb826bd28a4c..d29d42d805854 100644 --- a/api_docs/image_embeddable.mdx +++ b/api_docs/image_embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable title: "imageEmbeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the imageEmbeddable plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable'] --- import imageEmbeddableObj from './image_embeddable.devdocs.json'; diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx index 9e826a040da2f..30d83edddc056 100644 --- a/api_docs/index_lifecycle_management.mdx +++ b/api_docs/index_lifecycle_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement title: "indexLifecycleManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexLifecycleManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement'] --- import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json'; diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx index 12bf1efb4c41f..63f6b10770795 100644 --- a/api_docs/index_management.mdx +++ b/api_docs/index_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement title: "indexManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement'] --- import indexManagementObj from './index_management.devdocs.json'; diff --git a/api_docs/inference.mdx b/api_docs/inference.mdx index 2cc82bfbeeae7..754a321572210 100644 --- a/api_docs/inference.mdx +++ b/api_docs/inference.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inference title: "inference" image: https://source.unsplash.com/400x175/?github description: API docs for the inference plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inference'] --- import inferenceObj from './inference.devdocs.json'; diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx index b02e0387ea23a..9e24a7145e853 100644 --- a/api_docs/infra.mdx +++ b/api_docs/infra.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra title: "infra" image: https://source.unsplash.com/400x175/?github description: API docs for the infra plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra'] --- import infraObj from './infra.devdocs.json'; diff --git a/api_docs/ingest_pipelines.mdx b/api_docs/ingest_pipelines.mdx index 281f262540933..699585411c1d8 100644 --- a/api_docs/ingest_pipelines.mdx +++ b/api_docs/ingest_pipelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ingestPipelines title: "ingestPipelines" image: https://source.unsplash.com/400x175/?github description: API docs for the ingestPipelines plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ingestPipelines'] --- import ingestPipelinesObj from './ingest_pipelines.devdocs.json'; diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx index 808171a931816..8befe46833068 100644 --- a/api_docs/inspector.mdx +++ b/api_docs/inspector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector title: "inspector" image: https://source.unsplash.com/400x175/?github description: API docs for the inspector plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector'] --- import inspectorObj from './inspector.devdocs.json'; diff --git a/api_docs/integration_assistant.mdx b/api_docs/integration_assistant.mdx index c889bc987bf9f..9109da444cff3 100644 --- a/api_docs/integration_assistant.mdx +++ b/api_docs/integration_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/integrationAssistant title: "integrationAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the integrationAssistant plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'integrationAssistant'] --- import integrationAssistantObj from './integration_assistant.devdocs.json'; diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx index 8089b4ecf472f..a31939d7a88b0 100644 --- a/api_docs/interactive_setup.mdx +++ b/api_docs/interactive_setup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup title: "interactiveSetup" image: https://source.unsplash.com/400x175/?github description: API docs for the interactiveSetup plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup'] --- import interactiveSetupObj from './interactive_setup.devdocs.json'; diff --git a/api_docs/inventory.devdocs.json b/api_docs/inventory.devdocs.json index 37bd2bb93e213..8d08d920f33d4 100644 --- a/api_docs/inventory.devdocs.json +++ b/api_docs/inventory.devdocs.json @@ -92,9 +92,9 @@ "UnionC", "<[", "LiteralC", - "<\"entity.displayName\">, ", + "<\"entity.display_name\">, ", "LiteralC", - "<\"entity.lastSeenTimestamp\">, ", + "<\"entity.last_seen_timestamp\">, ", "LiteralC", "<\"entity.type\">, ", "LiteralC", diff --git a/api_docs/inventory.mdx b/api_docs/inventory.mdx index cd964bb303af5..fd9dbc55ad549 100644 --- a/api_docs/inventory.mdx +++ b/api_docs/inventory.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inventory title: "inventory" image: https://source.unsplash.com/400x175/?github description: API docs for the inventory plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inventory'] --- import inventoryObj from './inventory.devdocs.json'; diff --git a/api_docs/investigate.mdx b/api_docs/investigate.mdx index b9434b646b026..013401f0b4763 100644 --- a/api_docs/investigate.mdx +++ b/api_docs/investigate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigate title: "investigate" image: https://source.unsplash.com/400x175/?github description: API docs for the investigate plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigate'] --- import investigateObj from './investigate.devdocs.json'; diff --git a/api_docs/investigate_app.devdocs.json b/api_docs/investigate_app.devdocs.json index ae63e31ddaca7..017a1cf94181c 100644 --- a/api_docs/investigate_app.devdocs.json +++ b/api_docs/investigate_app.devdocs.json @@ -84,7 +84,7 @@ }, "<\"GET /api/observability/investigation/entities 2023-10-31\", Zod.ZodObject<{ query: Zod.ZodOptional; 'service.environment': Zod.ZodOptional; 'host.name': Zod.ZodOptional; 'container.id': Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }>>; }, \"strip\", Zod.ZodTypeAny, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }>, ", "InvestigateAppRouteHandlerResources", - ", { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, ", + ", { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, ", "InvestigateAppRouteCreateOptions", ">; \"GET /api/observability/events 2023-10-31\": ", { diff --git a/api_docs/investigate_app.mdx b/api_docs/investigate_app.mdx index 7f4ad6b2996d3..b5b76b18211f1 100644 --- a/api_docs/investigate_app.mdx +++ b/api_docs/investigate_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigateApp title: "investigateApp" image: https://source.unsplash.com/400x175/?github description: API docs for the investigateApp plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigateApp'] --- import investigateAppObj from './investigate_app.devdocs.json'; diff --git a/api_docs/kbn_actions_types.mdx b/api_docs/kbn_actions_types.mdx index 52a3ccc639439..3d2bcc39c84a3 100644 --- a/api_docs/kbn_actions_types.mdx +++ b/api_docs/kbn_actions_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-actions-types title: "@kbn/actions-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/actions-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/actions-types'] --- import kbnActionsTypesObj from './kbn_actions_types.devdocs.json'; diff --git a/api_docs/kbn_ai_assistant.mdx b/api_docs/kbn_ai_assistant.mdx index c164f3a2f7b56..a450e39335fb9 100644 --- a/api_docs/kbn_ai_assistant.mdx +++ b/api_docs/kbn_ai_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ai-assistant title: "@kbn/ai-assistant" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ai-assistant plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ai-assistant'] --- import kbnAiAssistantObj from './kbn_ai_assistant.devdocs.json'; diff --git a/api_docs/kbn_ai_assistant_common.mdx b/api_docs/kbn_ai_assistant_common.mdx index 70642bebc98bc..673b83d0a67ff 100644 --- a/api_docs/kbn_ai_assistant_common.mdx +++ b/api_docs/kbn_ai_assistant_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ai-assistant-common title: "@kbn/ai-assistant-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ai-assistant-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ai-assistant-common'] --- import kbnAiAssistantCommonObj from './kbn_ai_assistant_common.devdocs.json'; diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx index 93e4da1c70d10..cec917cab02b6 100644 --- a/api_docs/kbn_aiops_components.mdx +++ b/api_docs/kbn_aiops_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components title: "@kbn/aiops-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components'] --- import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_pattern_analysis.mdx b/api_docs/kbn_aiops_log_pattern_analysis.mdx index f7b43cb4f8f2c..3743b44cf7148 100644 --- a/api_docs/kbn_aiops_log_pattern_analysis.mdx +++ b/api_docs/kbn_aiops_log_pattern_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-pattern-analysis title: "@kbn/aiops-log-pattern-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-pattern-analysis plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-pattern-analysis'] --- import kbnAiopsLogPatternAnalysisObj from './kbn_aiops_log_pattern_analysis.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_rate_analysis.mdx b/api_docs/kbn_aiops_log_rate_analysis.mdx index d2b7ee5839ea3..63649411a0bad 100644 --- a/api_docs/kbn_aiops_log_rate_analysis.mdx +++ b/api_docs/kbn_aiops_log_rate_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-rate-analysis title: "@kbn/aiops-log-rate-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-rate-analysis plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-rate-analysis'] --- import kbnAiopsLogRateAnalysisObj from './kbn_aiops_log_rate_analysis.devdocs.json'; diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx index e383c0fc293b7..5c97c0c607621 100644 --- a/api_docs/kbn_alerting_api_integration_helpers.mdx +++ b/api_docs/kbn_alerting_api_integration_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers title: "@kbn/alerting-api-integration-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-api-integration-helpers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers'] --- import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json'; diff --git a/api_docs/kbn_alerting_comparators.mdx b/api_docs/kbn_alerting_comparators.mdx index 1481276f9bb35..ff8a51d5c41e5 100644 --- a/api_docs/kbn_alerting_comparators.mdx +++ b/api_docs/kbn_alerting_comparators.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-comparators title: "@kbn/alerting-comparators" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-comparators plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-comparators'] --- import kbnAlertingComparatorsObj from './kbn_alerting_comparators.devdocs.json'; diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx index 8490ebf322821..68b9f3041a68b 100644 --- a/api_docs/kbn_alerting_state_types.mdx +++ b/api_docs/kbn_alerting_state_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types title: "@kbn/alerting-state-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-state-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types'] --- import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json'; diff --git a/api_docs/kbn_alerting_types.mdx b/api_docs/kbn_alerting_types.mdx index 784684738e7bc..d632d8a2d663f 100644 --- a/api_docs/kbn_alerting_types.mdx +++ b/api_docs/kbn_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-types title: "@kbn/alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-types'] --- import kbnAlertingTypesObj from './kbn_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx index 0e2b05414d1b9..a0dee4e6be794 100644 --- a/api_docs/kbn_alerts_as_data_utils.mdx +++ b/api_docs/kbn_alerts_as_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils title: "@kbn/alerts-as-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-as-data-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils'] --- import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json'; diff --git a/api_docs/kbn_alerts_grouping.mdx b/api_docs/kbn_alerts_grouping.mdx index 14216cf909bb2..3c88b31d6a85c 100644 --- a/api_docs/kbn_alerts_grouping.mdx +++ b/api_docs/kbn_alerts_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-grouping title: "@kbn/alerts-grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-grouping plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-grouping'] --- import kbnAlertsGroupingObj from './kbn_alerts_grouping.devdocs.json'; diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx index 66459f898286c..2775cc02a50be 100644 --- a/api_docs/kbn_alerts_ui_shared.mdx +++ b/api_docs/kbn_alerts_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared title: "@kbn/alerts-ui-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-ui-shared plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared'] --- import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json'; diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx index 005033189b46b..9316ef73f9125 100644 --- a/api_docs/kbn_analytics.mdx +++ b/api_docs/kbn_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics title: "@kbn/analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics'] --- import kbnAnalyticsObj from './kbn_analytics.devdocs.json'; diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx index 0d6f7c704ebbd..9aaee7c0402b0 100644 --- a/api_docs/kbn_analytics_collection_utils.mdx +++ b/api_docs/kbn_analytics_collection_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils title: "@kbn/analytics-collection-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-collection-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils'] --- import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json'; diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx index 6cb8f7e168958..2545e50638c11 100644 --- a/api_docs/kbn_apm_config_loader.mdx +++ b/api_docs/kbn_apm_config_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader title: "@kbn/apm-config-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-config-loader plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader'] --- import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json'; diff --git a/api_docs/kbn_apm_data_view.mdx b/api_docs/kbn_apm_data_view.mdx index 9fbe9d77ce52a..723fa74f6b80a 100644 --- a/api_docs/kbn_apm_data_view.mdx +++ b/api_docs/kbn_apm_data_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-data-view title: "@kbn/apm-data-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-data-view plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-data-view'] --- import kbnApmDataViewObj from './kbn_apm_data_view.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx index 4e17f1ae4ff8a..bbedf41a7a26b 100644 --- a/api_docs/kbn_apm_synthtrace.mdx +++ b/api_docs/kbn_apm_synthtrace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace title: "@kbn/apm-synthtrace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace'] --- import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace_client.devdocs.json b/api_docs/kbn_apm_synthtrace_client.devdocs.json index 161efd033eb50..4f458c6eb82a9 100644 --- a/api_docs/kbn_apm_synthtrace_client.devdocs.json +++ b/api_docs/kbn_apm_synthtrace_client.devdocs.json @@ -3055,7 +3055,7 @@ "label": "EntityFields", "description": [], "signature": [ - "{ '@timestamp'?: number | undefined; } & Partial<{ [key: string]: any; 'agent.name': string[]; 'source_data_stream.type': string | string[]; 'source_data_stream.dataset': string | string[]; 'event.ingested': string; sourceIndex: string; 'entity.lastSeenTimestamp': string; 'entity.schemaVersion': string; 'entity.definitionVersion': string; 'entity.displayName': string; 'entity.identityFields': string | string[]; 'entity.id': string; 'entity.type': string; 'entity.definitionId': string; }>" + "{ '@timestamp'?: number | undefined; } & Partial<{ [key: string]: any; 'agent.name': string[]; 'source_data_stream.type': string | string[]; 'source_data_stream.dataset': string | string[]; 'event.ingested': string; source_index: string; 'entity.last_seen_timestamp': string; 'entity.schema_version': string; 'entity.definition_version': string; 'entity.display_name': string; 'entity.identity_fields': string | string[]; 'entity.id': string; 'entity.type': string; 'entity.definition_id': string; }>" ], "path": "packages/kbn-apm-synthtrace-client/src/lib/entities/index.ts", "deprecated": false, diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx index 444d4579c1bd5..d4fce62a15c9a 100644 --- a/api_docs/kbn_apm_synthtrace_client.mdx +++ b/api_docs/kbn_apm_synthtrace_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client title: "@kbn/apm-synthtrace-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace-client plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client'] --- import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json'; diff --git a/api_docs/kbn_apm_types.mdx b/api_docs/kbn_apm_types.mdx index 58d5838d248af..3c511e689436c 100644 --- a/api_docs/kbn_apm_types.mdx +++ b/api_docs/kbn_apm_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-types title: "@kbn/apm-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-types'] --- import kbnApmTypesObj from './kbn_apm_types.devdocs.json'; diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx index ef4dc7d1f8a0a..f1aacb031552c 100644 --- a/api_docs/kbn_apm_utils.mdx +++ b/api_docs/kbn_apm_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils title: "@kbn/apm-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils'] --- import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json'; diff --git a/api_docs/kbn_avc_banner.mdx b/api_docs/kbn_avc_banner.mdx index e2322763b738f..7ee64e3c9e590 100644 --- a/api_docs/kbn_avc_banner.mdx +++ b/api_docs/kbn_avc_banner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-avc-banner title: "@kbn/avc-banner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/avc-banner plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/avc-banner'] --- import kbnAvcBannerObj from './kbn_avc_banner.devdocs.json'; diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx index 0c9c9de31eb39..41a64101e5255 100644 --- a/api_docs/kbn_axe_config.mdx +++ b/api_docs/kbn_axe_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config title: "@kbn/axe-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/axe-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config'] --- import kbnAxeConfigObj from './kbn_axe_config.devdocs.json'; diff --git a/api_docs/kbn_bfetch_error.mdx b/api_docs/kbn_bfetch_error.mdx index 7984983799ba7..1fa1373a2b52f 100644 --- a/api_docs/kbn_bfetch_error.mdx +++ b/api_docs/kbn_bfetch_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-bfetch-error title: "@kbn/bfetch-error" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/bfetch-error plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/bfetch-error'] --- import kbnBfetchErrorObj from './kbn_bfetch_error.devdocs.json'; diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx index 4ddcd3da9dd18..ff1a537302c52 100644 --- a/api_docs/kbn_calculate_auto.mdx +++ b/api_docs/kbn_calculate_auto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto title: "@kbn/calculate-auto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-auto plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto'] --- import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json'; diff --git a/api_docs/kbn_calculate_width_from_char_count.mdx b/api_docs/kbn_calculate_width_from_char_count.mdx index 3a619033e742c..1ace049810763 100644 --- a/api_docs/kbn_calculate_width_from_char_count.mdx +++ b/api_docs/kbn_calculate_width_from_char_count.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-width-from-char-count title: "@kbn/calculate-width-from-char-count" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-width-from-char-count plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-width-from-char-count'] --- import kbnCalculateWidthFromCharCountObj from './kbn_calculate_width_from_char_count.devdocs.json'; diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx index 0b375644eccb8..3c387f7f52177 100644 --- a/api_docs/kbn_cases_components.mdx +++ b/api_docs/kbn_cases_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components title: "@kbn/cases-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cases-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components'] --- import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json'; diff --git a/api_docs/kbn_cbor.mdx b/api_docs/kbn_cbor.mdx index 36f664b205ddf..2bc6de833621d 100644 --- a/api_docs/kbn_cbor.mdx +++ b/api_docs/kbn_cbor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cbor title: "@kbn/cbor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cbor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cbor'] --- import kbnCborObj from './kbn_cbor.devdocs.json'; diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx index 68d8a9ee88055..3dcd48bf18d22 100644 --- a/api_docs/kbn_cell_actions.mdx +++ b/api_docs/kbn_cell_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions title: "@kbn/cell-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cell-actions plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions'] --- import kbnCellActionsObj from './kbn_cell_actions.devdocs.json'; diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx index 90d4a343a24cb..845d0ececb4e3 100644 --- a/api_docs/kbn_chart_expressions_common.mdx +++ b/api_docs/kbn_chart_expressions_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common title: "@kbn/chart-expressions-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-expressions-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common'] --- import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json'; diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx index 7d8f5dbf2a5bb..25408fc82999f 100644 --- a/api_docs/kbn_chart_icons.mdx +++ b/api_docs/kbn_chart_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons title: "@kbn/chart-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-icons plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons'] --- import kbnChartIconsObj from './kbn_chart_icons.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx index db1ea2a5fbd93..d547adb69416c 100644 --- a/api_docs/kbn_ci_stats_core.mdx +++ b/api_docs/kbn_ci_stats_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core title: "@kbn/ci-stats-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-core plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core'] --- import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx index 5e13f5fd5f252..108edaf484328 100644 --- a/api_docs/kbn_ci_stats_performance_metrics.mdx +++ b/api_docs/kbn_ci_stats_performance_metrics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics title: "@kbn/ci-stats-performance-metrics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-performance-metrics plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics'] --- import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx index 3dcba3792b199..e43f05d8f6c87 100644 --- a/api_docs/kbn_ci_stats_reporter.mdx +++ b/api_docs/kbn_ci_stats_reporter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter title: "@kbn/ci-stats-reporter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-reporter plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter'] --- import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json'; diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx index b419f3a6783ab..341f328350bc8 100644 --- a/api_docs/kbn_cli_dev_mode.mdx +++ b/api_docs/kbn_cli_dev_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode title: "@kbn/cli-dev-mode" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cli-dev-mode plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode'] --- import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json'; diff --git a/api_docs/kbn_cloud_security_posture.mdx b/api_docs/kbn_cloud_security_posture.mdx index 3bfa05c7c9339..634cb3aa9c724 100644 --- a/api_docs/kbn_cloud_security_posture.mdx +++ b/api_docs/kbn_cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture title: "@kbn/cloud-security-posture" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cloud-security-posture plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture'] --- import kbnCloudSecurityPostureObj from './kbn_cloud_security_posture.devdocs.json'; diff --git a/api_docs/kbn_cloud_security_posture_common.mdx b/api_docs/kbn_cloud_security_posture_common.mdx index f8e08d30d6491..3e7b82ca25a82 100644 --- a/api_docs/kbn_cloud_security_posture_common.mdx +++ b/api_docs/kbn_cloud_security_posture_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture-common title: "@kbn/cloud-security-posture-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cloud-security-posture-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture-common'] --- import kbnCloudSecurityPostureCommonObj from './kbn_cloud_security_posture_common.devdocs.json'; diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx index 0877ddd2eea25..b0daddf5bde17 100644 --- a/api_docs/kbn_code_editor.mdx +++ b/api_docs/kbn_code_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor title: "@kbn/code-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor'] --- import kbnCodeEditorObj from './kbn_code_editor.devdocs.json'; diff --git a/api_docs/kbn_code_editor_mock.mdx b/api_docs/kbn_code_editor_mock.mdx index 882fb4ead4615..61e3ac208819f 100644 --- a/api_docs/kbn_code_editor_mock.mdx +++ b/api_docs/kbn_code_editor_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor-mock title: "@kbn/code-editor-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor-mock plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor-mock'] --- import kbnCodeEditorMockObj from './kbn_code_editor_mock.devdocs.json'; diff --git a/api_docs/kbn_code_owners.mdx b/api_docs/kbn_code_owners.mdx index 174423a95d79a..53f01acd73ded 100644 --- a/api_docs/kbn_code_owners.mdx +++ b/api_docs/kbn_code_owners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-owners title: "@kbn/code-owners" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-owners plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-owners'] --- import kbnCodeOwnersObj from './kbn_code_owners.devdocs.json'; diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx index 9c4d99c70de80..abd1d9af2b18a 100644 --- a/api_docs/kbn_coloring.mdx +++ b/api_docs/kbn_coloring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring title: "@kbn/coloring" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/coloring plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring'] --- import kbnColoringObj from './kbn_coloring.devdocs.json'; diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx index 2ee605c460cca..2a859953d0dde 100644 --- a/api_docs/kbn_config.mdx +++ b/api_docs/kbn_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config title: "@kbn/config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config'] --- import kbnConfigObj from './kbn_config.devdocs.json'; diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx index 53118952a89d2..1695839cf2685 100644 --- a/api_docs/kbn_config_mocks.mdx +++ b/api_docs/kbn_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks title: "@kbn/config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks'] --- import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx index 5fb91b2d0c141..44f4fe29c44d1 100644 --- a/api_docs/kbn_config_schema.mdx +++ b/api_docs/kbn_config_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema title: "@kbn/config-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-schema plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema'] --- import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx index a9aed94e07e8d..4a29fd9d72923 100644 --- a/api_docs/kbn_content_management_content_editor.mdx +++ b/api_docs/kbn_content_management_content_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor title: "@kbn/content-management-content-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-editor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor'] --- import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_insights_public.mdx b/api_docs/kbn_content_management_content_insights_public.mdx index dbfcbb7c4b397..fb065a8a95ce2 100644 --- a/api_docs/kbn_content_management_content_insights_public.mdx +++ b/api_docs/kbn_content_management_content_insights_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-public title: "@kbn/content-management-content-insights-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-insights-public plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-public'] --- import kbnContentManagementContentInsightsPublicObj from './kbn_content_management_content_insights_public.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_insights_server.mdx b/api_docs/kbn_content_management_content_insights_server.mdx index 8899cc3a4313a..eae5ad41d802b 100644 --- a/api_docs/kbn_content_management_content_insights_server.mdx +++ b/api_docs/kbn_content_management_content_insights_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-server title: "@kbn/content-management-content-insights-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-insights-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-server'] --- import kbnContentManagementContentInsightsServerObj from './kbn_content_management_content_insights_server.devdocs.json'; diff --git a/api_docs/kbn_content_management_favorites_public.mdx b/api_docs/kbn_content_management_favorites_public.mdx index 8341e69175997..c39fea67e5a98 100644 --- a/api_docs/kbn_content_management_favorites_public.mdx +++ b/api_docs/kbn_content_management_favorites_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-public title: "@kbn/content-management-favorites-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-favorites-public plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-public'] --- import kbnContentManagementFavoritesPublicObj from './kbn_content_management_favorites_public.devdocs.json'; diff --git a/api_docs/kbn_content_management_favorites_server.mdx b/api_docs/kbn_content_management_favorites_server.mdx index 785da53c60ed8..fb419456c17e4 100644 --- a/api_docs/kbn_content_management_favorites_server.mdx +++ b/api_docs/kbn_content_management_favorites_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-server title: "@kbn/content-management-favorites-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-favorites-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-server'] --- import kbnContentManagementFavoritesServerObj from './kbn_content_management_favorites_server.devdocs.json'; diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx index de028e6598bd6..2944b75bebd21 100644 --- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx +++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view title: "@kbn/content-management-tabbed-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-tabbed-table-list-view plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view'] --- import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx index 73b048e08154e..944f097f2e114 100644 --- a/api_docs/kbn_content_management_table_list_view.mdx +++ b/api_docs/kbn_content_management_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view title: "@kbn/content-management-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view'] --- import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_common.mdx b/api_docs/kbn_content_management_table_list_view_common.mdx index 9a3c865e005f8..3e4d41c6c0503 100644 --- a/api_docs/kbn_content_management_table_list_view_common.mdx +++ b/api_docs/kbn_content_management_table_list_view_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-common title: "@kbn/content-management-table-list-view-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-common'] --- import kbnContentManagementTableListViewCommonObj from './kbn_content_management_table_list_view_common.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx index d2cf6ee91a84c..e9d7ec36a3b00 100644 --- a/api_docs/kbn_content_management_table_list_view_table.mdx +++ b/api_docs/kbn_content_management_table_list_view_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table title: "@kbn/content-management-table-list-view-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-table plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table'] --- import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json'; diff --git a/api_docs/kbn_content_management_user_profiles.mdx b/api_docs/kbn_content_management_user_profiles.mdx index af6c3935e8c9b..8de72090dd923 100644 --- a/api_docs/kbn_content_management_user_profiles.mdx +++ b/api_docs/kbn_content_management_user_profiles.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-user-profiles title: "@kbn/content-management-user-profiles" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-user-profiles plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-user-profiles'] --- import kbnContentManagementUserProfilesObj from './kbn_content_management_user_profiles.devdocs.json'; diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx index 59151eb6baadf..0bc3640a3f068 100644 --- a/api_docs/kbn_content_management_utils.mdx +++ b/api_docs/kbn_content_management_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils title: "@kbn/content-management-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils'] --- import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx index f25dfb95fab47..60fc6205729d7 100644 --- a/api_docs/kbn_core_analytics_browser.mdx +++ b/api_docs/kbn_core_analytics_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser title: "@kbn/core-analytics-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser'] --- import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx index bbf2d179dcbc5..44bc53d78e7a0 100644 --- a/api_docs/kbn_core_analytics_browser_internal.mdx +++ b/api_docs/kbn_core_analytics_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal title: "@kbn/core-analytics-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal'] --- import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx index 3a74985beddf3..969e3b2f6b817 100644 --- a/api_docs/kbn_core_analytics_browser_mocks.mdx +++ b/api_docs/kbn_core_analytics_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks title: "@kbn/core-analytics-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks'] --- import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx index 964cbf910f03b..89cf5da825983 100644 --- a/api_docs/kbn_core_analytics_server.mdx +++ b/api_docs/kbn_core_analytics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server title: "@kbn/core-analytics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server'] --- import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx index a3a6061eb3c60..459b65e42575d 100644 --- a/api_docs/kbn_core_analytics_server_internal.mdx +++ b/api_docs/kbn_core_analytics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal title: "@kbn/core-analytics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal'] --- import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx index 18ced0b6d02e5..6d22516fcfa43 100644 --- a/api_docs/kbn_core_analytics_server_mocks.mdx +++ b/api_docs/kbn_core_analytics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks title: "@kbn/core-analytics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks'] --- import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx index 5f3a7ee2a8cc4..5a92eda078d82 100644 --- a/api_docs/kbn_core_application_browser.mdx +++ b/api_docs/kbn_core_application_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser title: "@kbn/core-application-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser'] --- import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx index a094d806f8599..ae985fa246a7a 100644 --- a/api_docs/kbn_core_application_browser_internal.mdx +++ b/api_docs/kbn_core_application_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal title: "@kbn/core-application-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal'] --- import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx index 2e58d19b70acb..6423c693cc2d1 100644 --- a/api_docs/kbn_core_application_browser_mocks.mdx +++ b/api_docs/kbn_core_application_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks title: "@kbn/core-application-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks'] --- import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx index 4f740160e82af..a68fdf616f5e8 100644 --- a/api_docs/kbn_core_application_common.mdx +++ b/api_docs/kbn_core_application_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common title: "@kbn/core-application-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common'] --- import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx index 81f892e1bcff3..15e129897a557 100644 --- a/api_docs/kbn_core_apps_browser_internal.mdx +++ b/api_docs/kbn_core_apps_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal title: "@kbn/core-apps-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal'] --- import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx index 4314c27ccf92d..4bfc845d0c8f4 100644 --- a/api_docs/kbn_core_apps_browser_mocks.mdx +++ b/api_docs/kbn_core_apps_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks title: "@kbn/core-apps-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks'] --- import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx index a320e01a2f404..6577e12f6ed83 100644 --- a/api_docs/kbn_core_apps_server_internal.mdx +++ b/api_docs/kbn_core_apps_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal title: "@kbn/core-apps-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal'] --- import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx index 81e7708376b0a..d1841bd16f6ad 100644 --- a/api_docs/kbn_core_base_browser_mocks.mdx +++ b/api_docs/kbn_core_base_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks title: "@kbn/core-base-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks'] --- import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx index e5098bd997ccb..d7883e58893d6 100644 --- a/api_docs/kbn_core_base_common.mdx +++ b/api_docs/kbn_core_base_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common title: "@kbn/core-base-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common'] --- import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx index 2d624c58510e3..68d4aa6af3c24 100644 --- a/api_docs/kbn_core_base_server_internal.mdx +++ b/api_docs/kbn_core_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal title: "@kbn/core-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal'] --- import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx index e2c3f323b26a3..3a68fc2cd9742 100644 --- a/api_docs/kbn_core_base_server_mocks.mdx +++ b/api_docs/kbn_core_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks title: "@kbn/core-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks'] --- import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx index 531595ebc8193..37274f728f59f 100644 --- a/api_docs/kbn_core_capabilities_browser_mocks.mdx +++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks title: "@kbn/core-capabilities-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks'] --- import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx index dadf8f470c8af..fcd629b96c41b 100644 --- a/api_docs/kbn_core_capabilities_common.mdx +++ b/api_docs/kbn_core_capabilities_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common title: "@kbn/core-capabilities-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common'] --- import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx index 02c766cd79f14..73efcbc61698c 100644 --- a/api_docs/kbn_core_capabilities_server.mdx +++ b/api_docs/kbn_core_capabilities_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server title: "@kbn/core-capabilities-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server'] --- import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx index 5f77943d40f84..cc238b0642ba3 100644 --- a/api_docs/kbn_core_capabilities_server_mocks.mdx +++ b/api_docs/kbn_core_capabilities_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks title: "@kbn/core-capabilities-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks'] --- import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser.devdocs.json b/api_docs/kbn_core_chrome_browser.devdocs.json index 63ea89a56f6e3..9a5c873f29227 100644 --- a/api_docs/kbn_core_chrome_browser.devdocs.json +++ b/api_docs/kbn_core_chrome_browser.devdocs.json @@ -3792,7 +3792,7 @@ "label": "AppDeepLinkId", "description": [], "signature": [ - "\"fleet\" | \"graph\" | \"ml\" | \"monitoring\" | \"profiling\" | \"metrics\" | \"management\" | \"apm\" | \"synthetics\" | \"ux\" | \"canvas\" | \"logs\" | \"dashboards\" | \"slo\" | \"observabilityAIAssistant\" | \"home\" | \"integrations\" | \"discover\" | \"observability-overview\" | \"appSearch\" | \"dev_tools\" | \"maps\" | \"visualize\" | \"dev_tools:console\" | \"dev_tools:searchprofiler\" | \"dev_tools:painless_lab\" | \"dev_tools:grokdebugger\" | \"ml:notifications\" | \"ml:nodes\" | \"ml:overview\" | \"ml:memoryUsage\" | \"ml:settings\" | \"ml:dataVisualizer\" | \"ml:logPatternAnalysis\" | \"ml:logRateAnalysis\" | \"ml:singleMetricViewer\" | \"ml:anomalyDetection\" | \"ml:anomalyExplorer\" | \"ml:dataDrift\" | \"ml:dataFrameAnalytics\" | \"ml:resultExplorer\" | \"ml:analyticsMap\" | \"ml:aiOps\" | \"ml:changePointDetections\" | \"ml:modelManagement\" | \"ml:nodesOverview\" | \"ml:esqlDataVisualizer\" | \"ml:fileUpload\" | \"ml:indexDataVisualizer\" | \"ml:calendarSettings\" | \"ml:filterListsSettings\" | \"ml:suppliedConfigurations\" | \"osquery\" | \"management:transform\" | \"management:watcher\" | \"management:cases\" | \"management:tags\" | \"management:maintenanceWindows\" | \"management:cross_cluster_replication\" | \"management:dataViews\" | \"management:spaces\" | \"management:settings\" | \"management:users\" | \"management:migrate_data\" | \"management:search_sessions\" | \"management:data_quality\" | \"management:filesManagement\" | \"management:roles\" | \"management:reporting\" | \"management:aiAssistantManagementSelection\" | \"management:securityAiAssistantManagement\" | \"management:observabilityAiAssistantManagement\" | \"management:api_keys\" | \"management:license_management\" | \"management:index_lifecycle_management\" | \"management:index_management\" | \"management:ingest_pipelines\" | \"management:jobsListLink\" | \"management:objects\" | \"management:pipelines\" | \"management:remote_clusters\" | \"management:role_mappings\" | \"management:rollup_jobs\" | \"management:snapshot_restore\" | \"management:triggersActions\" | \"management:triggersActionsConnectors\" | \"management:upgrade_assistant\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"enterpriseSearchRelevance\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchInferenceEndpoints\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"enterpriseSearchRelevance:inferenceEndpoints\" | \"elasticsearchStart\" | \"elasticsearchIndices\" | \"observability-logs-explorer\" | \"last-used-logs-viewer\" | \"observabilityOnboarding\" | \"inventory\" | \"logs:settings\" | \"logs:stream\" | \"logs:log-categories\" | \"logs:anomalies\" | \"observability-overview:cases\" | \"observability-overview:alerts\" | \"observability-overview:rules\" | \"observability-overview:cases_create\" | \"observability-overview:cases_configure\" | \"metrics:settings\" | \"metrics:hosts\" | \"metrics:inventory\" | \"metrics:metrics-explorer\" | \"metrics:assetDetails\" | \"apm:services\" | \"apm:traces\" | \"apm:dependencies\" | \"apm:service-map\" | \"apm:settings\" | \"apm:service-groups-list\" | \"apm:storage-explorer\" | \"synthetics:overview\" | \"synthetics:certificates\" | \"profiling:functions\" | \"profiling:stacktraces\" | \"profiling:flamegraphs\" | \"inventory:datastreams\" | \"securitySolutionUI\" | \"securitySolutionUI:\" | \"securitySolutionUI:cases\" | \"securitySolutionUI:alerts\" | \"securitySolutionUI:rules\" | \"securitySolutionUI:policy\" | \"securitySolutionUI:overview\" | \"securitySolutionUI:dashboards\" | \"securitySolutionUI:kubernetes\" | \"securitySolutionUI:cases_create\" | \"securitySolutionUI:cases_configure\" | \"securitySolutionUI:hosts\" | \"securitySolutionUI:users\" | \"securitySolutionUI:cloud_defend-policies\" | \"securitySolutionUI:cloud_security_posture-dashboard\" | \"securitySolutionUI:cloud_security_posture-findings\" | \"securitySolutionUI:cloud_security_posture-benchmarks\" | \"securitySolutionUI:network\" | \"securitySolutionUI:data_quality\" | \"securitySolutionUI:explore\" | \"securitySolutionUI:assets\" | \"securitySolutionUI:cloud_defend\" | \"securitySolutionUI:notes\" | \"securitySolutionUI:administration\" | \"securitySolutionUI:attack_discovery\" | \"securitySolutionUI:blocklist\" | \"securitySolutionUI:cloud_security_posture-rules\" | \"securitySolutionUI:detections\" | \"securitySolutionUI:detection_response\" | \"securitySolutionUI:endpoints\" | \"securitySolutionUI:event_filters\" | \"securitySolutionUI:exceptions\" | \"securitySolutionUI:host_isolation_exceptions\" | \"securitySolutionUI:hosts-all\" | \"securitySolutionUI:hosts-anomalies\" | \"securitySolutionUI:hosts-risk\" | \"securitySolutionUI:hosts-events\" | \"securitySolutionUI:hosts-sessions\" | \"securitySolutionUI:hosts-uncommon_processes\" | \"securitySolutionUI:investigations\" | \"securitySolutionUI:get_started\" | \"securitySolutionUI:machine_learning-landing\" | \"securitySolutionUI:network-anomalies\" | \"securitySolutionUI:network-dns\" | \"securitySolutionUI:network-events\" | \"securitySolutionUI:network-flows\" | \"securitySolutionUI:network-http\" | \"securitySolutionUI:network-tls\" | \"securitySolutionUI:response_actions_history\" | \"securitySolutionUI:rules-add\" | \"securitySolutionUI:rules-create\" | \"securitySolutionUI:rules-landing\" | \"securitySolutionUI:threat_intelligence\" | \"securitySolutionUI:timelines\" | \"securitySolutionUI:timelines-templates\" | \"securitySolutionUI:trusted_apps\" | \"securitySolutionUI:users-all\" | \"securitySolutionUI:users-anomalies\" | \"securitySolutionUI:users-authentications\" | \"securitySolutionUI:users-events\" | \"securitySolutionUI:users-risk\" | \"securitySolutionUI:entity_analytics\" | \"securitySolutionUI:entity_analytics-management\" | \"securitySolutionUI:entity_analytics-asset-classification\" | \"securitySolutionUI:entity_analytics-entity_store_management\" | \"securitySolutionUI:coverage-overview\" | \"fleet:settings\" | \"fleet:agents\" | \"fleet:policies\" | \"fleet:data_streams\" | \"fleet:enrollment_tokens\" | \"fleet:uninstall_tokens\"" + "\"fleet\" | \"graph\" | \"ml\" | \"monitoring\" | \"profiling\" | \"metrics\" | \"management\" | \"apm\" | \"synthetics\" | \"ux\" | \"canvas\" | \"logs\" | \"dashboards\" | \"slo\" | \"observabilityAIAssistant\" | \"home\" | \"integrations\" | \"discover\" | \"observability-overview\" | \"appSearch\" | \"dev_tools\" | \"maps\" | \"visualize\" | \"dev_tools:console\" | \"dev_tools:searchprofiler\" | \"dev_tools:painless_lab\" | \"dev_tools:grokdebugger\" | \"ml:notifications\" | \"ml:nodes\" | \"ml:overview\" | \"ml:memoryUsage\" | \"ml:settings\" | \"ml:dataVisualizer\" | \"ml:logPatternAnalysis\" | \"ml:logRateAnalysis\" | \"ml:singleMetricViewer\" | \"ml:anomalyDetection\" | \"ml:anomalyExplorer\" | \"ml:dataDrift\" | \"ml:dataFrameAnalytics\" | \"ml:resultExplorer\" | \"ml:analyticsMap\" | \"ml:aiOps\" | \"ml:changePointDetections\" | \"ml:modelManagement\" | \"ml:nodesOverview\" | \"ml:esqlDataVisualizer\" | \"ml:fileUpload\" | \"ml:indexDataVisualizer\" | \"ml:calendarSettings\" | \"ml:filterListsSettings\" | \"ml:suppliedConfigurations\" | \"osquery\" | \"management:transform\" | \"management:watcher\" | \"management:cases\" | \"management:tags\" | \"management:maintenanceWindows\" | \"management:cross_cluster_replication\" | \"management:dataViews\" | \"management:spaces\" | \"management:settings\" | \"management:users\" | \"management:migrate_data\" | \"management:search_sessions\" | \"management:data_quality\" | \"management:filesManagement\" | \"management:roles\" | \"management:reporting\" | \"management:aiAssistantManagementSelection\" | \"management:securityAiAssistantManagement\" | \"management:observabilityAiAssistantManagement\" | \"management:api_keys\" | \"management:license_management\" | \"management:index_lifecycle_management\" | \"management:index_management\" | \"management:ingest_pipelines\" | \"management:jobsListLink\" | \"management:objects\" | \"management:pipelines\" | \"management:remote_clusters\" | \"management:role_mappings\" | \"management:rollup_jobs\" | \"management:snapshot_restore\" | \"management:triggersActions\" | \"management:triggersActionsConnectors\" | \"management:upgrade_assistant\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"searchInferenceEndpoints\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"searchInferenceEndpoints:inferenceEndpoints\" | \"elasticsearchStart\" | \"elasticsearchIndices\" | \"observability-logs-explorer\" | \"last-used-logs-viewer\" | \"observabilityOnboarding\" | \"inventory\" | \"logs:settings\" | \"logs:stream\" | \"logs:log-categories\" | \"logs:anomalies\" | \"observability-overview:cases\" | \"observability-overview:alerts\" | \"observability-overview:rules\" | \"observability-overview:cases_create\" | \"observability-overview:cases_configure\" | \"metrics:settings\" | \"metrics:hosts\" | \"metrics:inventory\" | \"metrics:metrics-explorer\" | \"metrics:assetDetails\" | \"apm:services\" | \"apm:traces\" | \"apm:dependencies\" | \"apm:service-map\" | \"apm:settings\" | \"apm:service-groups-list\" | \"apm:storage-explorer\" | \"synthetics:overview\" | \"synthetics:certificates\" | \"profiling:functions\" | \"profiling:stacktraces\" | \"profiling:flamegraphs\" | \"inventory:datastreams\" | \"securitySolutionUI\" | \"securitySolutionUI:\" | \"securitySolutionUI:cases\" | \"securitySolutionUI:alerts\" | \"securitySolutionUI:rules\" | \"securitySolutionUI:policy\" | \"securitySolutionUI:overview\" | \"securitySolutionUI:dashboards\" | \"securitySolutionUI:kubernetes\" | \"securitySolutionUI:cases_create\" | \"securitySolutionUI:cases_configure\" | \"securitySolutionUI:hosts\" | \"securitySolutionUI:users\" | \"securitySolutionUI:cloud_defend-policies\" | \"securitySolutionUI:cloud_security_posture-dashboard\" | \"securitySolutionUI:cloud_security_posture-findings\" | \"securitySolutionUI:cloud_security_posture-benchmarks\" | \"securitySolutionUI:network\" | \"securitySolutionUI:data_quality\" | \"securitySolutionUI:explore\" | \"securitySolutionUI:assets\" | \"securitySolutionUI:cloud_defend\" | \"securitySolutionUI:notes\" | \"securitySolutionUI:administration\" | \"securitySolutionUI:attack_discovery\" | \"securitySolutionUI:blocklist\" | \"securitySolutionUI:cloud_security_posture-rules\" | \"securitySolutionUI:detections\" | \"securitySolutionUI:detection_response\" | \"securitySolutionUI:endpoints\" | \"securitySolutionUI:event_filters\" | \"securitySolutionUI:exceptions\" | \"securitySolutionUI:host_isolation_exceptions\" | \"securitySolutionUI:hosts-all\" | \"securitySolutionUI:hosts-anomalies\" | \"securitySolutionUI:hosts-risk\" | \"securitySolutionUI:hosts-events\" | \"securitySolutionUI:hosts-sessions\" | \"securitySolutionUI:hosts-uncommon_processes\" | \"securitySolutionUI:investigations\" | \"securitySolutionUI:get_started\" | \"securitySolutionUI:machine_learning-landing\" | \"securitySolutionUI:network-anomalies\" | \"securitySolutionUI:network-dns\" | \"securitySolutionUI:network-events\" | \"securitySolutionUI:network-flows\" | \"securitySolutionUI:network-http\" | \"securitySolutionUI:network-tls\" | \"securitySolutionUI:response_actions_history\" | \"securitySolutionUI:rules-add\" | \"securitySolutionUI:rules-create\" | \"securitySolutionUI:rules-landing\" | \"securitySolutionUI:threat_intelligence\" | \"securitySolutionUI:timelines\" | \"securitySolutionUI:timelines-templates\" | \"securitySolutionUI:trusted_apps\" | \"securitySolutionUI:users-all\" | \"securitySolutionUI:users-anomalies\" | \"securitySolutionUI:users-authentications\" | \"securitySolutionUI:users-events\" | \"securitySolutionUI:users-risk\" | \"securitySolutionUI:entity_analytics\" | \"securitySolutionUI:entity_analytics-management\" | \"securitySolutionUI:entity_analytics-asset-classification\" | \"securitySolutionUI:entity_analytics-entity_store_management\" | \"securitySolutionUI:coverage-overview\" | \"fleet:settings\" | \"fleet:agents\" | \"fleet:policies\" | \"fleet:data_streams\" | \"fleet:enrollment_tokens\" | \"fleet:uninstall_tokens\"" ], "path": "packages/core/chrome/core-chrome-browser/src/project_navigation.ts", "deprecated": false, diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx index c02da34256138..40d7be5ddafa1 100644 --- a/api_docs/kbn_core_chrome_browser.mdx +++ b/api_docs/kbn_core_chrome_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser title: "@kbn/core-chrome-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser'] --- import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx index ff39e7962dbad..555fdefd23742 100644 --- a/api_docs/kbn_core_chrome_browser_mocks.mdx +++ b/api_docs/kbn_core_chrome_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks title: "@kbn/core-chrome-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks'] --- import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx index 1df8dfa854c9a..e546363b5dfd3 100644 --- a/api_docs/kbn_core_config_server_internal.mdx +++ b/api_docs/kbn_core_config_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal title: "@kbn/core-config-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-config-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal'] --- import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx index fd2baee1848ee..22c30c6b5d5ac 100644 --- a/api_docs/kbn_core_custom_branding_browser.mdx +++ b/api_docs/kbn_core_custom_branding_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser title: "@kbn/core-custom-branding-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser'] --- import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx index 2e2e8f78dab89..06c26e2d56648 100644 --- a/api_docs/kbn_core_custom_branding_browser_internal.mdx +++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal title: "@kbn/core-custom-branding-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal'] --- import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx index c56ddefc9dec7..c9d4f33d9e665 100644 --- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks title: "@kbn/core-custom-branding-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks'] --- import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx index 079cf42867a04..1fd39040f9402 100644 --- a/api_docs/kbn_core_custom_branding_common.mdx +++ b/api_docs/kbn_core_custom_branding_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common title: "@kbn/core-custom-branding-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common'] --- import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx index 3ef3462c99098..483a213bd66ed 100644 --- a/api_docs/kbn_core_custom_branding_server.mdx +++ b/api_docs/kbn_core_custom_branding_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server title: "@kbn/core-custom-branding-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server'] --- import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx index e5c456d770914..3dd65b11914f4 100644 --- a/api_docs/kbn_core_custom_branding_server_internal.mdx +++ b/api_docs/kbn_core_custom_branding_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal title: "@kbn/core-custom-branding-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal'] --- import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx index 03ec12a9d8c1e..ab72e7bbb1759 100644 --- a/api_docs/kbn_core_custom_branding_server_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks title: "@kbn/core-custom-branding-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks'] --- import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx index cb5d44fbdcef6..200cb548c5683 100644 --- a/api_docs/kbn_core_deprecations_browser.mdx +++ b/api_docs/kbn_core_deprecations_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser title: "@kbn/core-deprecations-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser'] --- import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx index 751bba4f52f98..6825081b2c001 100644 --- a/api_docs/kbn_core_deprecations_browser_internal.mdx +++ b/api_docs/kbn_core_deprecations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal title: "@kbn/core-deprecations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal'] --- import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx index 52c094d4dd043..adf31650c7381 100644 --- a/api_docs/kbn_core_deprecations_browser_mocks.mdx +++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks title: "@kbn/core-deprecations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks'] --- import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx index 6a4fa95fe88b3..0ba68c06ac7c1 100644 --- a/api_docs/kbn_core_deprecations_common.mdx +++ b/api_docs/kbn_core_deprecations_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common title: "@kbn/core-deprecations-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common'] --- import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx index fc4ccdfdddb83..8c901046471c5 100644 --- a/api_docs/kbn_core_deprecations_server.mdx +++ b/api_docs/kbn_core_deprecations_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server title: "@kbn/core-deprecations-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server'] --- import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx index 21518ac9a29e0..630d882e07d31 100644 --- a/api_docs/kbn_core_deprecations_server_internal.mdx +++ b/api_docs/kbn_core_deprecations_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal title: "@kbn/core-deprecations-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal'] --- import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx index 1a1355df10361..c9da0e57500b0 100644 --- a/api_docs/kbn_core_deprecations_server_mocks.mdx +++ b/api_docs/kbn_core_deprecations_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks title: "@kbn/core-deprecations-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks'] --- import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx index 97605f15b827f..a30458eca1758 100644 --- a/api_docs/kbn_core_doc_links_browser.mdx +++ b/api_docs/kbn_core_doc_links_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser title: "@kbn/core-doc-links-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser'] --- import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx index 26d575ee33126..01ab9040f903d 100644 --- a/api_docs/kbn_core_doc_links_browser_mocks.mdx +++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks title: "@kbn/core-doc-links-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks'] --- import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx index 3ffbb6cdb879b..47ffdc15299f4 100644 --- a/api_docs/kbn_core_doc_links_server.mdx +++ b/api_docs/kbn_core_doc_links_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server title: "@kbn/core-doc-links-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server'] --- import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx index c638293a2c85e..849fcb6ed3eb0 100644 --- a/api_docs/kbn_core_doc_links_server_mocks.mdx +++ b/api_docs/kbn_core_doc_links_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks title: "@kbn/core-doc-links-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks'] --- import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx index 57dfbfdc906bb..9646db7695429 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal title: "@kbn/core-elasticsearch-client-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal'] --- import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx index 405b267f514f5..fa403612d28f1 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks title: "@kbn/core-elasticsearch-client-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks'] --- import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx index 64ac94db7fb8a..aa55e46d80b99 100644 --- a/api_docs/kbn_core_elasticsearch_server.mdx +++ b/api_docs/kbn_core_elasticsearch_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server title: "@kbn/core-elasticsearch-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server'] --- import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx index 061c059daa9c8..154e7c60ede82 100644 --- a/api_docs/kbn_core_elasticsearch_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal title: "@kbn/core-elasticsearch-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal'] --- import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx index e7199cf6ffe7a..801356bc14ab9 100644 --- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks title: "@kbn/core-elasticsearch-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks'] --- import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx index 6df6690e3457b..e65f657d8ef38 100644 --- a/api_docs/kbn_core_environment_server_internal.mdx +++ b/api_docs/kbn_core_environment_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal title: "@kbn/core-environment-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal'] --- import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx index 28fa9b86a7578..119f16506cfbf 100644 --- a/api_docs/kbn_core_environment_server_mocks.mdx +++ b/api_docs/kbn_core_environment_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks title: "@kbn/core-environment-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks'] --- import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx index e341059491bd7..f391be847a3ca 100644 --- a/api_docs/kbn_core_execution_context_browser.mdx +++ b/api_docs/kbn_core_execution_context_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser title: "@kbn/core-execution-context-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser'] --- import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx index 054a5692f885b..6b012c62c9f9c 100644 --- a/api_docs/kbn_core_execution_context_browser_internal.mdx +++ b/api_docs/kbn_core_execution_context_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal title: "@kbn/core-execution-context-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal'] --- import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx index 54b6932ecbe05..86b4ea029bff8 100644 --- a/api_docs/kbn_core_execution_context_browser_mocks.mdx +++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks title: "@kbn/core-execution-context-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks'] --- import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx index dbe12fc157179..4974838eff6af 100644 --- a/api_docs/kbn_core_execution_context_common.mdx +++ b/api_docs/kbn_core_execution_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common title: "@kbn/core-execution-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common'] --- import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx index 67b7adfa617a1..6a5c2fe7f2a6a 100644 --- a/api_docs/kbn_core_execution_context_server.mdx +++ b/api_docs/kbn_core_execution_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server title: "@kbn/core-execution-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server'] --- import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx index 2aa14b65ccb95..4243a5cc3e666 100644 --- a/api_docs/kbn_core_execution_context_server_internal.mdx +++ b/api_docs/kbn_core_execution_context_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal title: "@kbn/core-execution-context-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal'] --- import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx index 0b278913b9db7..98c7534a86b58 100644 --- a/api_docs/kbn_core_execution_context_server_mocks.mdx +++ b/api_docs/kbn_core_execution_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks title: "@kbn/core-execution-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks'] --- import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx index b65d59e89ca27..aefdb76ab7449 100644 --- a/api_docs/kbn_core_fatal_errors_browser.mdx +++ b/api_docs/kbn_core_fatal_errors_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser title: "@kbn/core-fatal-errors-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser'] --- import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx index e66072b375616..40b93d1ed29ff 100644 --- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx +++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks title: "@kbn/core-fatal-errors-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks'] --- import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser.mdx b/api_docs/kbn_core_feature_flags_browser.mdx index 3e2ed93e38f83..3486ea431fd50 100644 --- a/api_docs/kbn_core_feature_flags_browser.mdx +++ b/api_docs/kbn_core_feature_flags_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser title: "@kbn/core-feature-flags-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser'] --- import kbnCoreFeatureFlagsBrowserObj from './kbn_core_feature_flags_browser.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser_internal.mdx b/api_docs/kbn_core_feature_flags_browser_internal.mdx index a146bc963ad9a..c030b3f5a4bb1 100644 --- a/api_docs/kbn_core_feature_flags_browser_internal.mdx +++ b/api_docs/kbn_core_feature_flags_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-internal title: "@kbn/core-feature-flags-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-internal'] --- import kbnCoreFeatureFlagsBrowserInternalObj from './kbn_core_feature_flags_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser_mocks.mdx b/api_docs/kbn_core_feature_flags_browser_mocks.mdx index a7c37e6038174..bc8b90ce02d5f 100644 --- a/api_docs/kbn_core_feature_flags_browser_mocks.mdx +++ b/api_docs/kbn_core_feature_flags_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-mocks title: "@kbn/core-feature-flags-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-mocks'] --- import kbnCoreFeatureFlagsBrowserMocksObj from './kbn_core_feature_flags_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server.mdx b/api_docs/kbn_core_feature_flags_server.mdx index 337fe2d9570f0..095103578bfc9 100644 --- a/api_docs/kbn_core_feature_flags_server.mdx +++ b/api_docs/kbn_core_feature_flags_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server title: "@kbn/core-feature-flags-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server'] --- import kbnCoreFeatureFlagsServerObj from './kbn_core_feature_flags_server.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server_internal.mdx b/api_docs/kbn_core_feature_flags_server_internal.mdx index 405a96e6dbca1..ba6a13e591617 100644 --- a/api_docs/kbn_core_feature_flags_server_internal.mdx +++ b/api_docs/kbn_core_feature_flags_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-internal title: "@kbn/core-feature-flags-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-internal'] --- import kbnCoreFeatureFlagsServerInternalObj from './kbn_core_feature_flags_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server_mocks.mdx b/api_docs/kbn_core_feature_flags_server_mocks.mdx index 96c6686bc3743..6bac003686542 100644 --- a/api_docs/kbn_core_feature_flags_server_mocks.mdx +++ b/api_docs/kbn_core_feature_flags_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-mocks title: "@kbn/core-feature-flags-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-mocks'] --- import kbnCoreFeatureFlagsServerMocksObj from './kbn_core_feature_flags_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx index 01b6833115b1b..e8eac76af7da7 100644 --- a/api_docs/kbn_core_http_browser.mdx +++ b/api_docs/kbn_core_http_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser title: "@kbn/core-http-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser'] --- import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx index b0f4942993d4b..24e0d23cddbe4 100644 --- a/api_docs/kbn_core_http_browser_internal.mdx +++ b/api_docs/kbn_core_http_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal title: "@kbn/core-http-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal'] --- import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx index 59eaae56f20d9..c9604803cd983 100644 --- a/api_docs/kbn_core_http_browser_mocks.mdx +++ b/api_docs/kbn_core_http_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks title: "@kbn/core-http-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks'] --- import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx index b614e22a858a6..e358bbf7fd0ef 100644 --- a/api_docs/kbn_core_http_common.mdx +++ b/api_docs/kbn_core_http_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common title: "@kbn/core-http-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common'] --- import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json'; diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx index 7111664eff044..492ba821c1e11 100644 --- a/api_docs/kbn_core_http_context_server_mocks.mdx +++ b/api_docs/kbn_core_http_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks title: "@kbn/core-http-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-context-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks'] --- import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx index 3ae73f70441ce..425e29618cd39 100644 --- a/api_docs/kbn_core_http_request_handler_context_server.mdx +++ b/api_docs/kbn_core_http_request_handler_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server title: "@kbn/core-http-request-handler-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-request-handler-context-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server'] --- import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx index 6ff011b85f409..7019732370a9b 100644 --- a/api_docs/kbn_core_http_resources_server.mdx +++ b/api_docs/kbn_core_http_resources_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server title: "@kbn/core-http-resources-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server'] --- import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx index 48b617a3e4163..3942b0def84ad 100644 --- a/api_docs/kbn_core_http_resources_server_internal.mdx +++ b/api_docs/kbn_core_http_resources_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal title: "@kbn/core-http-resources-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal'] --- import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx index 95533bbcded32..d8ce60fe8ac11 100644 --- a/api_docs/kbn_core_http_resources_server_mocks.mdx +++ b/api_docs/kbn_core_http_resources_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks title: "@kbn/core-http-resources-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks'] --- import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx index b3673acdf490f..838e4ec08e224 100644 --- a/api_docs/kbn_core_http_router_server_internal.mdx +++ b/api_docs/kbn_core_http_router_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal title: "@kbn/core-http-router-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal'] --- import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx index bfffd1aca4b13..2c8d3974b5190 100644 --- a/api_docs/kbn_core_http_router_server_mocks.mdx +++ b/api_docs/kbn_core_http_router_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks title: "@kbn/core-http-router-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks'] --- import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_server.devdocs.json b/api_docs/kbn_core_http_server.devdocs.json index 2b48acb81ee21..795482e76ab5f 100644 --- a/api_docs/kbn_core_http_server.devdocs.json +++ b/api_docs/kbn_core_http_server.devdocs.json @@ -3743,6 +3743,10 @@ "plugin": "licensing", "path": "x-pack/plugins/licensing/server/routes/feature_usage.ts" }, + { + "plugin": "@kbn/content-management-content-insights-server", + "path": "packages/content-management/content_insights/content_insights_server/src/register.ts" + }, { "plugin": "features", "path": "x-pack/plugins/features/server/routes/index.ts" @@ -4031,10 +4035,6 @@ "plugin": "ruleRegistry", "path": "x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts" }, - { - "plugin": "@kbn/content-management-content-insights-server", - "path": "packages/content-management/content_insights/content_insights_server/src/register.ts" - }, { "plugin": "banners", "path": "x-pack/plugins/banners/server/routes/info.ts" @@ -5839,6 +5839,10 @@ "plugin": "alerting", "path": "x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.test.ts" }, + { + "plugin": "alerting", + "path": "x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.test.ts" + }, { "plugin": "alerting", "path": "x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.test.ts" @@ -6433,6 +6437,10 @@ "plugin": "licensing", "path": "x-pack/plugins/licensing/server/routes/internal/register_feature.ts" }, + { + "plugin": "@kbn/content-management-content-insights-server", + "path": "packages/content-management/content_insights/content_insights_server/src/register.ts" + }, { "plugin": "home", "path": "src/plugins/home/server/services/sample_data/routes/install.ts" @@ -6551,7 +6559,7 @@ }, { "plugin": "actions", - "path": "x-pack/plugins/actions/server/routes/create.ts" + "path": "x-pack/plugins/actions/server/routes/connector/create/create.ts" }, { "plugin": "actions", @@ -6631,7 +6639,7 @@ }, { "plugin": "alerting", - "path": "x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts" + "path": "x-pack/plugins/alerting/server/routes/rule/apis/find/find_internal_rules_route.ts" }, { "plugin": "alerting", @@ -6749,10 +6757,6 @@ "plugin": "ruleRegistry", "path": "x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts" }, - { - "plugin": "@kbn/content-management-content-insights-server", - "path": "packages/content-management/content_insights/content_insights_server/src/register.ts" - }, { "plugin": "savedObjectsTagging", "path": "x-pack/plugins/saved_objects_tagging/server/routes/tags/create_tag.ts" @@ -7805,18 +7809,6 @@ "plugin": "@kbn/core-http-router-server-mocks", "path": "packages/core/http/core-http-router-server-mocks/src/router.mock.ts" }, - { - "plugin": "actions", - "path": "x-pack/plugins/actions/server/routes/create.test.ts" - }, - { - "plugin": "actions", - "path": "x-pack/plugins/actions/server/routes/create.test.ts" - }, - { - "plugin": "actions", - "path": "x-pack/plugins/actions/server/routes/create.test.ts" - }, { "plugin": "actions", "path": "x-pack/plugins/actions/server/routes/get_global_execution_kpi.test.ts" @@ -8089,6 +8081,18 @@ "plugin": "remoteClusters", "path": "x-pack/plugins/remote_clusters/server/routes/api/add_route.test.ts" }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/routes/connector/create/create.test.ts" + }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/routes/connector/create/create.test.ts" + }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/routes/connector/create/create.test.ts" + }, { "plugin": "actions", "path": "x-pack/plugins/actions/server/routes/connector/execute/execute.test.ts" @@ -8377,6 +8381,10 @@ "plugin": "alerting", "path": "x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.test.ts" }, + { + "plugin": "alerting", + "path": "x-pack/plugins/alerting/server/routes/rule/apis/find/find_internal_rules_route.test.ts" + }, { "plugin": "alerting", "path": "x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.test.ts" @@ -18381,6 +18389,20 @@ "deprecated": false, "trackAdoption": false, "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/core-http-server", + "id": "def-server.ReservedPrivilegesSet", + "type": "Enum", + "tags": [], + "label": "ReservedPrivilegesSet", + "description": [ + "\nA set of reserved privileges that can be used to check access to the route." + ], + "path": "packages/core/http/core-http-server/src/router/route.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false } ], "misc": [ diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx index 3cfc5bbdce292..55e0b5382534e 100644 --- a/api_docs/kbn_core_http_server.mdx +++ b/api_docs/kbn_core_http_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server title: "@kbn/core-http-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server'] --- import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 551 | 2 | 232 | 1 | +| 552 | 2 | 232 | 1 | ## Server diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx index 48a5e50cbf2a2..a9a23fcb8366a 100644 --- a/api_docs/kbn_core_http_server_internal.mdx +++ b/api_docs/kbn_core_http_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal title: "@kbn/core-http-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal'] --- import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx index 3793a797714ba..fb026e74d0d3e 100644 --- a/api_docs/kbn_core_http_server_mocks.mdx +++ b/api_docs/kbn_core_http_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks title: "@kbn/core-http-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks'] --- import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx index 16eb6cd54bc4a..0f7fdfd7ea29a 100644 --- a/api_docs/kbn_core_i18n_browser.mdx +++ b/api_docs/kbn_core_i18n_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser title: "@kbn/core-i18n-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser'] --- import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx index 5cbe272cf84d3..e5af6caedfbea 100644 --- a/api_docs/kbn_core_i18n_browser_mocks.mdx +++ b/api_docs/kbn_core_i18n_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks title: "@kbn/core-i18n-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks'] --- import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx index f909b471e70dd..37a34c5564efd 100644 --- a/api_docs/kbn_core_i18n_server.mdx +++ b/api_docs/kbn_core_i18n_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server title: "@kbn/core-i18n-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server'] --- import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx index 5d6b70474e33f..9721e13103b70 100644 --- a/api_docs/kbn_core_i18n_server_internal.mdx +++ b/api_docs/kbn_core_i18n_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal title: "@kbn/core-i18n-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal'] --- import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx index 93820eb8d5c89..92e7f560d5443 100644 --- a/api_docs/kbn_core_i18n_server_mocks.mdx +++ b/api_docs/kbn_core_i18n_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks title: "@kbn/core-i18n-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks'] --- import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx index 1378fea456c64..a8d035339153e 100644 --- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx +++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks title: "@kbn/core-injected-metadata-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks'] --- import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx index 81587ac6062ac..6f6b41cb03786 100644 --- a/api_docs/kbn_core_integrations_browser_internal.mdx +++ b/api_docs/kbn_core_integrations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal title: "@kbn/core-integrations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal'] --- import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx index 996f6ee99ccde..0f88ff1d52e84 100644 --- a/api_docs/kbn_core_integrations_browser_mocks.mdx +++ b/api_docs/kbn_core_integrations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks title: "@kbn/core-integrations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks'] --- import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx index 3766da8aafae4..c263792cbd657 100644 --- a/api_docs/kbn_core_lifecycle_browser.mdx +++ b/api_docs/kbn_core_lifecycle_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser title: "@kbn/core-lifecycle-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser'] --- import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx index fc71973cb1c0e..7eead333c4d2d 100644 --- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks title: "@kbn/core-lifecycle-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks'] --- import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx index 675c84509790e..3ae7d66545862 100644 --- a/api_docs/kbn_core_lifecycle_server.mdx +++ b/api_docs/kbn_core_lifecycle_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server title: "@kbn/core-lifecycle-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server'] --- import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx index 067edc1860641..8c1fd5cf052e8 100644 --- a/api_docs/kbn_core_lifecycle_server_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks title: "@kbn/core-lifecycle-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks'] --- import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx index a47aa4a76e351..2828e25cf32a7 100644 --- a/api_docs/kbn_core_logging_browser_mocks.mdx +++ b/api_docs/kbn_core_logging_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks title: "@kbn/core-logging-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks'] --- import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx index d85f960999710..a0ee9f139d712 100644 --- a/api_docs/kbn_core_logging_common_internal.mdx +++ b/api_docs/kbn_core_logging_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal title: "@kbn/core-logging-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-common-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal'] --- import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx index 6115724409c9e..e19de2bf95adc 100644 --- a/api_docs/kbn_core_logging_server.mdx +++ b/api_docs/kbn_core_logging_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server title: "@kbn/core-logging-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server'] --- import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx index acc13e824320a..c3f9b21788c7b 100644 --- a/api_docs/kbn_core_logging_server_internal.mdx +++ b/api_docs/kbn_core_logging_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal title: "@kbn/core-logging-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal'] --- import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx index ad7ee90d697b8..9248c7fc323c8 100644 --- a/api_docs/kbn_core_logging_server_mocks.mdx +++ b/api_docs/kbn_core_logging_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks title: "@kbn/core-logging-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks'] --- import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx index a2c141f9bb48a..ead2e31a51825 100644 --- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal title: "@kbn/core-metrics-collectors-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal'] --- import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx index 82f34b2379b1e..c138435ddd75b 100644 --- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks title: "@kbn/core-metrics-collectors-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks'] --- import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx index 7b279622c89c8..2bb9ae69a0d6a 100644 --- a/api_docs/kbn_core_metrics_server.mdx +++ b/api_docs/kbn_core_metrics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server title: "@kbn/core-metrics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server'] --- import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx index 0eab62a34c347..7b46205814f6f 100644 --- a/api_docs/kbn_core_metrics_server_internal.mdx +++ b/api_docs/kbn_core_metrics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal title: "@kbn/core-metrics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal'] --- import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx index 9e17541707258..20f39e98370ad 100644 --- a/api_docs/kbn_core_metrics_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks title: "@kbn/core-metrics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks'] --- import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx index 5a134ed3b2a9f..097e0dd7ac518 100644 --- a/api_docs/kbn_core_mount_utils_browser.mdx +++ b/api_docs/kbn_core_mount_utils_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser title: "@kbn/core-mount-utils-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-mount-utils-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser'] --- import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json'; diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx index 3a06f2adbab3f..786d843d5c8c4 100644 --- a/api_docs/kbn_core_node_server.mdx +++ b/api_docs/kbn_core_node_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server title: "@kbn/core-node-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server'] --- import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx index 481f6598c3aaa..f035169f6d44f 100644 --- a/api_docs/kbn_core_node_server_internal.mdx +++ b/api_docs/kbn_core_node_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal title: "@kbn/core-node-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal'] --- import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx index 9be973ce9bfea..9fa9730ad3c39 100644 --- a/api_docs/kbn_core_node_server_mocks.mdx +++ b/api_docs/kbn_core_node_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks title: "@kbn/core-node-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks'] --- import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx index a2f75e37c59e0..fadc3fc416662 100644 --- a/api_docs/kbn_core_notifications_browser.mdx +++ b/api_docs/kbn_core_notifications_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser title: "@kbn/core-notifications-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser'] --- import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx index 00ef0fc184366..19d8caed8dda5 100644 --- a/api_docs/kbn_core_notifications_browser_internal.mdx +++ b/api_docs/kbn_core_notifications_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal title: "@kbn/core-notifications-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal'] --- import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx index 6fd26fe8edd0e..310e7482a5567 100644 --- a/api_docs/kbn_core_notifications_browser_mocks.mdx +++ b/api_docs/kbn_core_notifications_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks title: "@kbn/core-notifications-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks'] --- import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx index 80aeef9a0b5cc..18eb61f683594 100644 --- a/api_docs/kbn_core_overlays_browser.mdx +++ b/api_docs/kbn_core_overlays_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser title: "@kbn/core-overlays-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser'] --- import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx index 85615b191c104..43a5d16fc08a3 100644 --- a/api_docs/kbn_core_overlays_browser_internal.mdx +++ b/api_docs/kbn_core_overlays_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal title: "@kbn/core-overlays-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal'] --- import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx index af85e91701405..e1492c5b7152b 100644 --- a/api_docs/kbn_core_overlays_browser_mocks.mdx +++ b/api_docs/kbn_core_overlays_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks title: "@kbn/core-overlays-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks'] --- import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx index e938f81e2007f..5e7e32028defb 100644 --- a/api_docs/kbn_core_plugins_browser.mdx +++ b/api_docs/kbn_core_plugins_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser title: "@kbn/core-plugins-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser'] --- import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx index 1d0b8dcce372d..788dd3ce2f74f 100644 --- a/api_docs/kbn_core_plugins_browser_mocks.mdx +++ b/api_docs/kbn_core_plugins_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks title: "@kbn/core-plugins-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks'] --- import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx index 02738d2f74e78..4f2e40e87a59e 100644 --- a/api_docs/kbn_core_plugins_contracts_browser.mdx +++ b/api_docs/kbn_core_plugins_contracts_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser title: "@kbn/core-plugins-contracts-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser'] --- import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx index 317604117eb70..f5582cb7c8119 100644 --- a/api_docs/kbn_core_plugins_contracts_server.mdx +++ b/api_docs/kbn_core_plugins_contracts_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server title: "@kbn/core-plugins-contracts-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server'] --- import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx index a33d03e46898d..dfa981163d1ea 100644 --- a/api_docs/kbn_core_plugins_server.mdx +++ b/api_docs/kbn_core_plugins_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server title: "@kbn/core-plugins-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server'] --- import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx index b4762dde256cd..4a7c8d31f9442 100644 --- a/api_docs/kbn_core_plugins_server_mocks.mdx +++ b/api_docs/kbn_core_plugins_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks title: "@kbn/core-plugins-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks'] --- import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx index c6a001d0fbf84..f4be4b4440b11 100644 --- a/api_docs/kbn_core_preboot_server.mdx +++ b/api_docs/kbn_core_preboot_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server title: "@kbn/core-preboot-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server'] --- import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx index 09c4eb802b98b..c90586c0aace3 100644 --- a/api_docs/kbn_core_preboot_server_mocks.mdx +++ b/api_docs/kbn_core_preboot_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks title: "@kbn/core-preboot-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks'] --- import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx index b2a076aab3896..2f16d5691d804 100644 --- a/api_docs/kbn_core_rendering_browser_mocks.mdx +++ b/api_docs/kbn_core_rendering_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks title: "@kbn/core-rendering-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks'] --- import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx index ec8aaf2dbd646..2c08ccab6c06d 100644 --- a/api_docs/kbn_core_rendering_server_internal.mdx +++ b/api_docs/kbn_core_rendering_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal title: "@kbn/core-rendering-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal'] --- import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx index f1dde07e72cac..28261d1446804 100644 --- a/api_docs/kbn_core_rendering_server_mocks.mdx +++ b/api_docs/kbn_core_rendering_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks title: "@kbn/core-rendering-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks'] --- import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx index 13341ccd8d403..907b0f55c71db 100644 --- a/api_docs/kbn_core_root_server_internal.mdx +++ b/api_docs/kbn_core_root_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal title: "@kbn/core-root-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-root-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal'] --- import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx index 25f8cb87b40e7..155576f242819 100644 --- a/api_docs/kbn_core_saved_objects_api_browser.mdx +++ b/api_docs/kbn_core_saved_objects_api_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser title: "@kbn/core-saved-objects-api-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser'] --- import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server.devdocs.json b/api_docs/kbn_core_saved_objects_api_server.devdocs.json index 1524753c3fb7c..78c5844109cd2 100644 --- a/api_docs/kbn_core_saved_objects_api_server.devdocs.json +++ b/api_docs/kbn_core_saved_objects_api_server.devdocs.json @@ -2686,6 +2686,18 @@ "plugin": "alerting", "path": "x-pack/plugins/alerting/common/rule.ts" }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts" + }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts" + }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts" + }, { "plugin": "actions", "path": "x-pack/plugins/actions/server/types.ts" @@ -2724,15 +2736,15 @@ }, { "plugin": "actions", - "path": "x-pack/plugins/actions/server/actions_client/actions_client.ts" + "path": "x-pack/plugins/actions/server/application/connector/methods/create/create.ts" }, { "plugin": "actions", - "path": "x-pack/plugins/actions/server/actions_client/actions_client.ts" + "path": "x-pack/plugins/actions/server/application/connector/methods/create/create.ts" }, { "plugin": "actions", - "path": "x-pack/plugins/actions/server/actions_client/actions_client.ts" + "path": "x-pack/plugins/actions/server/application/connector/methods/create/create.ts" }, { "plugin": "alerting", diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx index f7878cd496e33..bd4eb80dcc82a 100644 --- a/api_docs/kbn_core_saved_objects_api_server.mdx +++ b/api_docs/kbn_core_saved_objects_api_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server title: "@kbn/core-saved-objects-api-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server'] --- import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx index 74ef74b4c0894..1d6b91c6e46d8 100644 --- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks title: "@kbn/core-saved-objects-api-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks'] --- import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx index 904d1a5c73bd3..edfeb7ca879f2 100644 --- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal title: "@kbn/core-saved-objects-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal'] --- import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx index b8ff19201e047..500bf5766f632 100644 --- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks title: "@kbn/core-saved-objects-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks'] --- import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx index 5e82279f2ff86..a42608134723e 100644 --- a/api_docs/kbn_core_saved_objects_browser.mdx +++ b/api_docs/kbn_core_saved_objects_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser title: "@kbn/core-saved-objects-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser'] --- import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx index 82f61ada0343d..d3d13cc2c63bf 100644 --- a/api_docs/kbn_core_saved_objects_browser_internal.mdx +++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal title: "@kbn/core-saved-objects-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal'] --- import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx index 1d8a0a080e148..88014da43a931 100644 --- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks title: "@kbn/core-saved-objects-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks'] --- import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_common.devdocs.json b/api_docs/kbn_core_saved_objects_common.devdocs.json index 3e87ab4f75860..b6c10bc23fbf5 100644 --- a/api_docs/kbn_core_saved_objects_common.devdocs.json +++ b/api_docs/kbn_core_saved_objects_common.devdocs.json @@ -1217,18 +1217,6 @@ "plugin": "@kbn/core", "path": "src/core/public/index.ts" }, - { - "plugin": "home", - "path": "src/plugins/home/server/services/sample_data/sample_data_registry.ts" - }, - { - "plugin": "home", - "path": "src/plugins/home/server/services/sample_data/sample_data_registry.ts" - }, - { - "plugin": "home", - "path": "src/plugins/home/server/services/sample_data/sample_data_registry.ts" - }, { "plugin": "savedObjectsTagging", "path": "x-pack/plugins/saved_objects_tagging/public/ui_api/get_table_column_definition.tsx" @@ -1241,6 +1229,18 @@ "plugin": "savedObjectsTagging", "path": "x-pack/plugins/saved_objects_tagging/public/ui_api/get_table_column_definition.tsx" }, + { + "plugin": "home", + "path": "src/plugins/home/server/services/sample_data/sample_data_registry.ts" + }, + { + "plugin": "home", + "path": "src/plugins/home/server/services/sample_data/sample_data_registry.ts" + }, + { + "plugin": "home", + "path": "src/plugins/home/server/services/sample_data/sample_data_registry.ts" + }, { "plugin": "canvas", "path": "x-pack/plugins/canvas/shareable_runtime/types.ts" diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx index c640abd7302e3..438ece77834ac 100644 --- a/api_docs/kbn_core_saved_objects_common.mdx +++ b/api_docs/kbn_core_saved_objects_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common title: "@kbn/core-saved-objects-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common'] --- import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx index 061a0f16624d9..597789bb85c4b 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal title: "@kbn/core-saved-objects-import-export-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal'] --- import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx index 992856657c001..a30d7a9fa7c3c 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks title: "@kbn/core-saved-objects-import-export-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks'] --- import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx index c30b20912f219..d102e41200eab 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal title: "@kbn/core-saved-objects-migration-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal'] --- import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx index 26b59b25e3340..9d882d20dcf2b 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks title: "@kbn/core-saved-objects-migration-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks'] --- import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server.devdocs.json b/api_docs/kbn_core_saved_objects_server.devdocs.json index ff45bcbb7b16c..fecd38966f116 100644 --- a/api_docs/kbn_core_saved_objects_server.devdocs.json +++ b/api_docs/kbn_core_saved_objects_server.devdocs.json @@ -6177,6 +6177,18 @@ "plugin": "alerting", "path": "x-pack/plugins/alerting/common/rule.ts" }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts" + }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts" + }, + { + "plugin": "actions", + "path": "x-pack/plugins/actions/server/application/connector/methods/create/types/types.ts" + }, { "plugin": "actions", "path": "x-pack/plugins/actions/server/types.ts" @@ -6215,15 +6227,15 @@ }, { "plugin": "actions", - "path": "x-pack/plugins/actions/server/actions_client/actions_client.ts" + "path": "x-pack/plugins/actions/server/application/connector/methods/create/create.ts" }, { "plugin": "actions", - "path": "x-pack/plugins/actions/server/actions_client/actions_client.ts" + "path": "x-pack/plugins/actions/server/application/connector/methods/create/create.ts" }, { "plugin": "actions", - "path": "x-pack/plugins/actions/server/actions_client/actions_client.ts" + "path": "x-pack/plugins/actions/server/application/connector/methods/create/create.ts" }, { "plugin": "alerting", diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx index 49d9a6cd3fd72..d2c7e37db72c5 100644 --- a/api_docs/kbn_core_saved_objects_server.mdx +++ b/api_docs/kbn_core_saved_objects_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server title: "@kbn/core-saved-objects-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server'] --- import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx index c97eb121023a0..8154d4b5d19d9 100644 --- a/api_docs/kbn_core_saved_objects_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal title: "@kbn/core-saved-objects-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal'] --- import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx index f71529dae07a7..0be66d1628cf4 100644 --- a/api_docs/kbn_core_saved_objects_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks title: "@kbn/core-saved-objects-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks'] --- import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx index f96934f4c0960..4063c9ec89286 100644 --- a/api_docs/kbn_core_saved_objects_utils_server.mdx +++ b/api_docs/kbn_core_saved_objects_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server title: "@kbn/core-saved-objects-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-utils-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server'] --- import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser.mdx b/api_docs/kbn_core_security_browser.mdx index e92b1d7332c50..30e225b1fd731 100644 --- a/api_docs/kbn_core_security_browser.mdx +++ b/api_docs/kbn_core_security_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser title: "@kbn/core-security-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser'] --- import kbnCoreSecurityBrowserObj from './kbn_core_security_browser.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_internal.mdx b/api_docs/kbn_core_security_browser_internal.mdx index b7d6b7da289e1..6afc5092a5495 100644 --- a/api_docs/kbn_core_security_browser_internal.mdx +++ b/api_docs/kbn_core_security_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-internal title: "@kbn/core-security-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-internal'] --- import kbnCoreSecurityBrowserInternalObj from './kbn_core_security_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_mocks.mdx b/api_docs/kbn_core_security_browser_mocks.mdx index c455b4cccc2fb..b1f5390fcd94f 100644 --- a/api_docs/kbn_core_security_browser_mocks.mdx +++ b/api_docs/kbn_core_security_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-mocks title: "@kbn/core-security-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-mocks'] --- import kbnCoreSecurityBrowserMocksObj from './kbn_core_security_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_security_common.mdx b/api_docs/kbn_core_security_common.mdx index 99e04cfb530b9..6c107efac8997 100644 --- a/api_docs/kbn_core_security_common.mdx +++ b/api_docs/kbn_core_security_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-common title: "@kbn/core-security-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-common'] --- import kbnCoreSecurityCommonObj from './kbn_core_security_common.devdocs.json'; diff --git a/api_docs/kbn_core_security_server.mdx b/api_docs/kbn_core_security_server.mdx index a360d6e4fd9ae..8aba7297daaa7 100644 --- a/api_docs/kbn_core_security_server.mdx +++ b/api_docs/kbn_core_security_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server title: "@kbn/core-security-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server'] --- import kbnCoreSecurityServerObj from './kbn_core_security_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_internal.mdx b/api_docs/kbn_core_security_server_internal.mdx index ba837b3b8baee..84b3b3380b0b7 100644 --- a/api_docs/kbn_core_security_server_internal.mdx +++ b/api_docs/kbn_core_security_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-internal title: "@kbn/core-security-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-internal'] --- import kbnCoreSecurityServerInternalObj from './kbn_core_security_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_mocks.mdx b/api_docs/kbn_core_security_server_mocks.mdx index 130e01e34a474..162a9ac7c17e2 100644 --- a/api_docs/kbn_core_security_server_mocks.mdx +++ b/api_docs/kbn_core_security_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-mocks title: "@kbn/core-security-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-mocks'] --- import kbnCoreSecurityServerMocksObj from './kbn_core_security_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx index 01de7991a4162..33e3087f6b729 100644 --- a/api_docs/kbn_core_status_common.mdx +++ b/api_docs/kbn_core_status_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common title: "@kbn/core-status-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common'] --- import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json'; diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx index 1ec92f65eb805..db2382e7f8141 100644 --- a/api_docs/kbn_core_status_common_internal.mdx +++ b/api_docs/kbn_core_status_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal title: "@kbn/core-status-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal'] --- import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx index 39870e5beaaba..eeae84924e314 100644 --- a/api_docs/kbn_core_status_server.mdx +++ b/api_docs/kbn_core_status_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server title: "@kbn/core-status-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server'] --- import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx index 73100e126d083..f20a5d5e8c924 100644 --- a/api_docs/kbn_core_status_server_internal.mdx +++ b/api_docs/kbn_core_status_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal title: "@kbn/core-status-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal'] --- import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx index 196ae614d7c7d..7201d3162e3cb 100644 --- a/api_docs/kbn_core_status_server_mocks.mdx +++ b/api_docs/kbn_core_status_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks title: "@kbn/core-status-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks'] --- import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx index bbfbf3ec39811..d9aa86a7840c8 100644 --- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx +++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters title: "@kbn/core-test-helpers-deprecations-getters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters'] --- import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx index 49e728a8f7ee4..decd9a9277100 100644 --- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx +++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser title: "@kbn/core-test-helpers-http-setup-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser'] --- import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx index 5144cb6e6f970..eb60062653d32 100644 --- a/api_docs/kbn_core_test_helpers_kbn_server.mdx +++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server title: "@kbn/core-test-helpers-kbn-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-kbn-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server'] --- import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx index f3fb8f2ef0f85..deea48a635866 100644 --- a/api_docs/kbn_core_test_helpers_model_versions.mdx +++ b/api_docs/kbn_core_test_helpers_model_versions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions title: "@kbn/core-test-helpers-model-versions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-model-versions plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions'] --- import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx index d3b44ce5edeac..c8ba7fd730c55 100644 --- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx +++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer title: "@kbn/core-test-helpers-so-type-serializer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer'] --- import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx index 265c66d935333..3d33363e81e9d 100644 --- a/api_docs/kbn_core_test_helpers_test_utils.mdx +++ b/api_docs/kbn_core_test_helpers_test_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils title: "@kbn/core-test-helpers-test-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-test-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils'] --- import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx index a5219fe5e8ab2..8fb2998372996 100644 --- a/api_docs/kbn_core_theme_browser.mdx +++ b/api_docs/kbn_core_theme_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser title: "@kbn/core-theme-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser'] --- import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx index 89d859f973f69..ced3e5c8f5d78 100644 --- a/api_docs/kbn_core_theme_browser_mocks.mdx +++ b/api_docs/kbn_core_theme_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks title: "@kbn/core-theme-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks'] --- import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx index d95034fd001a3..12a9c7bc65168 100644 --- a/api_docs/kbn_core_ui_settings_browser.mdx +++ b/api_docs/kbn_core_ui_settings_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser title: "@kbn/core-ui-settings-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser'] --- import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx index 0b229a86bd042..8e54c9684a2ad 100644 --- a/api_docs/kbn_core_ui_settings_browser_internal.mdx +++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal title: "@kbn/core-ui-settings-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal'] --- import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx index 190a865f60254..cd61f99b4b2bd 100644 --- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks title: "@kbn/core-ui-settings-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks'] --- import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx index 22d022b4dedca..cb80cbedb788f 100644 --- a/api_docs/kbn_core_ui_settings_common.mdx +++ b/api_docs/kbn_core_ui_settings_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common title: "@kbn/core-ui-settings-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common'] --- import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx index a6a4e491aad3b..17b1af6710700 100644 --- a/api_docs/kbn_core_ui_settings_server.mdx +++ b/api_docs/kbn_core_ui_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server title: "@kbn/core-ui-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server'] --- import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx index 478448114cc24..789a46d1c5a73 100644 --- a/api_docs/kbn_core_ui_settings_server_internal.mdx +++ b/api_docs/kbn_core_ui_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal title: "@kbn/core-ui-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal'] --- import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx index a0501fe3df557..4348a829a7d6a 100644 --- a/api_docs/kbn_core_ui_settings_server_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks title: "@kbn/core-ui-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks'] --- import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx index 6fe28913f2a34..0eecc445ff9f8 100644 --- a/api_docs/kbn_core_usage_data_server.mdx +++ b/api_docs/kbn_core_usage_data_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server title: "@kbn/core-usage-data-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server'] --- import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx index 84d6dce63672f..61e6ab58e2e9f 100644 --- a/api_docs/kbn_core_usage_data_server_internal.mdx +++ b/api_docs/kbn_core_usage_data_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal title: "@kbn/core-usage-data-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal'] --- import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx index 844771af3608e..ba644258dfd72 100644 --- a/api_docs/kbn_core_usage_data_server_mocks.mdx +++ b/api_docs/kbn_core_usage_data_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks title: "@kbn/core-usage-data-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks'] --- import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser.mdx b/api_docs/kbn_core_user_profile_browser.mdx index 7532b55af8515..567b46bd16309 100644 --- a/api_docs/kbn_core_user_profile_browser.mdx +++ b/api_docs/kbn_core_user_profile_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser title: "@kbn/core-user-profile-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser'] --- import kbnCoreUserProfileBrowserObj from './kbn_core_user_profile_browser.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_internal.mdx b/api_docs/kbn_core_user_profile_browser_internal.mdx index 5316c6118fc50..6d8d2844fc05f 100644 --- a/api_docs/kbn_core_user_profile_browser_internal.mdx +++ b/api_docs/kbn_core_user_profile_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-internal title: "@kbn/core-user-profile-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-internal'] --- import kbnCoreUserProfileBrowserInternalObj from './kbn_core_user_profile_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_mocks.mdx b/api_docs/kbn_core_user_profile_browser_mocks.mdx index 0f11d19c24aea..a2ffdb5bf9bfd 100644 --- a/api_docs/kbn_core_user_profile_browser_mocks.mdx +++ b/api_docs/kbn_core_user_profile_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-mocks title: "@kbn/core-user-profile-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-mocks'] --- import kbnCoreUserProfileBrowserMocksObj from './kbn_core_user_profile_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_common.mdx b/api_docs/kbn_core_user_profile_common.mdx index 10836469ed162..f52ab178cfb34 100644 --- a/api_docs/kbn_core_user_profile_common.mdx +++ b/api_docs/kbn_core_user_profile_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-common title: "@kbn/core-user-profile-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-common'] --- import kbnCoreUserProfileCommonObj from './kbn_core_user_profile_common.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server.mdx b/api_docs/kbn_core_user_profile_server.mdx index 4ffaaff5bfe04..71bcc53fcf1cc 100644 --- a/api_docs/kbn_core_user_profile_server.mdx +++ b/api_docs/kbn_core_user_profile_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server title: "@kbn/core-user-profile-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server'] --- import kbnCoreUserProfileServerObj from './kbn_core_user_profile_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_internal.mdx b/api_docs/kbn_core_user_profile_server_internal.mdx index 5b51427cd672c..8f02889d3a193 100644 --- a/api_docs/kbn_core_user_profile_server_internal.mdx +++ b/api_docs/kbn_core_user_profile_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-internal title: "@kbn/core-user-profile-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-internal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-internal'] --- import kbnCoreUserProfileServerInternalObj from './kbn_core_user_profile_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_mocks.mdx b/api_docs/kbn_core_user_profile_server_mocks.mdx index 356afcbab8b67..4d9861f072e6c 100644 --- a/api_docs/kbn_core_user_profile_server_mocks.mdx +++ b/api_docs/kbn_core_user_profile_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-mocks title: "@kbn/core-user-profile-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-mocks'] --- import kbnCoreUserProfileServerMocksObj from './kbn_core_user_profile_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx index 76e7109acd934..d3ef3836f28da 100644 --- a/api_docs/kbn_core_user_settings_server.mdx +++ b/api_docs/kbn_core_user_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server title: "@kbn/core-user-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server'] --- import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx index 82e7ab380a748..58efb1632cc15 100644 --- a/api_docs/kbn_core_user_settings_server_mocks.mdx +++ b/api_docs/kbn_core_user_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks title: "@kbn/core-user-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks'] --- import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx index 3e0fa9bf5d4b1..7c1742b2dce33 100644 --- a/api_docs/kbn_crypto.mdx +++ b/api_docs/kbn_crypto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto title: "@kbn/crypto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto'] --- import kbnCryptoObj from './kbn_crypto.devdocs.json'; diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx index b83fcf61f044c..fb41fd4d2f069 100644 --- a/api_docs/kbn_crypto_browser.mdx +++ b/api_docs/kbn_crypto_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser title: "@kbn/crypto-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser'] --- import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json'; diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx index 9f663407eaf8c..033be37e25e5a 100644 --- a/api_docs/kbn_custom_icons.mdx +++ b/api_docs/kbn_custom_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-icons title: "@kbn/custom-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-icons plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons'] --- import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json'; diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx index ae0f788539315..66d977adeab1d 100644 --- a/api_docs/kbn_custom_integrations.mdx +++ b/api_docs/kbn_custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations title: "@kbn/custom-integrations" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-integrations plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations'] --- import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json'; diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx index 9a00fe84f8863..be7daaebfa2bf 100644 --- a/api_docs/kbn_cypress_config.mdx +++ b/api_docs/kbn_cypress_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config title: "@kbn/cypress-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cypress-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config'] --- import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json'; diff --git a/api_docs/kbn_data_forge.mdx b/api_docs/kbn_data_forge.mdx index 2629ad96f3114..a7d4f3f3b4867 100644 --- a/api_docs/kbn_data_forge.mdx +++ b/api_docs/kbn_data_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-forge title: "@kbn/data-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-forge plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-forge'] --- import kbnDataForgeObj from './kbn_data_forge.devdocs.json'; diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx index d18c2f5ac0c02..b6de0fdb6d3e0 100644 --- a/api_docs/kbn_data_service.mdx +++ b/api_docs/kbn_data_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service title: "@kbn/data-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-service plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service'] --- import kbnDataServiceObj from './kbn_data_service.devdocs.json'; diff --git a/api_docs/kbn_data_stream_adapter.mdx b/api_docs/kbn_data_stream_adapter.mdx index 5613bf12b696b..c794a952c8ad3 100644 --- a/api_docs/kbn_data_stream_adapter.mdx +++ b/api_docs/kbn_data_stream_adapter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-stream-adapter title: "@kbn/data-stream-adapter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-stream-adapter plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-stream-adapter'] --- import kbnDataStreamAdapterObj from './kbn_data_stream_adapter.devdocs.json'; diff --git a/api_docs/kbn_data_view_utils.mdx b/api_docs/kbn_data_view_utils.mdx index 70668ec224d39..5f302da76b92d 100644 --- a/api_docs/kbn_data_view_utils.mdx +++ b/api_docs/kbn_data_view_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-view-utils title: "@kbn/data-view-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-view-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-view-utils'] --- import kbnDataViewUtilsObj from './kbn_data_view_utils.devdocs.json'; diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx index 3ab5b5295c3b8..e0b70c8a773f4 100644 --- a/api_docs/kbn_datemath.mdx +++ b/api_docs/kbn_datemath.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath title: "@kbn/datemath" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/datemath plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath'] --- import kbnDatemathObj from './kbn_datemath.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx index ff663a097042e..62628740d8d40 100644 --- a/api_docs/kbn_deeplinks_analytics.mdx +++ b/api_docs/kbn_deeplinks_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics title: "@kbn/deeplinks-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-analytics plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics'] --- import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx index 7f3e6ef8d4f5e..9342bca97c4ee 100644 --- a/api_docs/kbn_deeplinks_devtools.mdx +++ b/api_docs/kbn_deeplinks_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools title: "@kbn/deeplinks-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-devtools plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools'] --- import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_fleet.mdx b/api_docs/kbn_deeplinks_fleet.mdx index 1bbb51fdc3d1d..160bd4fd7b8d7 100644 --- a/api_docs/kbn_deeplinks_fleet.mdx +++ b/api_docs/kbn_deeplinks_fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-fleet title: "@kbn/deeplinks-fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-fleet plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-fleet'] --- import kbnDeeplinksFleetObj from './kbn_deeplinks_fleet.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx index 885502c27a406..34b66034ecac4 100644 --- a/api_docs/kbn_deeplinks_management.mdx +++ b/api_docs/kbn_deeplinks_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management title: "@kbn/deeplinks-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-management plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management'] --- import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx index e3da77c2c9c79..5b49dd92db65b 100644 --- a/api_docs/kbn_deeplinks_ml.mdx +++ b/api_docs/kbn_deeplinks_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml title: "@kbn/deeplinks-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-ml plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml'] --- import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx index de08fc3ec294a..af2b920ef8061 100644 --- a/api_docs/kbn_deeplinks_observability.mdx +++ b/api_docs/kbn_deeplinks_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability title: "@kbn/deeplinks-observability" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-observability plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability'] --- import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_search.devdocs.json b/api_docs/kbn_deeplinks_search.devdocs.json index ab97c3e504a2d..8376c52ebf1ea 100644 --- a/api_docs/kbn_deeplinks_search.devdocs.json +++ b/api_docs/kbn_deeplinks_search.devdocs.json @@ -30,7 +30,7 @@ "label": "DeepLinkId", "description": [], "signature": [ - "\"appSearch\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"enterpriseSearchRelevance\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchInferenceEndpoints\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"enterpriseSearchRelevance:inferenceEndpoints\" | \"elasticsearchStart\" | \"elasticsearchIndices\"" + "\"appSearch\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"searchInferenceEndpoints\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"searchInferenceEndpoints:inferenceEndpoints\" | \"elasticsearchStart\" | \"elasticsearchIndices\"" ], "path": "packages/deeplinks/search/deep_links.ts", "deprecated": false, @@ -120,7 +120,7 @@ "label": "ENTERPRISE_SEARCH_RELEVANCE_APP_ID", "description": [], "signature": [ - "\"enterpriseSearchRelevance\"" + "\"searchInferenceEndpoints\"" ], "path": "packages/deeplinks/search/constants.ts", "deprecated": false, diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx index 2b29b0d3017e2..ec37b96d5be61 100644 --- a/api_docs/kbn_deeplinks_search.mdx +++ b/api_docs/kbn_deeplinks_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search title: "@kbn/deeplinks-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-search plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search'] --- import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_security.mdx b/api_docs/kbn_deeplinks_security.mdx index ee710ec947f74..72aa70b3e4c98 100644 --- a/api_docs/kbn_deeplinks_security.mdx +++ b/api_docs/kbn_deeplinks_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-security title: "@kbn/deeplinks-security" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-security plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-security'] --- import kbnDeeplinksSecurityObj from './kbn_deeplinks_security.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_shared.mdx b/api_docs/kbn_deeplinks_shared.mdx index d6815fac16393..1a78647e21066 100644 --- a/api_docs/kbn_deeplinks_shared.mdx +++ b/api_docs/kbn_deeplinks_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-shared title: "@kbn/deeplinks-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-shared plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-shared'] --- import kbnDeeplinksSharedObj from './kbn_deeplinks_shared.devdocs.json'; diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx index f41051dc93d52..380bf52a08b99 100644 --- a/api_docs/kbn_default_nav_analytics.mdx +++ b/api_docs/kbn_default_nav_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics title: "@kbn/default-nav-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-analytics plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics'] --- import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json'; diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx index b20f5bb5811b9..f7e7adc2901cf 100644 --- a/api_docs/kbn_default_nav_devtools.mdx +++ b/api_docs/kbn_default_nav_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools title: "@kbn/default-nav-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-devtools plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools'] --- import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json'; diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx index 6b2b6e027e614..92325fe70e6d2 100644 --- a/api_docs/kbn_default_nav_management.mdx +++ b/api_docs/kbn_default_nav_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management title: "@kbn/default-nav-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-management plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management'] --- import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json'; diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx index f2046def2cd30..0ce81dd9df569 100644 --- a/api_docs/kbn_default_nav_ml.mdx +++ b/api_docs/kbn_default_nav_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml title: "@kbn/default-nav-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-ml plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml'] --- import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx index 7603bd12a3236..87c8575f56a20 100644 --- a/api_docs/kbn_dev_cli_errors.mdx +++ b/api_docs/kbn_dev_cli_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors title: "@kbn/dev-cli-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-errors plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors'] --- import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx index 0d838f3ff43b5..35bc5c25adc33 100644 --- a/api_docs/kbn_dev_cli_runner.mdx +++ b/api_docs/kbn_dev_cli_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner title: "@kbn/dev-cli-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-runner plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner'] --- import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx index b7ad5b49e3b56..5525ece5bf416 100644 --- a/api_docs/kbn_dev_proc_runner.mdx +++ b/api_docs/kbn_dev_proc_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner title: "@kbn/dev-proc-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-proc-runner plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner'] --- import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx index 0f707300ec763..f5b40e64cee7e 100644 --- a/api_docs/kbn_dev_utils.mdx +++ b/api_docs/kbn_dev_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils title: "@kbn/dev-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils'] --- import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json'; diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx index 0836f9212736f..10757cf37cb5c 100644 --- a/api_docs/kbn_discover_utils.mdx +++ b/api_docs/kbn_discover_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils title: "@kbn/discover-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/discover-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils'] --- import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json'; diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx index 35a6d45a72177..2f60492005fa9 100644 --- a/api_docs/kbn_doc_links.mdx +++ b/api_docs/kbn_doc_links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links title: "@kbn/doc-links" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/doc-links plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links'] --- import kbnDocLinksObj from './kbn_doc_links.devdocs.json'; diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx index 9c8d117d82cd9..c29e85f798321 100644 --- a/api_docs/kbn_docs_utils.mdx +++ b/api_docs/kbn_docs_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils title: "@kbn/docs-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/docs-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils'] --- import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json'; diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx index 571324a4e88b8..78e5e8caa2e1f 100644 --- a/api_docs/kbn_dom_drag_drop.mdx +++ b/api_docs/kbn_dom_drag_drop.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop title: "@kbn/dom-drag-drop" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dom-drag-drop plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop'] --- import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json'; diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx index e7d20bbf6b793..9fb8765438dad 100644 --- a/api_docs/kbn_ebt_tools.mdx +++ b/api_docs/kbn_ebt_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools title: "@kbn/ebt-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ebt-tools plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools'] --- import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json'; diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx index 3ad3b42350c3a..eeb202bc59302 100644 --- a/api_docs/kbn_ecs_data_quality_dashboard.mdx +++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard title: "@kbn/ecs-data-quality-dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs-data-quality-dashboard plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard'] --- import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx index eaee0a7b617a9..69ec49fb34abb 100644 --- a/api_docs/kbn_elastic_agent_utils.mdx +++ b/api_docs/kbn_elastic_agent_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-agent-utils title: "@kbn/elastic-agent-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-agent-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils'] --- import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx index f75c56f0c3c5d..629be95ec3fc7 100644 --- a/api_docs/kbn_elastic_assistant.mdx +++ b/api_docs/kbn_elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant title: "@kbn/elastic-assistant" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant'] --- import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant_common.mdx b/api_docs/kbn_elastic_assistant_common.mdx index a237509f05591..570a31d6e5434 100644 --- a/api_docs/kbn_elastic_assistant_common.mdx +++ b/api_docs/kbn_elastic_assistant_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant-common title: "@kbn/elastic-assistant-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant-common'] --- import kbnElasticAssistantCommonObj from './kbn_elastic_assistant_common.devdocs.json'; diff --git a/api_docs/kbn_entities_schema.devdocs.json b/api_docs/kbn_entities_schema.devdocs.json index 5b590b73bafa8..c77e0ae7ffeb1 100644 --- a/api_docs/kbn_entities_schema.devdocs.json +++ b/api_docs/kbn_entities_schema.devdocs.json @@ -515,7 +515,7 @@ "label": "entityBaseSchema", "description": [], "signature": [ - "Zod.ZodObject<{ id: Zod.ZodString; type: Zod.ZodString; identityFields: Zod.ZodArray; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }>" + "Zod.ZodObject<{ id: Zod.ZodString; type: Zod.ZodString; identity_fields: Zod.ZodArray; display_name: Zod.ZodString; metrics: Zod.ZodRecord; definition_version: Zod.ZodString; schema_version: Zod.ZodString; definition_id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; schema_version: string; definition_id: string; definition_version: string; display_name: string; identity_fields: string[]; }, { id: string; type: string; metrics: Record; schema_version: string; definition_id: string; definition_version: string; display_name: string; identity_fields: string[]; }>" ], "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts", "deprecated": false, @@ -664,21 +664,6 @@ "trackAdoption": false, "initialIsOpen": false }, - { - "parentPluginId": "@kbn/entities-schema", - "id": "def-common.entityHistorySchema", - "type": "Object", - "tags": [], - "label": "entityHistorySchema", - "description": [], - "signature": [ - "Zod.ZodIntersection; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }>; }, \"strip\", Zod.ZodTypeAny, { '@timestamp': string; entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }; }, { '@timestamp': string; entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }; }>, Zod.ZodType>" - ], - "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - }, { "parentPluginId": "@kbn/entities-schema", "id": "def-common.entityLatestSchema", @@ -687,7 +672,7 @@ "label": "entityLatestSchema", "description": [], "signature": [ - "Zod.ZodIntersection; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, { lastSeenTimestamp: Zod.ZodString; }>, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; lastSeenTimestamp: string; schemaVersion: string; }>; }, \"strip\", Zod.ZodTypeAny, { entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; lastSeenTimestamp: string; schemaVersion: string; }; }, { entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; lastSeenTimestamp: string; schemaVersion: string; }; }>, Zod.ZodType>" + "Zod.ZodIntersection; display_name: Zod.ZodString; metrics: Zod.ZodRecord; definition_version: Zod.ZodString; schema_version: Zod.ZodString; definition_id: Zod.ZodString; }, { last_seen_timestamp: Zod.ZodString; }>, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: Record; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>; }, \"strip\", Zod.ZodTypeAny, { entity: { id: string; type: string; metrics: Record; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }; }, { entity: { id: string; type: string; metrics: Record; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }; }>, Zod.ZodType>" ], "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts", "deprecated": false, diff --git a/api_docs/kbn_entities_schema.mdx b/api_docs/kbn_entities_schema.mdx index 30d5beaa5515f..d313ebb1306ac 100644 --- a/api_docs/kbn_entities_schema.mdx +++ b/api_docs/kbn_entities_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-entities-schema title: "@kbn/entities-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/entities-schema plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/entities-schema'] --- import kbnEntitiesSchemaObj from './kbn_entities_schema.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entiti | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 44 | 0 | 44 | 0 | +| 43 | 0 | 43 | 0 | ## Common diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx index eb65f6efb5d6d..c7b0ebb5874dd 100644 --- a/api_docs/kbn_es.mdx +++ b/api_docs/kbn_es.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es title: "@kbn/es" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es'] --- import kbnEsObj from './kbn_es.devdocs.json'; diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx index fa37d599b6279..55707e9a38768 100644 --- a/api_docs/kbn_es_archiver.mdx +++ b/api_docs/kbn_es_archiver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver title: "@kbn/es-archiver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-archiver plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver'] --- import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json'; diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx index 79c39564ec545..f295049c285ea 100644 --- a/api_docs/kbn_es_errors.mdx +++ b/api_docs/kbn_es_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors title: "@kbn/es-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-errors plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors'] --- import kbnEsErrorsObj from './kbn_es_errors.devdocs.json'; diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx index a32af69363664..122e111454de1 100644 --- a/api_docs/kbn_es_query.mdx +++ b/api_docs/kbn_es_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query title: "@kbn/es-query" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-query plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query'] --- import kbnEsQueryObj from './kbn_es_query.devdocs.json'; diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx index 284a48cc3c5db..33cfd56d45220 100644 --- a/api_docs/kbn_es_types.mdx +++ b/api_docs/kbn_es_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types title: "@kbn/es-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types'] --- import kbnEsTypesObj from './kbn_es_types.devdocs.json'; diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx index 36c728a36f14d..6e77d2213edfc 100644 --- a/api_docs/kbn_eslint_plugin_imports.mdx +++ b/api_docs/kbn_eslint_plugin_imports.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports title: "@kbn/eslint-plugin-imports" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/eslint-plugin-imports plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports'] --- import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json'; diff --git a/api_docs/kbn_esql_ast.mdx b/api_docs/kbn_esql_ast.mdx index 343cf5cea540f..19fe99f93f78e 100644 --- a/api_docs/kbn_esql_ast.mdx +++ b/api_docs/kbn_esql_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-ast title: "@kbn/esql-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-ast plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-ast'] --- import kbnEsqlAstObj from './kbn_esql_ast.devdocs.json'; diff --git a/api_docs/kbn_esql_editor.mdx b/api_docs/kbn_esql_editor.mdx index ed71a80ed11bd..e03146f39e378 100644 --- a/api_docs/kbn_esql_editor.mdx +++ b/api_docs/kbn_esql_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-editor title: "@kbn/esql-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-editor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-editor'] --- import kbnEsqlEditorObj from './kbn_esql_editor.devdocs.json'; diff --git a/api_docs/kbn_esql_utils.mdx b/api_docs/kbn_esql_utils.mdx index 15aeb10b64833..2ec3411c954be 100644 --- a/api_docs/kbn_esql_utils.mdx +++ b/api_docs/kbn_esql_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-utils title: "@kbn/esql-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-utils'] --- import kbnEsqlUtilsObj from './kbn_esql_utils.devdocs.json'; diff --git a/api_docs/kbn_esql_validation_autocomplete.mdx b/api_docs/kbn_esql_validation_autocomplete.mdx index ebd0f86e6a87f..89b610257e42a 100644 --- a/api_docs/kbn_esql_validation_autocomplete.mdx +++ b/api_docs/kbn_esql_validation_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-validation-autocomplete title: "@kbn/esql-validation-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-validation-autocomplete plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-validation-autocomplete'] --- import kbnEsqlValidationAutocompleteObj from './kbn_esql_validation_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx index c08ad2d303880..d98f0b0115fdc 100644 --- a/api_docs/kbn_event_annotation_common.mdx +++ b/api_docs/kbn_event_annotation_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common title: "@kbn/event-annotation-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common'] --- import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx index c98ab9de56aff..4b34d02751a58 100644 --- a/api_docs/kbn_event_annotation_components.mdx +++ b/api_docs/kbn_event_annotation_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components title: "@kbn/event-annotation-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components'] --- import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json'; diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx index a34ac2b1772e5..b35a6c59d7a8b 100644 --- a/api_docs/kbn_expandable_flyout.mdx +++ b/api_docs/kbn_expandable_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout title: "@kbn/expandable-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/expandable-flyout plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout'] --- import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json'; diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx index d655980b6198d..e9c21d7f729de 100644 --- a/api_docs/kbn_field_types.mdx +++ b/api_docs/kbn_field_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types title: "@kbn/field-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types'] --- import kbnFieldTypesObj from './kbn_field_types.devdocs.json'; diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx index 21d346979b6e0..649469038a671 100644 --- a/api_docs/kbn_field_utils.mdx +++ b/api_docs/kbn_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils title: "@kbn/field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils'] --- import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json'; diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx index 3729b6b529726..603c676515bf3 100644 --- a/api_docs/kbn_find_used_node_modules.mdx +++ b/api_docs/kbn_find_used_node_modules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules title: "@kbn/find-used-node-modules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/find-used-node-modules plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules'] --- import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json'; diff --git a/api_docs/kbn_formatters.mdx b/api_docs/kbn_formatters.mdx index 9c26fad7579df..246393d698791 100644 --- a/api_docs/kbn_formatters.mdx +++ b/api_docs/kbn_formatters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-formatters title: "@kbn/formatters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/formatters plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/formatters'] --- import kbnFormattersObj from './kbn_formatters.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx index 5d5edbb421415..f81cabc48d332 100644 --- a/api_docs/kbn_ftr_common_functional_services.mdx +++ b/api_docs/kbn_ftr_common_functional_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services title: "@kbn/ftr-common-functional-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-services plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services'] --- import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_ui_services.mdx b/api_docs/kbn_ftr_common_functional_ui_services.mdx index d746dcf6c1ee7..c28175e7152e4 100644 --- a/api_docs/kbn_ftr_common_functional_ui_services.mdx +++ b/api_docs/kbn_ftr_common_functional_ui_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-ui-services title: "@kbn/ftr-common-functional-ui-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-ui-services plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-ui-services'] --- import kbnFtrCommonFunctionalUiServicesObj from './kbn_ftr_common_functional_ui_services.devdocs.json'; diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx index 88c5da95797a1..42be7bae5cf30 100644 --- a/api_docs/kbn_generate.mdx +++ b/api_docs/kbn_generate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate title: "@kbn/generate" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate'] --- import kbnGenerateObj from './kbn_generate.devdocs.json'; diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx index 8c102e5ffb44e..d9eb05cdee8a2 100644 --- a/api_docs/kbn_generate_console_definitions.mdx +++ b/api_docs/kbn_generate_console_definitions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions title: "@kbn/generate-console-definitions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-console-definitions plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions'] --- import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json'; diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx index 55b63c26c7883..830fdbea1f590 100644 --- a/api_docs/kbn_generate_csv.mdx +++ b/api_docs/kbn_generate_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv title: "@kbn/generate-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-csv plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv'] --- import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json'; diff --git a/api_docs/kbn_grid_layout.mdx b/api_docs/kbn_grid_layout.mdx index d08510cfe9146..a5dd8bb8b9464 100644 --- a/api_docs/kbn_grid_layout.mdx +++ b/api_docs/kbn_grid_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grid-layout title: "@kbn/grid-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/grid-layout plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grid-layout'] --- import kbnGridLayoutObj from './kbn_grid_layout.devdocs.json'; diff --git a/api_docs/kbn_grouping.mdx b/api_docs/kbn_grouping.mdx index 287f035d02383..affb1d2442f8c 100644 --- a/api_docs/kbn_grouping.mdx +++ b/api_docs/kbn_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grouping title: "@kbn/grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/grouping plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grouping'] --- import kbnGroupingObj from './kbn_grouping.devdocs.json'; diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx index 769ad16a2f40e..07feed0a2f9b0 100644 --- a/api_docs/kbn_guided_onboarding.mdx +++ b/api_docs/kbn_guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding title: "@kbn/guided-onboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/guided-onboarding plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding'] --- import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json'; diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx index 44445cbae253d..83c9a60809a28 100644 --- a/api_docs/kbn_handlebars.mdx +++ b/api_docs/kbn_handlebars.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars title: "@kbn/handlebars" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/handlebars plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars'] --- import kbnHandlebarsObj from './kbn_handlebars.devdocs.json'; diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx index 44e84764ace7d..ea3f6bd083270 100644 --- a/api_docs/kbn_hapi_mocks.mdx +++ b/api_docs/kbn_hapi_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks title: "@kbn/hapi-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/hapi-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks'] --- import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json'; diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx index 40b0d1689b6d7..75e2918850da6 100644 --- a/api_docs/kbn_health_gateway_server.mdx +++ b/api_docs/kbn_health_gateway_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server title: "@kbn/health-gateway-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/health-gateway-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server'] --- import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx index a5bd00eb22f81..0a6c849e2d27e 100644 --- a/api_docs/kbn_home_sample_data_card.mdx +++ b/api_docs/kbn_home_sample_data_card.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card title: "@kbn/home-sample-data-card" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-card plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card'] --- import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx index 5264ef503fc2d..a3b5c18877998 100644 --- a/api_docs/kbn_home_sample_data_tab.mdx +++ b/api_docs/kbn_home_sample_data_tab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab title: "@kbn/home-sample-data-tab" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-tab plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab'] --- import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json'; diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx index 86a6311d2a306..24c51107b6757 100644 --- a/api_docs/kbn_i18n.mdx +++ b/api_docs/kbn_i18n.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n title: "@kbn/i18n" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n'] --- import kbnI18nObj from './kbn_i18n.devdocs.json'; diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx index 659eba74ea166..7365b9cf56c0c 100644 --- a/api_docs/kbn_i18n_react.mdx +++ b/api_docs/kbn_i18n_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react title: "@kbn/i18n-react" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n-react plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react'] --- import kbnI18nReactObj from './kbn_i18n_react.devdocs.json'; diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx index 6fd53de34047d..6835ab654ec62 100644 --- a/api_docs/kbn_import_resolver.mdx +++ b/api_docs/kbn_import_resolver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver title: "@kbn/import-resolver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/import-resolver plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver'] --- import kbnImportResolverObj from './kbn_import_resolver.devdocs.json'; diff --git a/api_docs/kbn_index_management_shared_types.mdx b/api_docs/kbn_index_management_shared_types.mdx index a2574f6b29860..b3592adaed27c 100644 --- a/api_docs/kbn_index_management_shared_types.mdx +++ b/api_docs/kbn_index_management_shared_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-index-management-shared-types title: "@kbn/index-management-shared-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/index-management-shared-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-management-shared-types'] --- import kbnIndexManagementSharedTypesObj from './kbn_index_management_shared_types.devdocs.json'; diff --git a/api_docs/kbn_inference_integration_flyout.mdx b/api_docs/kbn_inference_integration_flyout.mdx index 14e63a7ca5251..ac27018c2f3ff 100644 --- a/api_docs/kbn_inference_integration_flyout.mdx +++ b/api_docs/kbn_inference_integration_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-inference_integration_flyout title: "@kbn/inference_integration_flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/inference_integration_flyout plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/inference_integration_flyout'] --- import kbnInferenceIntegrationFlyoutObj from './kbn_inference_integration_flyout.devdocs.json'; diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx index 08ffb112321b7..43150f2f556b3 100644 --- a/api_docs/kbn_infra_forge.mdx +++ b/api_docs/kbn_infra_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge title: "@kbn/infra-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/infra-forge plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge'] --- import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json'; diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx index e1119f9b6d3b1..b8fed5edc9fd4 100644 --- a/api_docs/kbn_interpreter.mdx +++ b/api_docs/kbn_interpreter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter title: "@kbn/interpreter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/interpreter plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter'] --- import kbnInterpreterObj from './kbn_interpreter.devdocs.json'; diff --git a/api_docs/kbn_investigation_shared.devdocs.json b/api_docs/kbn_investigation_shared.devdocs.json index 1ca48a20a4cd5..80d8b3d426e22 100644 --- a/api_docs/kbn_investigation_shared.devdocs.json +++ b/api_docs/kbn_investigation_shared.devdocs.json @@ -180,7 +180,7 @@ "label": "EntityWithSource", "description": [], "signature": [ - "{ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; }" + "{ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; }" ], "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts", "deprecated": false, @@ -300,7 +300,7 @@ "label": "GetEntitiesResponse", "description": [], "signature": [ - "{ entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }" + "{ entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }" ], "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts", "deprecated": false, @@ -752,7 +752,7 @@ "label": "entitySchema", "description": [], "signature": [ - "Zod.ZodObject<{ id: Zod.ZodString; definitionId: Zod.ZodString; definitionVersion: Zod.ZodString; displayName: Zod.ZodString; firstSeenTimestamp: Zod.ZodString; lastSeenTimestamp: Zod.ZodString; identityFields: Zod.ZodArray; schemaVersion: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }>" + "Zod.ZodObject<{ id: Zod.ZodString; definition_id: Zod.ZodString; definition_version: Zod.ZodString; display_name: Zod.ZodString; last_seen_timestamp: Zod.ZodString; identity_fields: Zod.ZodArray; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>" ], "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts", "deprecated": false, @@ -767,7 +767,7 @@ "label": "entityWithSourceSchema", "description": [], "signature": [ - "Zod.ZodIntersection; schemaVersion: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }>, Zod.ZodObject<{ sources: Zod.ZodArray; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>" + "Zod.ZodIntersection; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>, Zod.ZodObject<{ sources: Zod.ZodArray; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>" ], "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts", "deprecated": false, @@ -917,7 +917,7 @@ "label": "getEntitiesResponseSchema", "description": [], "signature": [ - "Zod.ZodObject<{ entities: Zod.ZodArray; schemaVersion: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }>, Zod.ZodObject<{ sources: Zod.ZodArray; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }>" + "Zod.ZodObject<{ entities: Zod.ZodArray; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>, Zod.ZodObject<{ sources: Zod.ZodArray; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }>" ], "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts", "deprecated": false, diff --git a/api_docs/kbn_investigation_shared.mdx b/api_docs/kbn_investigation_shared.mdx index 64fa1d7454eb9..61e2c59ca03cf 100644 --- a/api_docs/kbn_investigation_shared.mdx +++ b/api_docs/kbn_investigation_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-investigation-shared title: "@kbn/investigation-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/investigation-shared plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/investigation-shared'] --- import kbnInvestigationSharedObj from './kbn_investigation_shared.devdocs.json'; diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx index 61b2ee4fb0c48..779de9c3ba849 100644 --- a/api_docs/kbn_io_ts_utils.mdx +++ b/api_docs/kbn_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils title: "@kbn/io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/io-ts-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils'] --- import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_ipynb.mdx b/api_docs/kbn_ipynb.mdx index be01616222844..aca26680391e1 100644 --- a/api_docs/kbn_ipynb.mdx +++ b/api_docs/kbn_ipynb.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ipynb title: "@kbn/ipynb" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ipynb plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ipynb'] --- import kbnIpynbObj from './kbn_ipynb.devdocs.json'; diff --git a/api_docs/kbn_item_buffer.mdx b/api_docs/kbn_item_buffer.mdx index 6eca637c561b2..e238e311fae61 100644 --- a/api_docs/kbn_item_buffer.mdx +++ b/api_docs/kbn_item_buffer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-item-buffer title: "@kbn/item-buffer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/item-buffer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/item-buffer'] --- import kbnItemBufferObj from './kbn_item_buffer.devdocs.json'; diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx index 25a2c7bf39fef..346ed1307acb5 100644 --- a/api_docs/kbn_jest_serializers.mdx +++ b/api_docs/kbn_jest_serializers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers title: "@kbn/jest-serializers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/jest-serializers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers'] --- import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json'; diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx index b384fb4fd04be..a5973f75e5229 100644 --- a/api_docs/kbn_journeys.mdx +++ b/api_docs/kbn_journeys.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys title: "@kbn/journeys" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/journeys plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys'] --- import kbnJourneysObj from './kbn_journeys.devdocs.json'; diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx index e636f9eda15b7..79b2c1083c6e0 100644 --- a/api_docs/kbn_json_ast.mdx +++ b/api_docs/kbn_json_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast title: "@kbn/json-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-ast plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast'] --- import kbnJsonAstObj from './kbn_json_ast.devdocs.json'; diff --git a/api_docs/kbn_json_schemas.mdx b/api_docs/kbn_json_schemas.mdx index 6ab15f200e8cd..9d9a8e0942e9d 100644 --- a/api_docs/kbn_json_schemas.mdx +++ b/api_docs/kbn_json_schemas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-schemas title: "@kbn/json-schemas" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-schemas plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-schemas'] --- import kbnJsonSchemasObj from './kbn_json_schemas.devdocs.json'; diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx index 23c82f22047ce..ce2895c28a010 100644 --- a/api_docs/kbn_kibana_manifest_schema.mdx +++ b/api_docs/kbn_kibana_manifest_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema title: "@kbn/kibana-manifest-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/kibana-manifest-schema plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema'] --- import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json'; diff --git a/api_docs/kbn_language_documentation.mdx b/api_docs/kbn_language_documentation.mdx index 30ac4f4c4700b..4cb5df56da3d7 100644 --- a/api_docs/kbn_language_documentation.mdx +++ b/api_docs/kbn_language_documentation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation title: "@kbn/language-documentation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/language-documentation plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation'] --- import kbnLanguageDocumentationObj from './kbn_language_documentation.devdocs.json'; diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx index 482caa2c1b967..8363bed376074 100644 --- a/api_docs/kbn_lens_embeddable_utils.mdx +++ b/api_docs/kbn_lens_embeddable_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils title: "@kbn/lens-embeddable-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-embeddable-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils'] --- import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json'; diff --git a/api_docs/kbn_lens_formula_docs.mdx b/api_docs/kbn_lens_formula_docs.mdx index ca6a531bde925..3af2e063a80fa 100644 --- a/api_docs/kbn_lens_formula_docs.mdx +++ b/api_docs/kbn_lens_formula_docs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-formula-docs title: "@kbn/lens-formula-docs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-formula-docs plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-formula-docs'] --- import kbnLensFormulaDocsObj from './kbn_lens_formula_docs.devdocs.json'; diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx index 92f6f33ce7b49..c3771a2efafb0 100644 --- a/api_docs/kbn_logging.mdx +++ b/api_docs/kbn_logging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging title: "@kbn/logging" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging'] --- import kbnLoggingObj from './kbn_logging.devdocs.json'; diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx index 31c6a4200476f..6c21ab3c5702b 100644 --- a/api_docs/kbn_logging_mocks.mdx +++ b/api_docs/kbn_logging_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks title: "@kbn/logging-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks'] --- import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json'; diff --git a/api_docs/kbn_managed_content_badge.mdx b/api_docs/kbn_managed_content_badge.mdx index a84bd5b5adf38..f27e92755d3d4 100644 --- a/api_docs/kbn_managed_content_badge.mdx +++ b/api_docs/kbn_managed_content_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-content-badge title: "@kbn/managed-content-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-content-badge plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-content-badge'] --- import kbnManagedContentBadgeObj from './kbn_managed_content_badge.devdocs.json'; diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx index daa0edba16b4f..b20f954729a57 100644 --- a/api_docs/kbn_managed_vscode_config.mdx +++ b/api_docs/kbn_managed_vscode_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config title: "@kbn/managed-vscode-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-vscode-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config'] --- import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json'; diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx index 2820f77567156..f19508644a759 100644 --- a/api_docs/kbn_management_cards_navigation.mdx +++ b/api_docs/kbn_management_cards_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation title: "@kbn/management-cards-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-cards-navigation plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation'] --- import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json'; diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx index 5c81e069f793f..1d836867112ed 100644 --- a/api_docs/kbn_management_settings_application.mdx +++ b/api_docs/kbn_management_settings_application.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application title: "@kbn/management-settings-application" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-application plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application'] --- import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx index 18ff351bd0894..04af4cb8bdaf5 100644 --- a/api_docs/kbn_management_settings_components_field_category.mdx +++ b/api_docs/kbn_management_settings_components_field_category.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category title: "@kbn/management-settings-components-field-category" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-category plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category'] --- import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx index db24e5df33bbd..8d46a1cec735c 100644 --- a/api_docs/kbn_management_settings_components_field_input.mdx +++ b/api_docs/kbn_management_settings_components_field_input.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input title: "@kbn/management-settings-components-field-input" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-input plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input'] --- import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx index 265e6b05579ce..4df6d303d000e 100644 --- a/api_docs/kbn_management_settings_components_field_row.mdx +++ b/api_docs/kbn_management_settings_components_field_row.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row title: "@kbn/management-settings-components-field-row" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-row plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row'] --- import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx index 1eef2b307fff2..2fbd974dfd693 100644 --- a/api_docs/kbn_management_settings_components_form.mdx +++ b/api_docs/kbn_management_settings_components_form.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form title: "@kbn/management-settings-components-form" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-form plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form'] --- import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json'; diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx index 43b61728fec52..9aca16df027a3 100644 --- a/api_docs/kbn_management_settings_field_definition.mdx +++ b/api_docs/kbn_management_settings_field_definition.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition title: "@kbn/management-settings-field-definition" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-field-definition plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition'] --- import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json'; diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx index d10c6275c7361..d80da012989c1 100644 --- a/api_docs/kbn_management_settings_ids.mdx +++ b/api_docs/kbn_management_settings_ids.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids title: "@kbn/management-settings-ids" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-ids plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids'] --- import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json'; diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx index 1197351be5a93..d48c4fb58b71c 100644 --- a/api_docs/kbn_management_settings_section_registry.mdx +++ b/api_docs/kbn_management_settings_section_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry title: "@kbn/management-settings-section-registry" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-section-registry plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry'] --- import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json'; diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx index 9bb669a65a9a9..2718815816431 100644 --- a/api_docs/kbn_management_settings_types.mdx +++ b/api_docs/kbn_management_settings_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types title: "@kbn/management-settings-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types'] --- import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json'; diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx index c3adef2b30de1..e331df415b004 100644 --- a/api_docs/kbn_management_settings_utilities.mdx +++ b/api_docs/kbn_management_settings_utilities.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities title: "@kbn/management-settings-utilities" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-utilities plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities'] --- import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json'; diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx index 2720a7b68cbfe..d112f7f711464 100644 --- a/api_docs/kbn_management_storybook_config.mdx +++ b/api_docs/kbn_management_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config title: "@kbn/management-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-storybook-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config'] --- import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_manifest.mdx b/api_docs/kbn_manifest.mdx index 701c94824c8c6..eab05016b0781 100644 --- a/api_docs/kbn_manifest.mdx +++ b/api_docs/kbn_manifest.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-manifest title: "@kbn/manifest" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/manifest plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/manifest'] --- import kbnManifestObj from './kbn_manifest.devdocs.json'; diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx index 98de155206042..1dc75e2bd15d8 100644 --- a/api_docs/kbn_mapbox_gl.mdx +++ b/api_docs/kbn_mapbox_gl.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl title: "@kbn/mapbox-gl" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mapbox-gl plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl'] --- import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json'; diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx index 2aeb8f6080cad..772c2db275abf 100644 --- a/api_docs/kbn_maps_vector_tile_utils.mdx +++ b/api_docs/kbn_maps_vector_tile_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils title: "@kbn/maps-vector-tile-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/maps-vector-tile-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils'] --- import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx index d04107c481375..1e304bc971f6d 100644 --- a/api_docs/kbn_ml_agg_utils.mdx +++ b/api_docs/kbn_ml_agg_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils title: "@kbn/ml-agg-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-agg-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils'] --- import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx index fcb0e68bf6f36..10c93e64321ff 100644 --- a/api_docs/kbn_ml_anomaly_utils.mdx +++ b/api_docs/kbn_ml_anomaly_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils title: "@kbn/ml-anomaly-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-anomaly-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils'] --- import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_cancellable_search.mdx b/api_docs/kbn_ml_cancellable_search.mdx index 2ca1a387547c1..d4ba18b9f16e9 100644 --- a/api_docs/kbn_ml_cancellable_search.mdx +++ b/api_docs/kbn_ml_cancellable_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-cancellable-search title: "@kbn/ml-cancellable-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-cancellable-search plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-cancellable-search'] --- import kbnMlCancellableSearchObj from './kbn_ml_cancellable_search.devdocs.json'; diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx index 795ec79c3e1c8..b2a3fca81adfa 100644 --- a/api_docs/kbn_ml_category_validator.mdx +++ b/api_docs/kbn_ml_category_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator title: "@kbn/ml-category-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-category-validator plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator'] --- import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json'; diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx index 40985831652d3..220de4f84cf84 100644 --- a/api_docs/kbn_ml_chi2test.mdx +++ b/api_docs/kbn_ml_chi2test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test title: "@kbn/ml-chi2test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-chi2test plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test'] --- import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json'; diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx index fb7c66e45880f..151ed86d568e8 100644 --- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx +++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils title: "@kbn/ml-data-frame-analytics-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-frame-analytics-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils'] --- import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx index fa008ba8445c1..5e9cc1871e6aa 100644 --- a/api_docs/kbn_ml_data_grid.mdx +++ b/api_docs/kbn_ml_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid title: "@kbn/ml-data-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-grid plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid'] --- import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json'; diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx index f62be719afc5c..6591030da75bb 100644 --- a/api_docs/kbn_ml_date_picker.mdx +++ b/api_docs/kbn_ml_date_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker title: "@kbn/ml-date-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-picker plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker'] --- import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json'; diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx index 50486b789de61..105c825f80d19 100644 --- a/api_docs/kbn_ml_date_utils.mdx +++ b/api_docs/kbn_ml_date_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils title: "@kbn/ml-date-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils'] --- import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx index 7d9f10b5ba477..22d9b3204d1e2 100644 --- a/api_docs/kbn_ml_error_utils.mdx +++ b/api_docs/kbn_ml_error_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils title: "@kbn/ml-error-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-error-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils'] --- import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_field_stats_flyout.mdx b/api_docs/kbn_ml_field_stats_flyout.mdx index d6470180e010a..24ea3ef0382d4 100644 --- a/api_docs/kbn_ml_field_stats_flyout.mdx +++ b/api_docs/kbn_ml_field_stats_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-field-stats-flyout title: "@kbn/ml-field-stats-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-field-stats-flyout plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-field-stats-flyout'] --- import kbnMlFieldStatsFlyoutObj from './kbn_ml_field_stats_flyout.devdocs.json'; diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx index 9ee8c41f82b23..409fa6e07494a 100644 --- a/api_docs/kbn_ml_in_memory_table.mdx +++ b/api_docs/kbn_ml_in_memory_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table title: "@kbn/ml-in-memory-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-in-memory-table plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table'] --- import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json'; diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx index 8386ff75586e0..43e597ee21b30 100644 --- a/api_docs/kbn_ml_is_defined.mdx +++ b/api_docs/kbn_ml_is_defined.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined title: "@kbn/ml-is-defined" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-defined plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined'] --- import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json'; diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx index 26da72a924e9f..ffefb9c6ca19c 100644 --- a/api_docs/kbn_ml_is_populated_object.mdx +++ b/api_docs/kbn_ml_is_populated_object.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object title: "@kbn/ml-is-populated-object" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-populated-object plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object'] --- import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json'; diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx index f467b44a4f08a..719b33ec53994 100644 --- a/api_docs/kbn_ml_kibana_theme.mdx +++ b/api_docs/kbn_ml_kibana_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme title: "@kbn/ml-kibana-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-kibana-theme plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme'] --- import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json'; diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx index 4d844697c3344..2b5893c9c295e 100644 --- a/api_docs/kbn_ml_local_storage.mdx +++ b/api_docs/kbn_ml_local_storage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage title: "@kbn/ml-local-storage" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-local-storage plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage'] --- import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json'; diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx index 635ce00feae8a..5296c2dbaccad 100644 --- a/api_docs/kbn_ml_nested_property.mdx +++ b/api_docs/kbn_ml_nested_property.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property title: "@kbn/ml-nested-property" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-nested-property plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property'] --- import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json'; diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx index ecffdbf4fba30..bf6232a4827ff 100644 --- a/api_docs/kbn_ml_number_utils.mdx +++ b/api_docs/kbn_ml_number_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils title: "@kbn/ml-number-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-number-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils'] --- import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_parse_interval.mdx b/api_docs/kbn_ml_parse_interval.mdx index c28f00d61ad78..6f96cb6e6f94c 100644 --- a/api_docs/kbn_ml_parse_interval.mdx +++ b/api_docs/kbn_ml_parse_interval.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-parse-interval title: "@kbn/ml-parse-interval" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-parse-interval plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-parse-interval'] --- import kbnMlParseIntervalObj from './kbn_ml_parse_interval.devdocs.json'; diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx index 2b87406107560..c64c059e5ed05 100644 --- a/api_docs/kbn_ml_query_utils.mdx +++ b/api_docs/kbn_ml_query_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils title: "@kbn/ml-query-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-query-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils'] --- import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx index 1ca830e0e04df..352a55b529ea1 100644 --- a/api_docs/kbn_ml_random_sampler_utils.mdx +++ b/api_docs/kbn_ml_random_sampler_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils title: "@kbn/ml-random-sampler-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-random-sampler-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils'] --- import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx index bca7d10654381..c646654becebc 100644 --- a/api_docs/kbn_ml_route_utils.mdx +++ b/api_docs/kbn_ml_route_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils title: "@kbn/ml-route-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-route-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils'] --- import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx index e5b8f230d38f2..1c47a531cf254 100644 --- a/api_docs/kbn_ml_runtime_field_utils.mdx +++ b/api_docs/kbn_ml_runtime_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils title: "@kbn/ml-runtime-field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-runtime-field-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils'] --- import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx index 9865b072fdf14..4497bb7ffc4c6 100644 --- a/api_docs/kbn_ml_string_hash.mdx +++ b/api_docs/kbn_ml_string_hash.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash title: "@kbn/ml-string-hash" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-string-hash plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash'] --- import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json'; diff --git a/api_docs/kbn_ml_time_buckets.mdx b/api_docs/kbn_ml_time_buckets.mdx index f3c73e365f533..d6da826dc5ba9 100644 --- a/api_docs/kbn_ml_time_buckets.mdx +++ b/api_docs/kbn_ml_time_buckets.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-time-buckets title: "@kbn/ml-time-buckets" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-time-buckets plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-time-buckets'] --- import kbnMlTimeBucketsObj from './kbn_ml_time_buckets.devdocs.json'; diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx index 65d9f74292b34..af8cd6a5f0449 100644 --- a/api_docs/kbn_ml_trained_models_utils.mdx +++ b/api_docs/kbn_ml_trained_models_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils title: "@kbn/ml-trained-models-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-trained-models-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils'] --- import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_ui_actions.mdx b/api_docs/kbn_ml_ui_actions.mdx index 9e22cee8e6bdd..a1ad069335119 100644 --- a/api_docs/kbn_ml_ui_actions.mdx +++ b/api_docs/kbn_ml_ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-ui-actions title: "@kbn/ml-ui-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-ui-actions plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-ui-actions'] --- import kbnMlUiActionsObj from './kbn_ml_ui_actions.devdocs.json'; diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx index bfb7db77ec93e..76ff92117272f 100644 --- a/api_docs/kbn_ml_url_state.mdx +++ b/api_docs/kbn_ml_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state title: "@kbn/ml-url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-url-state plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state'] --- import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json'; diff --git a/api_docs/kbn_ml_validators.mdx b/api_docs/kbn_ml_validators.mdx index 089fd47272cc5..ef17b9c932dab 100644 --- a/api_docs/kbn_ml_validators.mdx +++ b/api_docs/kbn_ml_validators.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-validators title: "@kbn/ml-validators" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-validators plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-validators'] --- import kbnMlValidatorsObj from './kbn_ml_validators.devdocs.json'; diff --git a/api_docs/kbn_mock_idp_utils.mdx b/api_docs/kbn_mock_idp_utils.mdx index d3cd4e13073ce..9d781ae8ef90b 100644 --- a/api_docs/kbn_mock_idp_utils.mdx +++ b/api_docs/kbn_mock_idp_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mock-idp-utils title: "@kbn/mock-idp-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mock-idp-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mock-idp-utils'] --- import kbnMockIdpUtilsObj from './kbn_mock_idp_utils.devdocs.json'; diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx index dc626ad8492b5..89067681d89d1 100644 --- a/api_docs/kbn_monaco.mdx +++ b/api_docs/kbn_monaco.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco title: "@kbn/monaco" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/monaco plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco'] --- import kbnMonacoObj from './kbn_monaco.devdocs.json'; diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx index 4d15309731dd0..01acce6ddca1a 100644 --- a/api_docs/kbn_object_versioning.mdx +++ b/api_docs/kbn_object_versioning.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning title: "@kbn/object-versioning" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning'] --- import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json'; diff --git a/api_docs/kbn_object_versioning_utils.mdx b/api_docs/kbn_object_versioning_utils.mdx index 6b4731d6b77be..9f26696d1e97a 100644 --- a/api_docs/kbn_object_versioning_utils.mdx +++ b/api_docs/kbn_object_versioning_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning-utils title: "@kbn/object-versioning-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning-utils'] --- import kbnObjectVersioningUtilsObj from './kbn_object_versioning_utils.devdocs.json'; diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx index 6f7fd9448b9a3..cbc063a9ee9c1 100644 --- a/api_docs/kbn_observability_alert_details.mdx +++ b/api_docs/kbn_observability_alert_details.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details title: "@kbn/observability-alert-details" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alert-details plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details'] --- import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_rule_utils.mdx b/api_docs/kbn_observability_alerting_rule_utils.mdx index a4909cef8ac5a..9fe0fb4744d89 100644 --- a/api_docs/kbn_observability_alerting_rule_utils.mdx +++ b/api_docs/kbn_observability_alerting_rule_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-rule-utils title: "@kbn/observability-alerting-rule-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-rule-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-rule-utils'] --- import kbnObservabilityAlertingRuleUtilsObj from './kbn_observability_alerting_rule_utils.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx index 60227e84201e5..1992171a0064b 100644 --- a/api_docs/kbn_observability_alerting_test_data.mdx +++ b/api_docs/kbn_observability_alerting_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data title: "@kbn/observability-alerting-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-test-data plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data'] --- import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json'; diff --git a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx index cd099c16473db..0da3e233e1801 100644 --- a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx +++ b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-get-padded-alert-time-range-util title: "@kbn/observability-get-padded-alert-time-range-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-get-padded-alert-time-range-util plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-get-padded-alert-time-range-util'] --- import kbnObservabilityGetPaddedAlertTimeRangeUtilObj from './kbn_observability_get_padded_alert_time_range_util.devdocs.json'; diff --git a/api_docs/kbn_observability_logs_overview.mdx b/api_docs/kbn_observability_logs_overview.mdx index 1d288f077cd1e..498633eefc4c8 100644 --- a/api_docs/kbn_observability_logs_overview.mdx +++ b/api_docs/kbn_observability_logs_overview.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-logs-overview title: "@kbn/observability-logs-overview" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-logs-overview plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-logs-overview'] --- import kbnObservabilityLogsOverviewObj from './kbn_observability_logs_overview.devdocs.json'; diff --git a/api_docs/kbn_observability_synthetics_test_data.mdx b/api_docs/kbn_observability_synthetics_test_data.mdx index 018ca688ec568..2691732ed9e5c 100644 --- a/api_docs/kbn_observability_synthetics_test_data.mdx +++ b/api_docs/kbn_observability_synthetics_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-synthetics-test-data title: "@kbn/observability-synthetics-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-synthetics-test-data plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-synthetics-test-data'] --- import kbnObservabilitySyntheticsTestDataObj from './kbn_observability_synthetics_test_data.devdocs.json'; diff --git a/api_docs/kbn_openapi_bundler.mdx b/api_docs/kbn_openapi_bundler.mdx index 7b87d48fe3a25..5f9b4d5c59fbe 100644 --- a/api_docs/kbn_openapi_bundler.mdx +++ b/api_docs/kbn_openapi_bundler.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-bundler title: "@kbn/openapi-bundler" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-bundler plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-bundler'] --- import kbnOpenapiBundlerObj from './kbn_openapi_bundler.devdocs.json'; diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx index 8d1dad787fa9d..ef82dc2240bd8 100644 --- a/api_docs/kbn_openapi_generator.mdx +++ b/api_docs/kbn_openapi_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator title: "@kbn/openapi-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-generator plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator'] --- import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json'; diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx index 53d44e62876fc..e7a08328125a9 100644 --- a/api_docs/kbn_optimizer.mdx +++ b/api_docs/kbn_optimizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer title: "@kbn/optimizer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer'] --- import kbnOptimizerObj from './kbn_optimizer.devdocs.json'; diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx index 9a70bab522f7a..d8710d1994b37 100644 --- a/api_docs/kbn_optimizer_webpack_helpers.mdx +++ b/api_docs/kbn_optimizer_webpack_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers title: "@kbn/optimizer-webpack-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer-webpack-helpers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers'] --- import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json'; diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx index c25daa030b7c9..08a954ce8bedd 100644 --- a/api_docs/kbn_osquery_io_ts_types.mdx +++ b/api_docs/kbn_osquery_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types title: "@kbn/osquery-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/osquery-io-ts-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types'] --- import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_panel_loader.mdx b/api_docs/kbn_panel_loader.mdx index 0faedb06d0be6..98497c5014770 100644 --- a/api_docs/kbn_panel_loader.mdx +++ b/api_docs/kbn_panel_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-panel-loader title: "@kbn/panel-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/panel-loader plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/panel-loader'] --- import kbnPanelLoaderObj from './kbn_panel_loader.devdocs.json'; diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx index ef190c222fffe..830692290562e 100644 --- a/api_docs/kbn_performance_testing_dataset_extractor.mdx +++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor title: "@kbn/performance-testing-dataset-extractor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/performance-testing-dataset-extractor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor'] --- import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json'; diff --git a/api_docs/kbn_plugin_check.mdx b/api_docs/kbn_plugin_check.mdx index fc5c65896dffb..2731107736a37 100644 --- a/api_docs/kbn_plugin_check.mdx +++ b/api_docs/kbn_plugin_check.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-check title: "@kbn/plugin-check" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-check plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-check'] --- import kbnPluginCheckObj from './kbn_plugin_check.devdocs.json'; diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx index e085fb1556604..5cf0010cabece 100644 --- a/api_docs/kbn_plugin_generator.mdx +++ b/api_docs/kbn_plugin_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator title: "@kbn/plugin-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-generator plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator'] --- import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json'; diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx index 8a9c9b8af87ba..a1e8d6fb77d25 100644 --- a/api_docs/kbn_plugin_helpers.mdx +++ b/api_docs/kbn_plugin_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers title: "@kbn/plugin-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-helpers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers'] --- import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json'; diff --git a/api_docs/kbn_presentation_containers.mdx b/api_docs/kbn_presentation_containers.mdx index 544ebcc88f5b6..c53c3bb5db04a 100644 --- a/api_docs/kbn_presentation_containers.mdx +++ b/api_docs/kbn_presentation_containers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-containers title: "@kbn/presentation-containers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-containers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-containers'] --- import kbnPresentationContainersObj from './kbn_presentation_containers.devdocs.json'; diff --git a/api_docs/kbn_presentation_publishing.mdx b/api_docs/kbn_presentation_publishing.mdx index 0be85e7d48eb8..ced581a4c3716 100644 --- a/api_docs/kbn_presentation_publishing.mdx +++ b/api_docs/kbn_presentation_publishing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-publishing title: "@kbn/presentation-publishing" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-publishing plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-publishing'] --- import kbnPresentationPublishingObj from './kbn_presentation_publishing.devdocs.json'; diff --git a/api_docs/kbn_product_doc_artifact_builder.mdx b/api_docs/kbn_product_doc_artifact_builder.mdx index e3ae09c7a122d..27906026a3a58 100644 --- a/api_docs/kbn_product_doc_artifact_builder.mdx +++ b/api_docs/kbn_product_doc_artifact_builder.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-product-doc-artifact-builder title: "@kbn/product-doc-artifact-builder" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/product-doc-artifact-builder plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/product-doc-artifact-builder'] --- import kbnProductDocArtifactBuilderObj from './kbn_product_doc_artifact_builder.devdocs.json'; diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx index 1c38918dae4f4..f5b837d955f93 100644 --- a/api_docs/kbn_profiling_utils.mdx +++ b/api_docs/kbn_profiling_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils title: "@kbn/profiling-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/profiling-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils'] --- import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json'; diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx index e845fba51eba6..c29eb601ef06d 100644 --- a/api_docs/kbn_random_sampling.mdx +++ b/api_docs/kbn_random_sampling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling title: "@kbn/random-sampling" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/random-sampling plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling'] --- import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json'; diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx index e8ae5484895b7..01f92485140e3 100644 --- a/api_docs/kbn_react_field.mdx +++ b/api_docs/kbn_react_field.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field title: "@kbn/react-field" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-field plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field'] --- import kbnReactFieldObj from './kbn_react_field.devdocs.json'; diff --git a/api_docs/kbn_react_hooks.mdx b/api_docs/kbn_react_hooks.mdx index 103b80256875b..5231dac306589 100644 --- a/api_docs/kbn_react_hooks.mdx +++ b/api_docs/kbn_react_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-hooks title: "@kbn/react-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-hooks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-hooks'] --- import kbnReactHooksObj from './kbn_react_hooks.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx index b5f72707daf28..aa58df9b3f3cd 100644 --- a/api_docs/kbn_react_kibana_context_common.mdx +++ b/api_docs/kbn_react_kibana_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common title: "@kbn/react-kibana-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common'] --- import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx index 8e3be04d309fa..c982453cc508a 100644 --- a/api_docs/kbn_react_kibana_context_render.mdx +++ b/api_docs/kbn_react_kibana_context_render.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render title: "@kbn/react-kibana-context-render" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-render plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render'] --- import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx index c0c26b5f8adf5..80bf2e9a894eb 100644 --- a/api_docs/kbn_react_kibana_context_root.mdx +++ b/api_docs/kbn_react_kibana_context_root.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root title: "@kbn/react-kibana-context-root" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-root plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root'] --- import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx index 6b1974a6dd74b..c50c21cefbb2d 100644 --- a/api_docs/kbn_react_kibana_context_styled.mdx +++ b/api_docs/kbn_react_kibana_context_styled.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled title: "@kbn/react-kibana-context-styled" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-styled plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled'] --- import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx index 53d592bbb7535..f39d0990c6c86 100644 --- a/api_docs/kbn_react_kibana_context_theme.mdx +++ b/api_docs/kbn_react_kibana_context_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme title: "@kbn/react-kibana-context-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-theme plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme'] --- import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx index c401af9213205..da2e8df6af3ba 100644 --- a/api_docs/kbn_react_kibana_mount.mdx +++ b/api_docs/kbn_react_kibana_mount.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount title: "@kbn/react-kibana-mount" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-mount plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount'] --- import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json'; diff --git a/api_docs/kbn_recently_accessed.mdx b/api_docs/kbn_recently_accessed.mdx index 7a833ea6508ad..4b420ff4ea28b 100644 --- a/api_docs/kbn_recently_accessed.mdx +++ b/api_docs/kbn_recently_accessed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-recently-accessed title: "@kbn/recently-accessed" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/recently-accessed plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/recently-accessed'] --- import kbnRecentlyAccessedObj from './kbn_recently_accessed.devdocs.json'; diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx index f8c7cbd52bc65..aa391c71440b5 100644 --- a/api_docs/kbn_repo_file_maps.mdx +++ b/api_docs/kbn_repo_file_maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps title: "@kbn/repo-file-maps" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-file-maps plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps'] --- import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json'; diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx index 3f18186f7d896..ee6bef619fa75 100644 --- a/api_docs/kbn_repo_linter.mdx +++ b/api_docs/kbn_repo_linter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter title: "@kbn/repo-linter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-linter plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter'] --- import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json'; diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx index dc69fdff1248e..1590607a4aa8e 100644 --- a/api_docs/kbn_repo_path.mdx +++ b/api_docs/kbn_repo_path.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path title: "@kbn/repo-path" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-path plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path'] --- import kbnRepoPathObj from './kbn_repo_path.devdocs.json'; diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx index e431fa380894e..70cecf2eadc23 100644 --- a/api_docs/kbn_repo_source_classifier.mdx +++ b/api_docs/kbn_repo_source_classifier.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier title: "@kbn/repo-source-classifier" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-source-classifier plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier'] --- import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json'; diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx index bacbadd071a1a..7f38487a5971e 100644 --- a/api_docs/kbn_reporting_common.mdx +++ b/api_docs/kbn_reporting_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common title: "@kbn/reporting-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common'] --- import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_csv_share_panel.mdx b/api_docs/kbn_reporting_csv_share_panel.mdx index 0fee8b5f8f191..28c69946fc45b 100644 --- a/api_docs/kbn_reporting_csv_share_panel.mdx +++ b/api_docs/kbn_reporting_csv_share_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-csv-share-panel title: "@kbn/reporting-csv-share-panel" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-csv-share-panel plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-csv-share-panel'] --- import kbnReportingCsvSharePanelObj from './kbn_reporting_csv_share_panel.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx index 8e01711eff9bd..27ec46307e090 100644 --- a/api_docs/kbn_reporting_export_types_csv.mdx +++ b/api_docs/kbn_reporting_export_types_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv title: "@kbn/reporting-export-types-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv'] --- import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx index a19ca891c8559..42cd225d97770 100644 --- a/api_docs/kbn_reporting_export_types_csv_common.mdx +++ b/api_docs/kbn_reporting_export_types_csv_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common title: "@kbn/reporting-export-types-csv-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common'] --- import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx index cc6e879b08d22..0edbe3b0b1df5 100644 --- a/api_docs/kbn_reporting_export_types_pdf.mdx +++ b/api_docs/kbn_reporting_export_types_pdf.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf title: "@kbn/reporting-export-types-pdf" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf'] --- import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx index fbd7a6eeec632..6186066bb6bc9 100644 --- a/api_docs/kbn_reporting_export_types_pdf_common.mdx +++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common title: "@kbn/reporting-export-types-pdf-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common'] --- import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx index 8740a98329d9e..8366182dc3ba9 100644 --- a/api_docs/kbn_reporting_export_types_png.mdx +++ b/api_docs/kbn_reporting_export_types_png.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png title: "@kbn/reporting-export-types-png" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png'] --- import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx index 251ee85580d57..eef81b3da3ae7 100644 --- a/api_docs/kbn_reporting_export_types_png_common.mdx +++ b/api_docs/kbn_reporting_export_types_png_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common title: "@kbn/reporting-export-types-png-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common'] --- import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx index cf00f6402142d..217aaea7ef540 100644 --- a/api_docs/kbn_reporting_mocks_server.mdx +++ b/api_docs/kbn_reporting_mocks_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server title: "@kbn/reporting-mocks-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-mocks-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server'] --- import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json'; diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx index a6b1728182ef7..ebcdbba42865b 100644 --- a/api_docs/kbn_reporting_public.mdx +++ b/api_docs/kbn_reporting_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public title: "@kbn/reporting-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-public plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public'] --- import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json'; diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx index 66eb40bdf13af..9570c7c300ecd 100644 --- a/api_docs/kbn_reporting_server.mdx +++ b/api_docs/kbn_reporting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server title: "@kbn/reporting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server'] --- import kbnReportingServerObj from './kbn_reporting_server.devdocs.json'; diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx index 01e739b2eea59..a21dd8d7e3821 100644 --- a/api_docs/kbn_resizable_layout.mdx +++ b/api_docs/kbn_resizable_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout title: "@kbn/resizable-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/resizable-layout plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout'] --- import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json'; diff --git a/api_docs/kbn_response_ops_feature_flag_service.mdx b/api_docs/kbn_response_ops_feature_flag_service.mdx index 27107dd30cca2..b013f86b35189 100644 --- a/api_docs/kbn_response_ops_feature_flag_service.mdx +++ b/api_docs/kbn_response_ops_feature_flag_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-response-ops-feature-flag-service title: "@kbn/response-ops-feature-flag-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/response-ops-feature-flag-service plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-feature-flag-service'] --- import kbnResponseOpsFeatureFlagServiceObj from './kbn_response_ops_feature_flag_service.devdocs.json'; diff --git a/api_docs/kbn_response_ops_rule_params.devdocs.json b/api_docs/kbn_response_ops_rule_params.devdocs.json new file mode 100644 index 0000000000000..765f753679eed --- /dev/null +++ b/api_docs/kbn_response_ops_rule_params.devdocs.json @@ -0,0 +1,177 @@ +{ + "id": "@kbn/response-ops-rule-params", + "client": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "common": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [ + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.RuleParams", + "type": "Type", + "tags": [], + "label": "RuleParams", + "description": [], + "signature": [ + "{ [x: string]: any; }" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.RuleParams", + "type": "Type", + "tags": [], + "label": "RuleParams", + "description": [], + "signature": [ + "{ [x: string]: any; }" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.RuleParamsWithDefaultValue", + "type": "Type", + "tags": [], + "label": "RuleParamsWithDefaultValue", + "description": [], + "signature": [ + "{ [x: string]: any; }" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.RuleParamsWithDefaultValue", + "type": "Type", + "tags": [], + "label": "RuleParamsWithDefaultValue", + "description": [], + "signature": [ + "{ [x: string]: any; }" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [ + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.ruleParamsSchema", + "type": "Object", + "tags": [], + "label": "ruleParamsSchema", + "description": [], + "signature": [ + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + ">" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.ruleParamsSchema", + "type": "Object", + "tags": [], + "label": "ruleParamsSchema", + "description": [], + "signature": [ + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + ">" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.ruleParamsSchemaWithDefaultValue", + "type": "Object", + "tags": [], + "label": "ruleParamsSchemaWithDefaultValue", + "description": [], + "signature": [ + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + ">" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/response-ops-rule-params", + "id": "def-common.ruleParamsSchemaWithDefaultValue", + "type": "Object", + "tags": [], + "label": "ruleParamsSchemaWithDefaultValue", + "description": [], + "signature": [ + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + ">" + ], + "path": "packages/response-ops/rule_params/v1.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ] + } +} \ No newline at end of file diff --git a/api_docs/kbn_response_ops_rule_params.mdx b/api_docs/kbn_response_ops_rule_params.mdx new file mode 100644 index 0000000000000..88e4d676ab408 --- /dev/null +++ b/api_docs/kbn_response_ops_rule_params.mdx @@ -0,0 +1,33 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibKbnResponseOpsRuleParamsPluginApi +slug: /kibana-dev-docs/api/kbn-response-ops-rule-params +title: "@kbn/response-ops-rule-params" +image: https://source.unsplash.com/400x175/?github +description: API docs for the @kbn/response-ops-rule-params plugin +date: 2024-10-24 +tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-rule-params'] +--- +import kbnResponseOpsRuleParamsObj from './kbn_response_ops_rule_params.devdocs.json'; + + + +Contact [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 8 | 0 | 8 | 0 | + +## Common + +### Objects + + +### Consts, variables and types + + diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx index 7fa1a5feb45aa..5899bb7f3c7ce 100644 --- a/api_docs/kbn_rison.mdx +++ b/api_docs/kbn_rison.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison title: "@kbn/rison" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rison plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison'] --- import kbnRisonObj from './kbn_rison.devdocs.json'; diff --git a/api_docs/kbn_rollup.mdx b/api_docs/kbn_rollup.mdx index 71c199c3e73f6..c438a0c052ba2 100644 --- a/api_docs/kbn_rollup.mdx +++ b/api_docs/kbn_rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rollup title: "@kbn/rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rollup plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rollup'] --- import kbnRollupObj from './kbn_rollup.devdocs.json'; diff --git a/api_docs/kbn_router_to_openapispec.mdx b/api_docs/kbn_router_to_openapispec.mdx index b9d2fdf7eadbf..6f3297c1c9043 100644 --- a/api_docs/kbn_router_to_openapispec.mdx +++ b/api_docs/kbn_router_to_openapispec.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-to-openapispec title: "@kbn/router-to-openapispec" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-to-openapispec plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-to-openapispec'] --- import kbnRouterToOpenapispecObj from './kbn_router_to_openapispec.devdocs.json'; diff --git a/api_docs/kbn_router_utils.mdx b/api_docs/kbn_router_utils.mdx index 6cde5255c91e9..9875b5cb9e87c 100644 --- a/api_docs/kbn_router_utils.mdx +++ b/api_docs/kbn_router_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-utils title: "@kbn/router-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-utils'] --- import kbnRouterUtilsObj from './kbn_router_utils.devdocs.json'; diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx index 4525652490018..86119a9dc91a9 100644 --- a/api_docs/kbn_rrule.mdx +++ b/api_docs/kbn_rrule.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule title: "@kbn/rrule" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rrule plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule'] --- import kbnRruleObj from './kbn_rrule.devdocs.json'; diff --git a/api_docs/kbn_rule_data_utils.devdocs.json b/api_docs/kbn_rule_data_utils.devdocs.json index abb9f407735b1..20d8ad66f520a 100644 --- a/api_docs/kbn_rule_data_utils.devdocs.json +++ b/api_docs/kbn_rule_data_utils.devdocs.json @@ -1982,6 +1982,36 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/rule-data-utils", + "id": "def-common.SYNTHETICS_STATUS_RULE", + "type": "string", + "tags": [], + "label": "SYNTHETICS_STATUS_RULE", + "description": [], + "signature": [ + "\"xpack.synthetics.alerts.monitorStatus\"" + ], + "path": "packages/kbn-rule-data-utils/src/rule_types/o11y_rules.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/rule-data-utils", + "id": "def-common.SYNTHETICS_TLS_RULE", + "type": "string", + "tags": [], + "label": "SYNTHETICS_TLS_RULE", + "description": [], + "signature": [ + "\"xpack.synthetics.alerts.tls\"" + ], + "path": "packages/kbn-rule-data-utils/src/rule_types/o11y_rules.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/rule-data-utils", "id": "def-common.TAGS", diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx index 56f7328d4e074..49768d5de76ac 100644 --- a/api_docs/kbn_rule_data_utils.mdx +++ b/api_docs/kbn_rule_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils title: "@kbn/rule-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rule-data-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils'] --- import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-detections-response](https://github.com/orgs/elastic/ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 136 | 0 | 133 | 0 | +| 138 | 0 | 135 | 0 | ## Common diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx index b282c94a80ed1..fce8c568bd63e 100644 --- a/api_docs/kbn_saved_objects_settings.mdx +++ b/api_docs/kbn_saved_objects_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings title: "@kbn/saved-objects-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/saved-objects-settings plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings'] --- import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json'; diff --git a/api_docs/kbn_screenshotting_server.mdx b/api_docs/kbn_screenshotting_server.mdx index e3082f75b86b5..f91e379cf0c8b 100644 --- a/api_docs/kbn_screenshotting_server.mdx +++ b/api_docs/kbn_screenshotting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-screenshotting-server title: "@kbn/screenshotting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/screenshotting-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/screenshotting-server'] --- import kbnScreenshottingServerObj from './kbn_screenshotting_server.devdocs.json'; diff --git a/api_docs/kbn_search_api_keys_components.mdx b/api_docs/kbn_search_api_keys_components.mdx index 2845fb1e18728..efdf98cc9edf3 100644 --- a/api_docs/kbn_search_api_keys_components.mdx +++ b/api_docs/kbn_search_api_keys_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-keys-components title: "@kbn/search-api-keys-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-keys-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-keys-components'] --- import kbnSearchApiKeysComponentsObj from './kbn_search_api_keys_components.devdocs.json'; diff --git a/api_docs/kbn_search_api_keys_server.mdx b/api_docs/kbn_search_api_keys_server.mdx index 1de1e5ce0833b..c72af04c3d7de 100644 --- a/api_docs/kbn_search_api_keys_server.mdx +++ b/api_docs/kbn_search_api_keys_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-keys-server title: "@kbn/search-api-keys-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-keys-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-keys-server'] --- import kbnSearchApiKeysServerObj from './kbn_search_api_keys_server.devdocs.json'; diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx index 0d8cd756524fd..724161af9c376 100644 --- a/api_docs/kbn_search_api_panels.mdx +++ b/api_docs/kbn_search_api_panels.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels title: "@kbn/search-api-panels" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-panels plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels'] --- import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json'; diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx index c93d99c924c28..f6d6e0c1b5d55 100644 --- a/api_docs/kbn_search_connectors.mdx +++ b/api_docs/kbn_search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors title: "@kbn/search-connectors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-connectors plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors'] --- import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json'; diff --git a/api_docs/kbn_search_errors.mdx b/api_docs/kbn_search_errors.mdx index de23e2c15d3c9..728996daa84be 100644 --- a/api_docs/kbn_search_errors.mdx +++ b/api_docs/kbn_search_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-errors title: "@kbn/search-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-errors plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-errors'] --- import kbnSearchErrorsObj from './kbn_search_errors.devdocs.json'; diff --git a/api_docs/kbn_search_index_documents.mdx b/api_docs/kbn_search_index_documents.mdx index a2966a0a1de69..6c7d6b0e425f5 100644 --- a/api_docs/kbn_search_index_documents.mdx +++ b/api_docs/kbn_search_index_documents.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-index-documents title: "@kbn/search-index-documents" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-index-documents plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-index-documents'] --- import kbnSearchIndexDocumentsObj from './kbn_search_index_documents.devdocs.json'; diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx index bba562bcd6858..5d87c05626abb 100644 --- a/api_docs/kbn_search_response_warnings.mdx +++ b/api_docs/kbn_search_response_warnings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings title: "@kbn/search-response-warnings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-response-warnings plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings'] --- import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json'; diff --git a/api_docs/kbn_search_shared_ui.mdx b/api_docs/kbn_search_shared_ui.mdx index c090540247403..5e1dcf4044ada 100644 --- a/api_docs/kbn_search_shared_ui.mdx +++ b/api_docs/kbn_search_shared_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-shared-ui title: "@kbn/search-shared-ui" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-shared-ui plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-shared-ui'] --- import kbnSearchSharedUiObj from './kbn_search_shared_ui.devdocs.json'; diff --git a/api_docs/kbn_search_types.mdx b/api_docs/kbn_search_types.mdx index bea8417e0a117..ce4627c62ab75 100644 --- a/api_docs/kbn_search_types.mdx +++ b/api_docs/kbn_search_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-types title: "@kbn/search-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-types'] --- import kbnSearchTypesObj from './kbn_search_types.devdocs.json'; diff --git a/api_docs/kbn_security_api_key_management.mdx b/api_docs/kbn_security_api_key_management.mdx index a407b3a320008..275f4d5d54d8e 100644 --- a/api_docs/kbn_security_api_key_management.mdx +++ b/api_docs/kbn_security_api_key_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-api-key-management title: "@kbn/security-api-key-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-api-key-management plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-api-key-management'] --- import kbnSecurityApiKeyManagementObj from './kbn_security_api_key_management.devdocs.json'; diff --git a/api_docs/kbn_security_authorization_core.mdx b/api_docs/kbn_security_authorization_core.mdx index 645692ea79acb..1800c7ac7eb4b 100644 --- a/api_docs/kbn_security_authorization_core.mdx +++ b/api_docs/kbn_security_authorization_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-authorization-core title: "@kbn/security-authorization-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-authorization-core plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-authorization-core'] --- import kbnSecurityAuthorizationCoreObj from './kbn_security_authorization_core.devdocs.json'; diff --git a/api_docs/kbn_security_authorization_core_common.mdx b/api_docs/kbn_security_authorization_core_common.mdx index 0b4d75e73399a..cd4fd6bb4374c 100644 --- a/api_docs/kbn_security_authorization_core_common.mdx +++ b/api_docs/kbn_security_authorization_core_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-authorization-core-common title: "@kbn/security-authorization-core-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-authorization-core-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-authorization-core-common'] --- import kbnSecurityAuthorizationCoreCommonObj from './kbn_security_authorization_core_common.devdocs.json'; diff --git a/api_docs/kbn_security_form_components.mdx b/api_docs/kbn_security_form_components.mdx index 8df41faa758a8..e44b796fc598d 100644 --- a/api_docs/kbn_security_form_components.mdx +++ b/api_docs/kbn_security_form_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-form-components title: "@kbn/security-form-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-form-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-form-components'] --- import kbnSecurityFormComponentsObj from './kbn_security_form_components.devdocs.json'; diff --git a/api_docs/kbn_security_hardening.mdx b/api_docs/kbn_security_hardening.mdx index 8a87c1292040e..3699ab2e157b2 100644 --- a/api_docs/kbn_security_hardening.mdx +++ b/api_docs/kbn_security_hardening.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-hardening title: "@kbn/security-hardening" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-hardening plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-hardening'] --- import kbnSecurityHardeningObj from './kbn_security_hardening.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_common.mdx b/api_docs/kbn_security_plugin_types_common.mdx index bf3b8968baf10..d6cd03dff66e9 100644 --- a/api_docs/kbn_security_plugin_types_common.mdx +++ b/api_docs/kbn_security_plugin_types_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-common title: "@kbn/security-plugin-types-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-common'] --- import kbnSecurityPluginTypesCommonObj from './kbn_security_plugin_types_common.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_public.mdx b/api_docs/kbn_security_plugin_types_public.mdx index a0d87552a9d57..39c53f51defb3 100644 --- a/api_docs/kbn_security_plugin_types_public.mdx +++ b/api_docs/kbn_security_plugin_types_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-public title: "@kbn/security-plugin-types-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-public plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-public'] --- import kbnSecurityPluginTypesPublicObj from './kbn_security_plugin_types_public.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_server.mdx b/api_docs/kbn_security_plugin_types_server.mdx index 4018d70c6d645..f5ed0a2ca46f2 100644 --- a/api_docs/kbn_security_plugin_types_server.mdx +++ b/api_docs/kbn_security_plugin_types_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-server title: "@kbn/security-plugin-types-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-server'] --- import kbnSecurityPluginTypesServerObj from './kbn_security_plugin_types_server.devdocs.json'; diff --git a/api_docs/kbn_security_role_management_model.mdx b/api_docs/kbn_security_role_management_model.mdx index b960e7eaf0587..9e4f63765a0f6 100644 --- a/api_docs/kbn_security_role_management_model.mdx +++ b/api_docs/kbn_security_role_management_model.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-role-management-model title: "@kbn/security-role-management-model" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-role-management-model plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-role-management-model'] --- import kbnSecurityRoleManagementModelObj from './kbn_security_role_management_model.devdocs.json'; diff --git a/api_docs/kbn_security_solution_common.mdx b/api_docs/kbn_security_solution_common.mdx index ed71112055d49..8b4ac9b45d9a3 100644 --- a/api_docs/kbn_security_solution_common.mdx +++ b/api_docs/kbn_security_solution_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-common title: "@kbn/security-solution-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-common plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-common'] --- import kbnSecuritySolutionCommonObj from './kbn_security_solution_common.devdocs.json'; diff --git a/api_docs/kbn_security_solution_distribution_bar.mdx b/api_docs/kbn_security_solution_distribution_bar.mdx index 22f592b865a7e..c67c232cd26ef 100644 --- a/api_docs/kbn_security_solution_distribution_bar.mdx +++ b/api_docs/kbn_security_solution_distribution_bar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-distribution-bar title: "@kbn/security-solution-distribution-bar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-distribution-bar plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-distribution-bar'] --- import kbnSecuritySolutionDistributionBarObj from './kbn_security_solution_distribution_bar.devdocs.json'; diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx index da597df7a665a..16cfbfdcbc12a 100644 --- a/api_docs/kbn_security_solution_features.mdx +++ b/api_docs/kbn_security_solution_features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features title: "@kbn/security-solution-features" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-features plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features'] --- import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json'; diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx index c4dd4be12b0ac..e138249a2f819 100644 --- a/api_docs/kbn_security_solution_navigation.mdx +++ b/api_docs/kbn_security_solution_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation title: "@kbn/security-solution-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-navigation plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation'] --- import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json'; diff --git a/api_docs/kbn_security_solution_side_nav.devdocs.json b/api_docs/kbn_security_solution_side_nav.devdocs.json index dc0cf9c11e579..f50c9850b3ac2 100644 --- a/api_docs/kbn_security_solution_side_nav.devdocs.json +++ b/api_docs/kbn_security_solution_side_nav.devdocs.json @@ -429,22 +429,6 @@ "path": "x-pack/packages/security-solution/side_nav/src/solution_side_nav.tsx", "deprecated": false, "trackAdoption": false - }, - { - "parentPluginId": "@kbn/security-solution-side-nav", - "id": "def-common.SolutionSideNavProps.onMount", - "type": "Function", - "tags": [], - "label": "onMount", - "description": [], - "signature": [ - "(() => void) | undefined" - ], - "path": "x-pack/packages/security-solution/side_nav/src/solution_side_nav.tsx", - "deprecated": false, - "trackAdoption": false, - "children": [], - "returnComment": [] } ], "initialIsOpen": false diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx index 3ac0297baf840..b7686231b037c 100644 --- a/api_docs/kbn_security_solution_side_nav.mdx +++ b/api_docs/kbn_security_solution_side_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav title: "@kbn/security-solution-side-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-side-nav plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav'] --- import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-threat-hunting-explore](https://github.com/orgs/elast | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 30 | 0 | 24 | 0 | +| 29 | 0 | 23 | 0 | ## Common diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx index 2edf044b74ecc..6a23426a72620 100644 --- a/api_docs/kbn_security_solution_storybook_config.mdx +++ b/api_docs/kbn_security_solution_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config title: "@kbn/security-solution-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-storybook-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config'] --- import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_security_ui_components.mdx b/api_docs/kbn_security_ui_components.mdx index 395cb8ee28de8..7055d7ba2ed1b 100644 --- a/api_docs/kbn_security_ui_components.mdx +++ b/api_docs/kbn_security_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-ui-components title: "@kbn/security-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-ui-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-ui-components'] --- import kbnSecurityUiComponentsObj from './kbn_security_ui_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx index 5c95bdff7aa90..909df279fc1e6 100644 --- a/api_docs/kbn_securitysolution_autocomplete.mdx +++ b/api_docs/kbn_securitysolution_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete title: "@kbn/securitysolution-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-autocomplete plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete'] --- import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx index bb5c5dbca6893..7d444b8ff87bf 100644 --- a/api_docs/kbn_securitysolution_data_table.mdx +++ b/api_docs/kbn_securitysolution_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table title: "@kbn/securitysolution-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-data-table plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table'] --- import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx index 541f09ae22e1c..6263e1daccc16 100644 --- a/api_docs/kbn_securitysolution_ecs.mdx +++ b/api_docs/kbn_securitysolution_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs title: "@kbn/securitysolution-ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-ecs plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs'] --- import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx index d998e3e27889d..e9201e142f40a 100644 --- a/api_docs/kbn_securitysolution_es_utils.mdx +++ b/api_docs/kbn_securitysolution_es_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils title: "@kbn/securitysolution-es-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-es-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils'] --- import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx index 79d7c389abff9..6e346b1a0522b 100644 --- a/api_docs/kbn_securitysolution_exception_list_components.mdx +++ b/api_docs/kbn_securitysolution_exception_list_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components title: "@kbn/securitysolution-exception-list-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-exception-list-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components'] --- import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx index 21e81d69d6b9b..1cfae764751f1 100644 --- a/api_docs/kbn_securitysolution_hook_utils.mdx +++ b/api_docs/kbn_securitysolution_hook_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils title: "@kbn/securitysolution-hook-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-hook-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils'] --- import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx index d9cc4737b69c3..f4ec44556dc5b 100644 --- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types title: "@kbn/securitysolution-io-ts-alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types'] --- import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx index b05412b82e335..e7016c29ebcc8 100644 --- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types title: "@kbn/securitysolution-io-ts-list-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-list-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types'] --- import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx index d51e39b13a264..9c1dc65480ff0 100644 --- a/api_docs/kbn_securitysolution_io_ts_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types title: "@kbn/securitysolution-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types'] --- import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx index d915a9b69e451..06a4472891e69 100644 --- a/api_docs/kbn_securitysolution_io_ts_utils.mdx +++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils title: "@kbn/securitysolution-io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils'] --- import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx index 6319a128d2614..3385333a0700a 100644 --- a/api_docs/kbn_securitysolution_list_api.mdx +++ b/api_docs/kbn_securitysolution_list_api.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api title: "@kbn/securitysolution-list-api" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-api plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api'] --- import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx index 347e4fac556c2..63e8213fd2488 100644 --- a/api_docs/kbn_securitysolution_list_constants.mdx +++ b/api_docs/kbn_securitysolution_list_constants.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants title: "@kbn/securitysolution-list-constants" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-constants plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants'] --- import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx index a7ea5658579a9..cf0ffdf937ded 100644 --- a/api_docs/kbn_securitysolution_list_hooks.mdx +++ b/api_docs/kbn_securitysolution_list_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks title: "@kbn/securitysolution-list-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-hooks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks'] --- import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx index eedf19f5a2fa6..06e4d656ec796 100644 --- a/api_docs/kbn_securitysolution_list_utils.mdx +++ b/api_docs/kbn_securitysolution_list_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils title: "@kbn/securitysolution-list-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils'] --- import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx index 4d87ee04c6f58..20226ffb9b432 100644 --- a/api_docs/kbn_securitysolution_rules.mdx +++ b/api_docs/kbn_securitysolution_rules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules title: "@kbn/securitysolution-rules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-rules plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules'] --- import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx index 02c105f935d4b..1d0d49ea56bd3 100644 --- a/api_docs/kbn_securitysolution_t_grid.mdx +++ b/api_docs/kbn_securitysolution_t_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid title: "@kbn/securitysolution-t-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-t-grid plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid'] --- import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx index 7a979fbfb7d61..6980d27fc3c42 100644 --- a/api_docs/kbn_securitysolution_utils.mdx +++ b/api_docs/kbn_securitysolution_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils title: "@kbn/securitysolution-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils'] --- import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json'; diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx index 9d3397d0fe297..92ec5fbdde3ed 100644 --- a/api_docs/kbn_server_http_tools.mdx +++ b/api_docs/kbn_server_http_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools title: "@kbn/server-http-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-http-tools plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools'] --- import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx index f02ba4e265299..8509e6af1bb9b 100644 --- a/api_docs/kbn_server_route_repository.mdx +++ b/api_docs/kbn_server_route_repository.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository title: "@kbn/server-route-repository" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository'] --- import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository_client.mdx b/api_docs/kbn_server_route_repository_client.mdx index 2acbfa062be9c..147a3667777c5 100644 --- a/api_docs/kbn_server_route_repository_client.mdx +++ b/api_docs/kbn_server_route_repository_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-client title: "@kbn/server-route-repository-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository-client plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-client'] --- import kbnServerRouteRepositoryClientObj from './kbn_server_route_repository_client.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository_utils.mdx b/api_docs/kbn_server_route_repository_utils.mdx index f97dff4c17dbf..503877bb56878 100644 --- a/api_docs/kbn_server_route_repository_utils.mdx +++ b/api_docs/kbn_server_route_repository_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-utils title: "@kbn/server-route-repository-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-utils'] --- import kbnServerRouteRepositoryUtilsObj from './kbn_server_route_repository_utils.devdocs.json'; diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx index f10ab15b9f5d0..0805195332da6 100644 --- a/api_docs/kbn_serverless_common_settings.mdx +++ b/api_docs/kbn_serverless_common_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings title: "@kbn/serverless-common-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-common-settings plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings'] --- import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx index fcdebd2eebe2c..cfc4a4fe4c2b8 100644 --- a/api_docs/kbn_serverless_observability_settings.mdx +++ b/api_docs/kbn_serverless_observability_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings title: "@kbn/serverless-observability-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-observability-settings plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings'] --- import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx index 8f391f3544136..c29a4f7c7a2dd 100644 --- a/api_docs/kbn_serverless_project_switcher.mdx +++ b/api_docs/kbn_serverless_project_switcher.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher title: "@kbn/serverless-project-switcher" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-project-switcher plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher'] --- import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json'; diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx index b5c1cc82e5ac5..1c66ad3fc3e29 100644 --- a/api_docs/kbn_serverless_search_settings.mdx +++ b/api_docs/kbn_serverless_search_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings title: "@kbn/serverless-search-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-search-settings plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings'] --- import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx index 9f32d4fc2f8e0..230a579ad5129 100644 --- a/api_docs/kbn_serverless_security_settings.mdx +++ b/api_docs/kbn_serverless_security_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings title: "@kbn/serverless-security-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-security-settings plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings'] --- import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx index 8a36d8e0c5661..dae791baec64a 100644 --- a/api_docs/kbn_serverless_storybook_config.mdx +++ b/api_docs/kbn_serverless_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config title: "@kbn/serverless-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-storybook-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config'] --- import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx index d4f4af2f2da48..98bc180f019f4 100644 --- a/api_docs/kbn_shared_svg.mdx +++ b/api_docs/kbn_shared_svg.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg title: "@kbn/shared-svg" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-svg plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg'] --- import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx index 50e6a08b4ade4..822da7183a72f 100644 --- a/api_docs/kbn_shared_ux_avatar_solution.mdx +++ b/api_docs/kbn_shared_ux_avatar_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution title: "@kbn/shared-ux-avatar-solution" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-avatar-solution plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution'] --- import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx index feacdc2632c64..bd5093da6b4ef 100644 --- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx +++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen title: "@kbn/shared-ux-button-exit-full-screen" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen'] --- import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx index 5c03b638fd399..76e5c1024ba5c 100644 --- a/api_docs/kbn_shared_ux_button_toolbar.mdx +++ b/api_docs/kbn_shared_ux_button_toolbar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar title: "@kbn/shared-ux-button-toolbar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-toolbar plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar'] --- import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx index 2cb58f6b51a91..e9655f2e1f443 100644 --- a/api_docs/kbn_shared_ux_card_no_data.mdx +++ b/api_docs/kbn_shared_ux_card_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data title: "@kbn/shared-ux-card-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data'] --- import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx index 2016787a52e26..7eb6e70b0bd17 100644 --- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks title: "@kbn/shared-ux-card-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks'] --- import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx index 7e2b6b8278fe3..0b41e40ad647e 100644 --- a/api_docs/kbn_shared_ux_chrome_navigation.mdx +++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation title: "@kbn/shared-ux-chrome-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-chrome-navigation plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation'] --- import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx index 0c6210a159c78..be45df269a1e5 100644 --- a/api_docs/kbn_shared_ux_error_boundary.mdx +++ b/api_docs/kbn_shared_ux_error_boundary.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary title: "@kbn/shared-ux-error-boundary" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-error-boundary plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary'] --- import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx index d637a3f43b5a2..396a33e40bbc6 100644 --- a/api_docs/kbn_shared_ux_file_context.mdx +++ b/api_docs/kbn_shared_ux_file_context.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context title: "@kbn/shared-ux-file-context" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-context plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context'] --- import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx index 52de3be77d0f1..92db869bce2c4 100644 --- a/api_docs/kbn_shared_ux_file_image.mdx +++ b/api_docs/kbn_shared_ux_file_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image title: "@kbn/shared-ux-file-image" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image'] --- import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx index c4f449d777950..de7f1b217e9cf 100644 --- a/api_docs/kbn_shared_ux_file_image_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks title: "@kbn/shared-ux-file-image-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks'] --- import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx index 2e378c4b106d1..14c8943133779 100644 --- a/api_docs/kbn_shared_ux_file_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks title: "@kbn/shared-ux-file-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks'] --- import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx index 5bff7c819d44e..7e17eb7d819cc 100644 --- a/api_docs/kbn_shared_ux_file_picker.mdx +++ b/api_docs/kbn_shared_ux_file_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker title: "@kbn/shared-ux-file-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-picker plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker'] --- import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx index 1ea10c9a51389..83bf40963f947 100644 --- a/api_docs/kbn_shared_ux_file_types.mdx +++ b/api_docs/kbn_shared_ux_file_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types title: "@kbn/shared-ux-file-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types'] --- import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx index 5fd9689dac140..45446d66af211 100644 --- a/api_docs/kbn_shared_ux_file_upload.mdx +++ b/api_docs/kbn_shared_ux_file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload title: "@kbn/shared-ux-file-upload" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-upload plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload'] --- import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx index 7c2f668bda7b5..4f12fe115c907 100644 --- a/api_docs/kbn_shared_ux_file_util.mdx +++ b/api_docs/kbn_shared_ux_file_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util title: "@kbn/shared-ux-file-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-util plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util'] --- import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx index e577b4e51f263..24abd1ba34c9a 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app title: "@kbn/shared-ux-link-redirect-app" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app'] --- import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx index 85ffed06259b1..32f20c5915e61 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks title: "@kbn/shared-ux-link-redirect-app-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks'] --- import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx index 249a01345a304..ab38fe37dc371 100644 --- a/api_docs/kbn_shared_ux_markdown.mdx +++ b/api_docs/kbn_shared_ux_markdown.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown title: "@kbn/shared-ux-markdown" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown'] --- import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx index 64676d962241e..7c32445393765 100644 --- a/api_docs/kbn_shared_ux_markdown_mocks.mdx +++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks title: "@kbn/shared-ux-markdown-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks'] --- import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx index 3d64299f00a30..2004b3f43f6cb 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data title: "@kbn/shared-ux-page-analytics-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data'] --- import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx index 51ca52e3ffb19..e58e7bc7d6d95 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks title: "@kbn/shared-ux-page-analytics-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks'] --- import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx index 9dcb53ba039ab..7eac5db08d40f 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data title: "@kbn/shared-ux-page-kibana-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data'] --- import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx index e2e9c1add3798..23dad166ea523 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks title: "@kbn/shared-ux-page-kibana-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks'] --- import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx index b1dc8932eacb0..cee656a556007 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template title: "@kbn/shared-ux-page-kibana-template" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template'] --- import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx index 93abefa86666b..64c6f6112bad2 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks title: "@kbn/shared-ux-page-kibana-template-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks'] --- import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx index 57577e25afd73..75a6fb420bfa8 100644 --- a/api_docs/kbn_shared_ux_page_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data title: "@kbn/shared-ux-page-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data'] --- import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx index 9cf3ebda4ecdc..21d2977f02a33 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config title: "@kbn/shared-ux-page-no-data-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config'] --- import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx index af6c8529e934d..a9fa2f37d4a68 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks title: "@kbn/shared-ux-page-no-data-config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks'] --- import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx index bd9d5a5208973..d3674cc85385c 100644 --- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks title: "@kbn/shared-ux-page-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks'] --- import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx index c9597f8c72bc3..2c3ce002a0f54 100644 --- a/api_docs/kbn_shared_ux_page_solution_nav.mdx +++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav title: "@kbn/shared-ux-page-solution-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-solution-nav plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav'] --- import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx index 3096f8a41022e..3c9c69bc9f736 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views title: "@kbn/shared-ux-prompt-no-data-views" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views'] --- import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx index 745031615d988..db3cd8963593a 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks title: "@kbn/shared-ux-prompt-no-data-views-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks'] --- import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx index 444e65400d4f7..1228353883d73 100644 --- a/api_docs/kbn_shared_ux_prompt_not_found.mdx +++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found title: "@kbn/shared-ux-prompt-not-found" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-not-found plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found'] --- import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx index 10985ea8ec3f5..610cbd90062d0 100644 --- a/api_docs/kbn_shared_ux_router.mdx +++ b/api_docs/kbn_shared_ux_router.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router title: "@kbn/shared-ux-router" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router'] --- import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx index eba8d5338ce9c..2311343e9a32d 100644 --- a/api_docs/kbn_shared_ux_router_mocks.mdx +++ b/api_docs/kbn_shared_ux_router_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks title: "@kbn/shared-ux-router-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router-mocks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks'] --- import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx index ee2c8ffcf6e6d..f3fd353ce3c63 100644 --- a/api_docs/kbn_shared_ux_storybook_config.mdx +++ b/api_docs/kbn_shared_ux_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config title: "@kbn/shared-ux-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config'] --- import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx index 3ec1c45272058..728e119f46547 100644 --- a/api_docs/kbn_shared_ux_storybook_mock.mdx +++ b/api_docs/kbn_shared_ux_storybook_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock title: "@kbn/shared-ux-storybook-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-mock plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock'] --- import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_tabbed_modal.mdx b/api_docs/kbn_shared_ux_tabbed_modal.mdx index c0b05ef26e750..7634ff5946b62 100644 --- a/api_docs/kbn_shared_ux_tabbed_modal.mdx +++ b/api_docs/kbn_shared_ux_tabbed_modal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-tabbed-modal title: "@kbn/shared-ux-tabbed-modal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-tabbed-modal plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-tabbed-modal'] --- import kbnSharedUxTabbedModalObj from './kbn_shared_ux_tabbed_modal.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_table_persist.mdx b/api_docs/kbn_shared_ux_table_persist.mdx index d85a2f11f18dd..8a4fc02633608 100644 --- a/api_docs/kbn_shared_ux_table_persist.mdx +++ b/api_docs/kbn_shared_ux_table_persist.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-table-persist title: "@kbn/shared-ux-table-persist" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-table-persist plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-table-persist'] --- import kbnSharedUxTablePersistObj from './kbn_shared_ux_table_persist.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx index 5b05d2802688f..7d200a6679481 100644 --- a/api_docs/kbn_shared_ux_utility.mdx +++ b/api_docs/kbn_shared_ux_utility.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility title: "@kbn/shared-ux-utility" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-utility plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility'] --- import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json'; diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx index 2d9c8b39007f5..d36c9e94676cd 100644 --- a/api_docs/kbn_slo_schema.mdx +++ b/api_docs/kbn_slo_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema title: "@kbn/slo-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/slo-schema plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema'] --- import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json'; diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx index 72554d86c0120..f5bf940b18646 100644 --- a/api_docs/kbn_some_dev_log.mdx +++ b/api_docs/kbn_some_dev_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log title: "@kbn/some-dev-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/some-dev-log plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log'] --- import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json'; diff --git a/api_docs/kbn_sort_predicates.mdx b/api_docs/kbn_sort_predicates.mdx index f7d01de3eaca0..de56ad430533d 100644 --- a/api_docs/kbn_sort_predicates.mdx +++ b/api_docs/kbn_sort_predicates.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sort-predicates title: "@kbn/sort-predicates" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sort-predicates plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sort-predicates'] --- import kbnSortPredicatesObj from './kbn_sort_predicates.devdocs.json'; diff --git a/api_docs/kbn_sse_utils.mdx b/api_docs/kbn_sse_utils.mdx index 390356a88c393..78afb2203f424 100644 --- a/api_docs/kbn_sse_utils.mdx +++ b/api_docs/kbn_sse_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils title: "@kbn/sse-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils'] --- import kbnSseUtilsObj from './kbn_sse_utils.devdocs.json'; diff --git a/api_docs/kbn_sse_utils_client.mdx b/api_docs/kbn_sse_utils_client.mdx index dc062aec05a15..e8d3b72764177 100644 --- a/api_docs/kbn_sse_utils_client.mdx +++ b/api_docs/kbn_sse_utils_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-client title: "@kbn/sse-utils-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils-client plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-client'] --- import kbnSseUtilsClientObj from './kbn_sse_utils_client.devdocs.json'; diff --git a/api_docs/kbn_sse_utils_server.mdx b/api_docs/kbn_sse_utils_server.mdx index cb21174d88223..0c11bb194bcc0 100644 --- a/api_docs/kbn_sse_utils_server.mdx +++ b/api_docs/kbn_sse_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-server title: "@kbn/sse-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils-server plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-server'] --- import kbnSseUtilsServerObj from './kbn_sse_utils_server.devdocs.json'; diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx index c91da1c57f34b..234afc3ecf74d 100644 --- a/api_docs/kbn_std.mdx +++ b/api_docs/kbn_std.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std title: "@kbn/std" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/std plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std'] --- import kbnStdObj from './kbn_std.devdocs.json'; diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx index d3afb906db3ea..27aadb73c39c4 100644 --- a/api_docs/kbn_stdio_dev_helpers.mdx +++ b/api_docs/kbn_stdio_dev_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers title: "@kbn/stdio-dev-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/stdio-dev-helpers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers'] --- import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json'; diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx index 4cc9d348971e5..c9c8efb41bc05 100644 --- a/api_docs/kbn_storybook.mdx +++ b/api_docs/kbn_storybook.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook title: "@kbn/storybook" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/storybook plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook'] --- import kbnStorybookObj from './kbn_storybook.devdocs.json'; diff --git a/api_docs/kbn_synthetics_e2e.mdx b/api_docs/kbn_synthetics_e2e.mdx index 6650bf1e9a14d..17a8ce6628fae 100644 --- a/api_docs/kbn_synthetics_e2e.mdx +++ b/api_docs/kbn_synthetics_e2e.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-e2e title: "@kbn/synthetics-e2e" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/synthetics-e2e plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-e2e'] --- import kbnSyntheticsE2eObj from './kbn_synthetics_e2e.devdocs.json'; diff --git a/api_docs/kbn_synthetics_private_location.mdx b/api_docs/kbn_synthetics_private_location.mdx index 5b14270220c3e..ecc295501a89f 100644 --- a/api_docs/kbn_synthetics_private_location.mdx +++ b/api_docs/kbn_synthetics_private_location.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-private-location title: "@kbn/synthetics-private-location" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/synthetics-private-location plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-private-location'] --- import kbnSyntheticsPrivateLocationObj from './kbn_synthetics_private_location.devdocs.json'; diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx index 2b8aedeb17cc7..93675548d4fc6 100644 --- a/api_docs/kbn_telemetry_tools.mdx +++ b/api_docs/kbn_telemetry_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools title: "@kbn/telemetry-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/telemetry-tools plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools'] --- import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json'; diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx index 3c00cb23fd793..ef0a7177a0c0c 100644 --- a/api_docs/kbn_test.mdx +++ b/api_docs/kbn_test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test title: "@kbn/test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test'] --- import kbnTestObj from './kbn_test.devdocs.json'; diff --git a/api_docs/kbn_test_eui_helpers.mdx b/api_docs/kbn_test_eui_helpers.mdx index ad306a1a08b30..810b6d454119e 100644 --- a/api_docs/kbn_test_eui_helpers.mdx +++ b/api_docs/kbn_test_eui_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-eui-helpers title: "@kbn/test-eui-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-eui-helpers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-eui-helpers'] --- import kbnTestEuiHelpersObj from './kbn_test_eui_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx index 520050e16b6fe..fa7efc46bb9bd 100644 --- a/api_docs/kbn_test_jest_helpers.mdx +++ b/api_docs/kbn_test_jest_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers title: "@kbn/test-jest-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-jest-helpers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers'] --- import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx index 24627dfba473c..236ce1de84168 100644 --- a/api_docs/kbn_test_subj_selector.mdx +++ b/api_docs/kbn_test_subj_selector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector title: "@kbn/test-subj-selector" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-subj-selector plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector'] --- import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json'; diff --git a/api_docs/kbn_timerange.mdx b/api_docs/kbn_timerange.mdx index 994c0cff4a192..959f28010c41b 100644 --- a/api_docs/kbn_timerange.mdx +++ b/api_docs/kbn_timerange.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-timerange title: "@kbn/timerange" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/timerange plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/timerange'] --- import kbnTimerangeObj from './kbn_timerange.devdocs.json'; diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx index 75a98aff73f2a..f417b4188be7b 100644 --- a/api_docs/kbn_tooling_log.mdx +++ b/api_docs/kbn_tooling_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log title: "@kbn/tooling-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/tooling-log plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log'] --- import kbnToolingLogObj from './kbn_tooling_log.devdocs.json'; diff --git a/api_docs/kbn_triggers_actions_ui_types.mdx b/api_docs/kbn_triggers_actions_ui_types.mdx index c65634c3cdeeb..0944855f0a148 100644 --- a/api_docs/kbn_triggers_actions_ui_types.mdx +++ b/api_docs/kbn_triggers_actions_ui_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-triggers-actions-ui-types title: "@kbn/triggers-actions-ui-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/triggers-actions-ui-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/triggers-actions-ui-types'] --- import kbnTriggersActionsUiTypesObj from './kbn_triggers_actions_ui_types.devdocs.json'; diff --git a/api_docs/kbn_try_in_console.mdx b/api_docs/kbn_try_in_console.mdx index 9e8586522336c..f9a76b03c276d 100644 --- a/api_docs/kbn_try_in_console.mdx +++ b/api_docs/kbn_try_in_console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-try-in-console title: "@kbn/try-in-console" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/try-in-console plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/try-in-console'] --- import kbnTryInConsoleObj from './kbn_try_in_console.devdocs.json'; diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx index b57f4230e3f0c..c5af21efac2a4 100644 --- a/api_docs/kbn_ts_projects.mdx +++ b/api_docs/kbn_ts_projects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects title: "@kbn/ts-projects" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ts-projects plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects'] --- import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json'; diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx index 83133ef76f906..6b7dbdd723961 100644 --- a/api_docs/kbn_typed_react_router_config.mdx +++ b/api_docs/kbn_typed_react_router_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config title: "@kbn/typed-react-router-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/typed-react-router-config plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config'] --- import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json'; diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx index 867d3998e892f..f601e072d822d 100644 --- a/api_docs/kbn_ui_actions_browser.mdx +++ b/api_docs/kbn_ui_actions_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser title: "@kbn/ui-actions-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-actions-browser plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser'] --- import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json'; diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx index 0d9ddbfcde4cb..982abcfee14e5 100644 --- a/api_docs/kbn_ui_shared_deps_src.mdx +++ b/api_docs/kbn_ui_shared_deps_src.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src title: "@kbn/ui-shared-deps-src" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-shared-deps-src plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src'] --- import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json'; diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx index d1576c1df19c3..6b1c3dd2af46b 100644 --- a/api_docs/kbn_ui_theme.mdx +++ b/api_docs/kbn_ui_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme title: "@kbn/ui-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-theme plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme'] --- import kbnUiThemeObj from './kbn_ui_theme.devdocs.json'; diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx index 4818f43faf153..dd86f054f1a11 100644 --- a/api_docs/kbn_unified_data_table.mdx +++ b/api_docs/kbn_unified_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table title: "@kbn/unified-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-data-table plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table'] --- import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json'; diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx index f276e041a5f13..bcd7d407e54a3 100644 --- a/api_docs/kbn_unified_doc_viewer.mdx +++ b/api_docs/kbn_unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer title: "@kbn/unified-doc-viewer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-doc-viewer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer'] --- import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json'; diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx index b863d2fb06c57..818021341e824 100644 --- a/api_docs/kbn_unified_field_list.mdx +++ b/api_docs/kbn_unified_field_list.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list title: "@kbn/unified-field-list" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-field-list plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list'] --- import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx index df6802ed7e2e1..fa7b9dbc097d2 100644 --- a/api_docs/kbn_unsaved_changes_badge.mdx +++ b/api_docs/kbn_unsaved_changes_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge title: "@kbn/unsaved-changes-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-badge plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge'] --- import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_prompt.mdx b/api_docs/kbn_unsaved_changes_prompt.mdx index c6d34ba101195..12204ee978716 100644 --- a/api_docs/kbn_unsaved_changes_prompt.mdx +++ b/api_docs/kbn_unsaved_changes_prompt.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-prompt title: "@kbn/unsaved-changes-prompt" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-prompt plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-prompt'] --- import kbnUnsavedChangesPromptObj from './kbn_unsaved_changes_prompt.devdocs.json'; diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx index fa4c695d8645d..352b65a450148 100644 --- a/api_docs/kbn_use_tracked_promise.mdx +++ b/api_docs/kbn_use_tracked_promise.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise title: "@kbn/use-tracked-promise" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/use-tracked-promise plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise'] --- import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json'; diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx index d66a002bb400a..18ac898f99d15 100644 --- a/api_docs/kbn_user_profile_components.mdx +++ b/api_docs/kbn_user_profile_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components title: "@kbn/user-profile-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/user-profile-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components'] --- import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json'; diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx index 0a77846295acc..2138ec302ed95 100644 --- a/api_docs/kbn_utility_types.mdx +++ b/api_docs/kbn_utility_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types title: "@kbn/utility-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types'] --- import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json'; diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx index 264f8539a7b71..3a0b5ef1b45ac 100644 --- a/api_docs/kbn_utility_types_jest.mdx +++ b/api_docs/kbn_utility_types_jest.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest title: "@kbn/utility-types-jest" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types-jest plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest'] --- import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json'; diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx index 532f7e5b523e6..ce2d35f98002a 100644 --- a/api_docs/kbn_utils.mdx +++ b/api_docs/kbn_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils title: "@kbn/utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils'] --- import kbnUtilsObj from './kbn_utils.devdocs.json'; diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx index 7c896ed630cdb..38c5b86994b79 100644 --- a/api_docs/kbn_visualization_ui_components.mdx +++ b/api_docs/kbn_visualization_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components title: "@kbn/visualization-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-ui-components plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components'] --- import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json'; diff --git a/api_docs/kbn_visualization_utils.mdx b/api_docs/kbn_visualization_utils.mdx index 62fe4a021507c..a4d86aaf5879b 100644 --- a/api_docs/kbn_visualization_utils.mdx +++ b/api_docs/kbn_visualization_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-utils title: "@kbn/visualization-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-utils'] --- import kbnVisualizationUtilsObj from './kbn_visualization_utils.devdocs.json'; diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx index 644c5e1a649f3..ea6786600957a 100644 --- a/api_docs/kbn_xstate_utils.mdx +++ b/api_docs/kbn_xstate_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils title: "@kbn/xstate-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/xstate-utils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils'] --- import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json'; diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx index a8b7180cf8ea0..23857d1860f8c 100644 --- a/api_docs/kbn_yarn_lock_validator.mdx +++ b/api_docs/kbn_yarn_lock_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator title: "@kbn/yarn-lock-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/yarn-lock-validator plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator'] --- import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json'; diff --git a/api_docs/kbn_zod.mdx b/api_docs/kbn_zod.mdx index 0ed259a048ee0..9c6e95aa5a5d3 100644 --- a/api_docs/kbn_zod.mdx +++ b/api_docs/kbn_zod.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod title: "@kbn/zod" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod'] --- import kbnZodObj from './kbn_zod.devdocs.json'; diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx index 6af4c06c27bef..98ea085a48fd1 100644 --- a/api_docs/kbn_zod_helpers.mdx +++ b/api_docs/kbn_zod_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers title: "@kbn/zod-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod-helpers plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers'] --- import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json'; diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx index 89caa9dbe1d9f..03cb1bbe75192 100644 --- a/api_docs/kibana_overview.mdx +++ b/api_docs/kibana_overview.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview title: "kibanaOverview" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaOverview plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview'] --- import kibanaOverviewObj from './kibana_overview.devdocs.json'; diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx index 5e53dac5b9d0e..6b15df13d6c0b 100644 --- a/api_docs/kibana_react.mdx +++ b/api_docs/kibana_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact title: "kibanaReact" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaReact plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact'] --- import kibanaReactObj from './kibana_react.devdocs.json'; diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx index 0d907a9afd1d5..6a456f97eff7c 100644 --- a/api_docs/kibana_utils.mdx +++ b/api_docs/kibana_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils title: "kibanaUtils" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaUtils plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils'] --- import kibanaUtilsObj from './kibana_utils.devdocs.json'; diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx index 24e8cd3fca7af..c500dd4eb3a59 100644 --- a/api_docs/kubernetes_security.mdx +++ b/api_docs/kubernetes_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity title: "kubernetesSecurity" image: https://source.unsplash.com/400x175/?github description: API docs for the kubernetesSecurity plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity'] --- import kubernetesSecurityObj from './kubernetes_security.devdocs.json'; diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx index e20eb3653649b..3f999d929c2a7 100644 --- a/api_docs/lens.mdx +++ b/api_docs/lens.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens title: "lens" image: https://source.unsplash.com/400x175/?github description: API docs for the lens plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens'] --- import lensObj from './lens.devdocs.json'; diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx index 9e7d375dfdfc1..8442a37f05f37 100644 --- a/api_docs/license_api_guard.mdx +++ b/api_docs/license_api_guard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard title: "licenseApiGuard" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseApiGuard plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard'] --- import licenseApiGuardObj from './license_api_guard.devdocs.json'; diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx index a44f54ae80c6a..39516c41eca78 100644 --- a/api_docs/license_management.mdx +++ b/api_docs/license_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement title: "licenseManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement'] --- import licenseManagementObj from './license_management.devdocs.json'; diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx index 93fc2d5722995..585b1c7948063 100644 --- a/api_docs/licensing.mdx +++ b/api_docs/licensing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing title: "licensing" image: https://source.unsplash.com/400x175/?github description: API docs for the licensing plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing'] --- import licensingObj from './licensing.devdocs.json'; diff --git a/api_docs/links.mdx b/api_docs/links.mdx index deb58685cf52a..db35d0f6d7892 100644 --- a/api_docs/links.mdx +++ b/api_docs/links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links title: "links" image: https://source.unsplash.com/400x175/?github description: API docs for the links plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links'] --- import linksObj from './links.devdocs.json'; diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx index 4d800922b99a9..f87ac4f4e3c97 100644 --- a/api_docs/lists.mdx +++ b/api_docs/lists.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists title: "lists" image: https://source.unsplash.com/400x175/?github description: API docs for the lists plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists'] --- import listsObj from './lists.devdocs.json'; diff --git a/api_docs/logs_data_access.mdx b/api_docs/logs_data_access.mdx index ae0f1aeaa80f3..933135ae01924 100644 --- a/api_docs/logs_data_access.mdx +++ b/api_docs/logs_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsDataAccess title: "logsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the logsDataAccess plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsDataAccess'] --- import logsDataAccessObj from './logs_data_access.devdocs.json'; diff --git a/api_docs/logs_explorer.mdx b/api_docs/logs_explorer.mdx index 800ab4c6b6e99..34e4ba9bfef8f 100644 --- a/api_docs/logs_explorer.mdx +++ b/api_docs/logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsExplorer title: "logsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the logsExplorer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsExplorer'] --- import logsExplorerObj from './logs_explorer.devdocs.json'; diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx index 48875daaa5c3b..3c2e731778ba7 100644 --- a/api_docs/logs_shared.mdx +++ b/api_docs/logs_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared title: "logsShared" image: https://source.unsplash.com/400x175/?github description: API docs for the logsShared plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared'] --- import logsSharedObj from './logs_shared.devdocs.json'; diff --git a/api_docs/management.mdx b/api_docs/management.mdx index db34cfcd1182a..cb4c1fbcb1b1d 100644 --- a/api_docs/management.mdx +++ b/api_docs/management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management title: "management" image: https://source.unsplash.com/400x175/?github description: API docs for the management plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management'] --- import managementObj from './management.devdocs.json'; diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx index c97533264c26f..a4567e13c4d51 100644 --- a/api_docs/maps.mdx +++ b/api_docs/maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps title: "maps" image: https://source.unsplash.com/400x175/?github description: API docs for the maps plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps'] --- import mapsObj from './maps.devdocs.json'; diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx index ddd07a7730286..352c331853b1f 100644 --- a/api_docs/maps_ems.mdx +++ b/api_docs/maps_ems.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms title: "mapsEms" image: https://source.unsplash.com/400x175/?github description: API docs for the mapsEms plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms'] --- import mapsEmsObj from './maps_ems.devdocs.json'; diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx index ad85e5d55e5cc..2af6cb50a974f 100644 --- a/api_docs/metrics_data_access.mdx +++ b/api_docs/metrics_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess title: "metricsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the metricsDataAccess plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess'] --- import metricsDataAccessObj from './metrics_data_access.devdocs.json'; diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx index c1bdac945d38c..86f1d9507dee2 100644 --- a/api_docs/ml.mdx +++ b/api_docs/ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml title: "ml" image: https://source.unsplash.com/400x175/?github description: API docs for the ml plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml'] --- import mlObj from './ml.devdocs.json'; diff --git a/api_docs/mock_idp_plugin.mdx b/api_docs/mock_idp_plugin.mdx index 5563cc25439eb..258b635f14039 100644 --- a/api_docs/mock_idp_plugin.mdx +++ b/api_docs/mock_idp_plugin.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mockIdpPlugin title: "mockIdpPlugin" image: https://source.unsplash.com/400x175/?github description: API docs for the mockIdpPlugin plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mockIdpPlugin'] --- import mockIdpPluginObj from './mock_idp_plugin.devdocs.json'; diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx index 9ee000563088b..6fb4ac29c0c62 100644 --- a/api_docs/monitoring.mdx +++ b/api_docs/monitoring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring title: "monitoring" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoring plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring'] --- import monitoringObj from './monitoring.devdocs.json'; diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx index 11b2df7046175..6b99b22da3d2f 100644 --- a/api_docs/monitoring_collection.mdx +++ b/api_docs/monitoring_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection title: "monitoringCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoringCollection plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection'] --- import monitoringCollectionObj from './monitoring_collection.devdocs.json'; diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx index 27b3ea3f0d23a..d8acadab5f8cb 100644 --- a/api_docs/navigation.mdx +++ b/api_docs/navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation title: "navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the navigation plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation'] --- import navigationObj from './navigation.devdocs.json'; diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx index c4e160739760c..d46818f2cd7ca 100644 --- a/api_docs/newsfeed.mdx +++ b/api_docs/newsfeed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed title: "newsfeed" image: https://source.unsplash.com/400x175/?github description: API docs for the newsfeed plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed'] --- import newsfeedObj from './newsfeed.devdocs.json'; diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx index 4909322b5f73c..0475f3f105f2f 100644 --- a/api_docs/no_data_page.mdx +++ b/api_docs/no_data_page.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage title: "noDataPage" image: https://source.unsplash.com/400x175/?github description: API docs for the noDataPage plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage'] --- import noDataPageObj from './no_data_page.devdocs.json'; diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx index ae5405998423b..4310fbf152364 100644 --- a/api_docs/notifications.mdx +++ b/api_docs/notifications.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications title: "notifications" image: https://source.unsplash.com/400x175/?github description: API docs for the notifications plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications'] --- import notificationsObj from './notifications.devdocs.json'; diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx index 83dcaff4d1d55..de184d5fc23a9 100644 --- a/api_docs/observability.mdx +++ b/api_docs/observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability title: "observability" image: https://source.unsplash.com/400x175/?github description: API docs for the observability plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability'] --- import observabilityObj from './observability.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx index bcf7238135c15..a436c5670e5b8 100644 --- a/api_docs/observability_a_i_assistant.mdx +++ b/api_docs/observability_a_i_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant title: "observabilityAIAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistant plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant'] --- import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant_app.mdx b/api_docs/observability_a_i_assistant_app.mdx index 48f6ec595ba47..3ba070e3a6df7 100644 --- a/api_docs/observability_a_i_assistant_app.mdx +++ b/api_docs/observability_a_i_assistant_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistantApp title: "observabilityAIAssistantApp" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistantApp plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistantApp'] --- import observabilityAIAssistantAppObj from './observability_a_i_assistant_app.devdocs.json'; diff --git a/api_docs/observability_ai_assistant_management.mdx b/api_docs/observability_ai_assistant_management.mdx index c39b37df500ac..de39ce5afc857 100644 --- a/api_docs/observability_ai_assistant_management.mdx +++ b/api_docs/observability_ai_assistant_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAiAssistantManagement title: "observabilityAiAssistantManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAiAssistantManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAiAssistantManagement'] --- import observabilityAiAssistantManagementObj from './observability_ai_assistant_management.devdocs.json'; diff --git a/api_docs/observability_logs_explorer.mdx b/api_docs/observability_logs_explorer.mdx index f83c9d80f6698..3959396c3e8de 100644 --- a/api_docs/observability_logs_explorer.mdx +++ b/api_docs/observability_logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogsExplorer title: "observabilityLogsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityLogsExplorer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogsExplorer'] --- import observabilityLogsExplorerObj from './observability_logs_explorer.devdocs.json'; diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx index 53bed513c8715..1f65e3c78a610 100644 --- a/api_docs/observability_onboarding.mdx +++ b/api_docs/observability_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding title: "observabilityOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityOnboarding plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding'] --- import observabilityOnboardingObj from './observability_onboarding.devdocs.json'; diff --git a/api_docs/observability_shared.devdocs.json b/api_docs/observability_shared.devdocs.json index 4047b0886ada3..ded54140435bb 100644 --- a/api_docs/observability_shared.devdocs.json +++ b/api_docs/observability_shared.devdocs.json @@ -6926,7 +6926,7 @@ "label": "ENTITY_DEFINITION_ID", "description": [], "signature": [ - "\"entity.definitionId\"" + "\"entity.definition_id\"" ], "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", "deprecated": false, @@ -6941,7 +6941,7 @@ "label": "ENTITY_DISPLAY_NAME", "description": [], "signature": [ - "\"entity.displayName\"" + "\"entity.display_name\"" ], "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", "deprecated": false, @@ -6956,7 +6956,7 @@ "label": "ENTITY_FIRST_SEEN", "description": [], "signature": [ - "\"entity.firstSeenTimestamp\"" + "\"entity.first_seen_timestamp\"" ], "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", "deprecated": false, @@ -6986,7 +6986,7 @@ "label": "ENTITY_IDENTITY_FIELDS", "description": [], "signature": [ - "\"entity.identityFields\"" + "\"entity.identity_fields\"" ], "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", "deprecated": false, @@ -7001,7 +7001,7 @@ "label": "ENTITY_LAST_SEEN", "description": [], "signature": [ - "\"entity.lastSeenTimestamp\"" + "\"entity.last_seen_timestamp\"" ], "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", "deprecated": false, diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx index 725a062db1007..4873cd8f74709 100644 --- a/api_docs/observability_shared.mdx +++ b/api_docs/observability_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared title: "observabilityShared" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityShared plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared'] --- import observabilitySharedObj from './observability_shared.devdocs.json'; diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx index 88456c91d166f..a4ae0ec212cdf 100644 --- a/api_docs/osquery.mdx +++ b/api_docs/osquery.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery title: "osquery" image: https://source.unsplash.com/400x175/?github description: API docs for the osquery plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery'] --- import osqueryObj from './osquery.devdocs.json'; diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx index 0cdafdd26c03c..097b63f4e0718 100644 --- a/api_docs/painless_lab.mdx +++ b/api_docs/painless_lab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab title: "painlessLab" image: https://source.unsplash.com/400x175/?github description: API docs for the painlessLab plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab'] --- import painlessLabObj from './painless_lab.devdocs.json'; diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx index a35c1a05f74ed..31e2927355f02 100644 --- a/api_docs/plugin_directory.mdx +++ b/api_docs/plugin_directory.mdx @@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory slug: /kibana-dev-docs/api-meta/plugin-api-directory title: Directory description: Directory of public APIs available through plugins or packages. -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -15,19 +15,19 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Count | Plugins or Packages with a
public API | Number of teams | |--------------|----------|------------------------| -| 875 | 747 | 45 | +| 876 | 748 | 45 | ### Public API health stats | API Count | Any Count | Missing comments | Missing exports | |--------------|----------|-----------------|--------| -| 53994 | 242 | 40577 | 2008 | +| 54006 | 242 | 40588 | 2008 | ## Plugin Directory | Plugin name           | Maintaining team | Description | API Cnt | Any Cnt | Missing
comments | Missing
exports | |--------------|----------------|-----------|--------------|----------|---------------|--------| -| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 320 | 0 | 314 | 37 | +| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 322 | 0 | 316 | 37 | | | [@elastic/appex-sharedux @elastic/kibana-management](https://github.com/orgs/elastic/teams/appex-sharedux ) | - | 2 | 0 | 2 | 0 | | | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 4 | 0 | 4 | 1 | | | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | AIOps plugin maintained by ML team. | 72 | 0 | 8 | 2 | @@ -194,7 +194,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | Serverless customizations for observability. | 6 | 0 | 6 | 0 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | Serverless customizations for search. | 7 | 0 | 7 | 0 | | | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 134 | 0 | 134 | 8 | -| | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds URL Service and sharing capabilities to Kibana | 135 | 0 | 72 | 15 | +| | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds URL Service and sharing capabilities to Kibana | 136 | 0 | 73 | 15 | | | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 59 | 0 | 59 | 1 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 22 | 1 | 22 | 1 | | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides the Spaces feature, which allows saved objects to be organized into meaningful categories. | 269 | 0 | 73 | 1 | @@ -372,7 +372,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 7 | 0 | 7 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 54 | 7 | 54 | 6 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 15 | 0 | 15 | 1 | -| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 551 | 2 | 232 | 1 | +| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 552 | 2 | 232 | 1 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 96 | 0 | 83 | 10 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 46 | 0 | 45 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 2 | 0 | @@ -511,7 +511,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 42 | 0 | 41 | 0 | | | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 169 | 0 | 140 | 10 | | | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 403 | 0 | 372 | 0 | -| | [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entities) | - | 44 | 0 | 44 | 0 | +| | [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entities) | - | 43 | 0 | 43 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 55 | 0 | 40 | 7 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 32 | 0 | 19 | 1 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 11 | 0 | 6 | 0 | @@ -660,12 +660,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 92 | 0 | 91 | 0 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | A component for creating resizable layouts containing a fixed width panel and a flexible panel, with support for horizontal and vertical layouts. | 18 | 0 | 5 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 3 | 0 | 3 | 0 | +| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 8 | 0 | 8 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 13 | 2 | 8 | 0 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 3 | 0 | 3 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 10 | 0 | 10 | 1 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 2 | 0 | 1 | 1 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 16 | 0 | 16 | 1 | -| | [@elastic/security-detections-response](https://github.com/orgs/elastic/teams/security-detections-response) | - | 136 | 0 | 133 | 0 | +| | [@elastic/security-detections-response](https://github.com/orgs/elastic/teams/security-detections-response) | - | 138 | 0 | 135 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 35 | 0 | 34 | 0 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 8 | 0 | 8 | 1 | @@ -690,7 +691,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 7 | 0 | 0 | 0 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 15 | 0 | 15 | 7 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 54 | 0 | 49 | 0 | -| | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 30 | 0 | 24 | 0 | +| | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 29 | 0 | 23 | 0 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 2 | 0 | 0 | 0 | | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 48 | 0 | 13 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 56 | 1 | 41 | 1 | diff --git a/api_docs/presentation_panel.mdx b/api_docs/presentation_panel.mdx index d28928d9d7b46..0c3cb44216a1a 100644 --- a/api_docs/presentation_panel.mdx +++ b/api_docs/presentation_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationPanel title: "presentationPanel" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationPanel plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationPanel'] --- import presentationPanelObj from './presentation_panel.devdocs.json'; diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx index 0e95d62d360eb..9e66cb19a58b0 100644 --- a/api_docs/presentation_util.mdx +++ b/api_docs/presentation_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil title: "presentationUtil" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationUtil plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil'] --- import presentationUtilObj from './presentation_util.devdocs.json'; diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx index ae8e04b077b43..13ae4068670b7 100644 --- a/api_docs/profiling.mdx +++ b/api_docs/profiling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling title: "profiling" image: https://source.unsplash.com/400x175/?github description: API docs for the profiling plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling'] --- import profilingObj from './profiling.devdocs.json'; diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx index f4da3f0070988..a56732f53c402 100644 --- a/api_docs/profiling_data_access.mdx +++ b/api_docs/profiling_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess title: "profilingDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the profilingDataAccess plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess'] --- import profilingDataAccessObj from './profiling_data_access.devdocs.json'; diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx index e82704d6719b3..0b915786bb870 100644 --- a/api_docs/remote_clusters.mdx +++ b/api_docs/remote_clusters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters title: "remoteClusters" image: https://source.unsplash.com/400x175/?github description: API docs for the remoteClusters plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters'] --- import remoteClustersObj from './remote_clusters.devdocs.json'; diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx index f64c5dd406531..5bb77fef79184 100644 --- a/api_docs/reporting.mdx +++ b/api_docs/reporting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting title: "reporting" image: https://source.unsplash.com/400x175/?github description: API docs for the reporting plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting'] --- import reportingObj from './reporting.devdocs.json'; diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx index e953d84a014e8..85102752a5e05 100644 --- a/api_docs/rollup.mdx +++ b/api_docs/rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup title: "rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the rollup plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup'] --- import rollupObj from './rollup.devdocs.json'; diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx index 987f5ab06c2ac..36d91f7904e9b 100644 --- a/api_docs/rule_registry.mdx +++ b/api_docs/rule_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry title: "ruleRegistry" image: https://source.unsplash.com/400x175/?github description: API docs for the ruleRegistry plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry'] --- import ruleRegistryObj from './rule_registry.devdocs.json'; diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx index b155f8dcc25d5..b05913ed4fc5e 100644 --- a/api_docs/runtime_fields.mdx +++ b/api_docs/runtime_fields.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields title: "runtimeFields" image: https://source.unsplash.com/400x175/?github description: API docs for the runtimeFields plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields'] --- import runtimeFieldsObj from './runtime_fields.devdocs.json'; diff --git a/api_docs/saved_objects.devdocs.json b/api_docs/saved_objects.devdocs.json index 1e04ae0514ce8..340a56e3620f2 100644 --- a/api_docs/saved_objects.devdocs.json +++ b/api_docs/saved_objects.devdocs.json @@ -50,6 +50,14 @@ "plugin": "presentationUtil", "path": "src/plugins/presentation_util/public/components/saved_object_save_modal_dashboard.tsx" }, + { + "plugin": "lens", + "path": "x-pack/plugins/lens/public/visualizations/xy/annotations/actions/save_action.tsx" + }, + { + "plugin": "lens", + "path": "x-pack/plugins/lens/public/visualizations/xy/annotations/actions/save_action.tsx" + }, { "plugin": "dashboard", "path": "src/plugins/dashboard/public/dashboard_container/embeddable/api/overlays/save_modal.tsx" @@ -66,14 +74,6 @@ "plugin": "dashboard", "path": "src/plugins/dashboard/public/dashboard_actions/add_to_library_action.tsx" }, - { - "plugin": "lens", - "path": "x-pack/plugins/lens/public/visualizations/xy/annotations/actions/save_action.tsx" - }, - { - "plugin": "lens", - "path": "x-pack/plugins/lens/public/visualizations/xy/annotations/actions/save_action.tsx" - }, { "plugin": "discover", "path": "src/plugins/discover/public/application/main/components/top_nav/on_save_search.tsx" diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx index 993dd40ebc3d0..bb5d3ed8bd614 100644 --- a/api_docs/saved_objects.mdx +++ b/api_docs/saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects title: "savedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjects plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects'] --- import savedObjectsObj from './saved_objects.devdocs.json'; diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx index 38ec230e70303..28a39f6ce5ce7 100644 --- a/api_docs/saved_objects_finder.mdx +++ b/api_docs/saved_objects_finder.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder title: "savedObjectsFinder" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsFinder plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder'] --- import savedObjectsFinderObj from './saved_objects_finder.devdocs.json'; diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx index edbd31275d247..246fefcad879e 100644 --- a/api_docs/saved_objects_management.mdx +++ b/api_docs/saved_objects_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement title: "savedObjectsManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsManagement plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement'] --- import savedObjectsManagementObj from './saved_objects_management.devdocs.json'; diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx index 061cd64ee667f..8fb3fa86149b1 100644 --- a/api_docs/saved_objects_tagging.mdx +++ b/api_docs/saved_objects_tagging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging title: "savedObjectsTagging" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTagging plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging'] --- import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json'; diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx index fed7164e22ecb..8bd86ba5350e0 100644 --- a/api_docs/saved_objects_tagging_oss.mdx +++ b/api_docs/saved_objects_tagging_oss.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss title: "savedObjectsTaggingOss" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTaggingOss plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss'] --- import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json'; diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx index 31aec7280c720..6ff1f2d9f32e6 100644 --- a/api_docs/saved_search.mdx +++ b/api_docs/saved_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch title: "savedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the savedSearch plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch'] --- import savedSearchObj from './saved_search.devdocs.json'; diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx index 11cb91a52679a..022a3fb46a893 100644 --- a/api_docs/screenshot_mode.mdx +++ b/api_docs/screenshot_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode title: "screenshotMode" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotMode plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode'] --- import screenshotModeObj from './screenshot_mode.devdocs.json'; diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx index 3ae33f5280a9a..26d1fec512b5e 100644 --- a/api_docs/screenshotting.mdx +++ b/api_docs/screenshotting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting title: "screenshotting" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotting plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting'] --- import screenshottingObj from './screenshotting.devdocs.json'; diff --git a/api_docs/search_assistant.mdx b/api_docs/search_assistant.mdx index bb8277ffcc6fa..d66a66ace673c 100644 --- a/api_docs/search_assistant.mdx +++ b/api_docs/search_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchAssistant title: "searchAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the searchAssistant plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchAssistant'] --- import searchAssistantObj from './search_assistant.devdocs.json'; diff --git a/api_docs/search_connectors.mdx b/api_docs/search_connectors.mdx index 57bce6557ef5c..1136458004da5 100644 --- a/api_docs/search_connectors.mdx +++ b/api_docs/search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchConnectors title: "searchConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the searchConnectors plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchConnectors'] --- import searchConnectorsObj from './search_connectors.devdocs.json'; diff --git a/api_docs/search_homepage.mdx b/api_docs/search_homepage.mdx index ca792560dac70..eeccbe7faa08f 100644 --- a/api_docs/search_homepage.mdx +++ b/api_docs/search_homepage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchHomepage title: "searchHomepage" image: https://source.unsplash.com/400x175/?github description: API docs for the searchHomepage plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchHomepage'] --- import searchHomepageObj from './search_homepage.devdocs.json'; diff --git a/api_docs/search_indices.devdocs.json b/api_docs/search_indices.devdocs.json index c92f3da9f8c17..a2fa441a9b27d 100644 --- a/api_docs/search_indices.devdocs.json +++ b/api_docs/search_indices.devdocs.json @@ -85,7 +85,7 @@ "label": "startAppId", "description": [], "signature": [ - "\"fleet\" | \"graph\" | \"ml\" | \"monitoring\" | \"profiling\" | \"metrics\" | \"management\" | \"apm\" | \"synthetics\" | \"ux\" | \"canvas\" | \"logs\" | \"dashboards\" | \"slo\" | \"observabilityAIAssistant\" | \"home\" | \"integrations\" | \"discover\" | \"observability-overview\" | \"appSearch\" | \"dev_tools\" | \"maps\" | \"visualize\" | \"dev_tools:console\" | \"dev_tools:searchprofiler\" | \"dev_tools:painless_lab\" | \"dev_tools:grokdebugger\" | \"ml:notifications\" | \"ml:nodes\" | \"ml:overview\" | \"ml:memoryUsage\" | \"ml:settings\" | \"ml:dataVisualizer\" | \"ml:logPatternAnalysis\" | \"ml:logRateAnalysis\" | \"ml:singleMetricViewer\" | \"ml:anomalyDetection\" | \"ml:anomalyExplorer\" | \"ml:dataDrift\" | \"ml:dataFrameAnalytics\" | \"ml:resultExplorer\" | \"ml:analyticsMap\" | \"ml:aiOps\" | \"ml:changePointDetections\" | \"ml:modelManagement\" | \"ml:nodesOverview\" | \"ml:esqlDataVisualizer\" | \"ml:fileUpload\" | \"ml:indexDataVisualizer\" | \"ml:calendarSettings\" | \"ml:filterListsSettings\" | \"ml:suppliedConfigurations\" | \"osquery\" | \"management:transform\" | \"management:watcher\" | \"management:cases\" | \"management:tags\" | \"management:maintenanceWindows\" | \"management:cross_cluster_replication\" | \"management:dataViews\" | \"management:spaces\" | \"management:settings\" | \"management:users\" | \"management:migrate_data\" | \"management:search_sessions\" | \"management:data_quality\" | \"management:filesManagement\" | \"management:roles\" | \"management:reporting\" | \"management:aiAssistantManagementSelection\" | \"management:securityAiAssistantManagement\" | \"management:observabilityAiAssistantManagement\" | \"management:api_keys\" | \"management:license_management\" | \"management:index_lifecycle_management\" | \"management:index_management\" | \"management:ingest_pipelines\" | \"management:jobsListLink\" | \"management:objects\" | \"management:pipelines\" | \"management:remote_clusters\" | \"management:role_mappings\" | \"management:rollup_jobs\" | \"management:snapshot_restore\" | \"management:triggersActions\" | \"management:triggersActionsConnectors\" | \"management:upgrade_assistant\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"enterpriseSearchRelevance\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchInferenceEndpoints\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"enterpriseSearchRelevance:inferenceEndpoints\" | \"elasticsearchStart\" | \"elasticsearchIndices\" | \"observability-logs-explorer\" | \"last-used-logs-viewer\" | \"observabilityOnboarding\" | \"inventory\" | \"logs:settings\" | \"logs:stream\" | \"logs:log-categories\" | \"logs:anomalies\" | \"observability-overview:cases\" | \"observability-overview:alerts\" | \"observability-overview:rules\" | \"observability-overview:cases_create\" | \"observability-overview:cases_configure\" | \"metrics:settings\" | \"metrics:hosts\" | \"metrics:inventory\" | \"metrics:metrics-explorer\" | \"metrics:assetDetails\" | \"apm:services\" | \"apm:traces\" | \"apm:dependencies\" | \"apm:service-map\" | \"apm:settings\" | \"apm:service-groups-list\" | \"apm:storage-explorer\" | \"synthetics:overview\" | \"synthetics:certificates\" | \"profiling:functions\" | \"profiling:stacktraces\" | \"profiling:flamegraphs\" | \"inventory:datastreams\" | \"securitySolutionUI\" | \"securitySolutionUI:\" | \"securitySolutionUI:cases\" | \"securitySolutionUI:alerts\" | \"securitySolutionUI:rules\" | \"securitySolutionUI:policy\" | \"securitySolutionUI:overview\" | \"securitySolutionUI:dashboards\" | \"securitySolutionUI:kubernetes\" | \"securitySolutionUI:cases_create\" | \"securitySolutionUI:cases_configure\" | \"securitySolutionUI:hosts\" | \"securitySolutionUI:users\" | \"securitySolutionUI:cloud_defend-policies\" | \"securitySolutionUI:cloud_security_posture-dashboard\" | \"securitySolutionUI:cloud_security_posture-findings\" | \"securitySolutionUI:cloud_security_posture-benchmarks\" | \"securitySolutionUI:network\" | \"securitySolutionUI:data_quality\" | \"securitySolutionUI:explore\" | \"securitySolutionUI:assets\" | \"securitySolutionUI:cloud_defend\" | \"securitySolutionUI:notes\" | \"securitySolutionUI:administration\" | \"securitySolutionUI:attack_discovery\" | \"securitySolutionUI:blocklist\" | \"securitySolutionUI:cloud_security_posture-rules\" | \"securitySolutionUI:detections\" | \"securitySolutionUI:detection_response\" | \"securitySolutionUI:endpoints\" | \"securitySolutionUI:event_filters\" | \"securitySolutionUI:exceptions\" | \"securitySolutionUI:host_isolation_exceptions\" | \"securitySolutionUI:hosts-all\" | \"securitySolutionUI:hosts-anomalies\" | \"securitySolutionUI:hosts-risk\" | \"securitySolutionUI:hosts-events\" | \"securitySolutionUI:hosts-sessions\" | \"securitySolutionUI:hosts-uncommon_processes\" | \"securitySolutionUI:investigations\" | \"securitySolutionUI:get_started\" | \"securitySolutionUI:machine_learning-landing\" | \"securitySolutionUI:network-anomalies\" | \"securitySolutionUI:network-dns\" | \"securitySolutionUI:network-events\" | \"securitySolutionUI:network-flows\" | \"securitySolutionUI:network-http\" | \"securitySolutionUI:network-tls\" | \"securitySolutionUI:response_actions_history\" | \"securitySolutionUI:rules-add\" | \"securitySolutionUI:rules-create\" | \"securitySolutionUI:rules-landing\" | \"securitySolutionUI:threat_intelligence\" | \"securitySolutionUI:timelines\" | \"securitySolutionUI:timelines-templates\" | \"securitySolutionUI:trusted_apps\" | \"securitySolutionUI:users-all\" | \"securitySolutionUI:users-anomalies\" | \"securitySolutionUI:users-authentications\" | \"securitySolutionUI:users-events\" | \"securitySolutionUI:users-risk\" | \"securitySolutionUI:entity_analytics\" | \"securitySolutionUI:entity_analytics-management\" | \"securitySolutionUI:entity_analytics-asset-classification\" | \"securitySolutionUI:entity_analytics-entity_store_management\" | \"securitySolutionUI:coverage-overview\" | \"fleet:settings\" | \"fleet:agents\" | \"fleet:policies\" | \"fleet:data_streams\" | \"fleet:enrollment_tokens\" | \"fleet:uninstall_tokens\"" + "\"fleet\" | \"graph\" | \"ml\" | \"monitoring\" | \"profiling\" | \"metrics\" | \"management\" | \"apm\" | \"synthetics\" | \"ux\" | \"canvas\" | \"logs\" | \"dashboards\" | \"slo\" | \"observabilityAIAssistant\" | \"home\" | \"integrations\" | \"discover\" | \"observability-overview\" | \"appSearch\" | \"dev_tools\" | \"maps\" | \"visualize\" | \"dev_tools:console\" | \"dev_tools:searchprofiler\" | \"dev_tools:painless_lab\" | \"dev_tools:grokdebugger\" | \"ml:notifications\" | \"ml:nodes\" | \"ml:overview\" | \"ml:memoryUsage\" | \"ml:settings\" | \"ml:dataVisualizer\" | \"ml:logPatternAnalysis\" | \"ml:logRateAnalysis\" | \"ml:singleMetricViewer\" | \"ml:anomalyDetection\" | \"ml:anomalyExplorer\" | \"ml:dataDrift\" | \"ml:dataFrameAnalytics\" | \"ml:resultExplorer\" | \"ml:analyticsMap\" | \"ml:aiOps\" | \"ml:changePointDetections\" | \"ml:modelManagement\" | \"ml:nodesOverview\" | \"ml:esqlDataVisualizer\" | \"ml:fileUpload\" | \"ml:indexDataVisualizer\" | \"ml:calendarSettings\" | \"ml:filterListsSettings\" | \"ml:suppliedConfigurations\" | \"osquery\" | \"management:transform\" | \"management:watcher\" | \"management:cases\" | \"management:tags\" | \"management:maintenanceWindows\" | \"management:cross_cluster_replication\" | \"management:dataViews\" | \"management:spaces\" | \"management:settings\" | \"management:users\" | \"management:migrate_data\" | \"management:search_sessions\" | \"management:data_quality\" | \"management:filesManagement\" | \"management:roles\" | \"management:reporting\" | \"management:aiAssistantManagementSelection\" | \"management:securityAiAssistantManagement\" | \"management:observabilityAiAssistantManagement\" | \"management:api_keys\" | \"management:license_management\" | \"management:index_lifecycle_management\" | \"management:index_management\" | \"management:ingest_pipelines\" | \"management:jobsListLink\" | \"management:objects\" | \"management:pipelines\" | \"management:remote_clusters\" | \"management:role_mappings\" | \"management:rollup_jobs\" | \"management:snapshot_restore\" | \"management:triggersActions\" | \"management:triggersActionsConnectors\" | \"management:upgrade_assistant\" | \"enterpriseSearch\" | \"enterpriseSearchContent\" | \"enterpriseSearchApplications\" | \"searchInferenceEndpoints\" | \"enterpriseSearchAnalytics\" | \"workplaceSearch\" | \"serverlessElasticsearch\" | \"serverlessConnectors\" | \"searchPlayground\" | \"searchHomepage\" | \"enterpriseSearchContent:connectors\" | \"enterpriseSearchContent:searchIndices\" | \"enterpriseSearchContent:webCrawlers\" | \"enterpriseSearchApplications:searchApplications\" | \"enterpriseSearchApplications:playground\" | \"appSearch:engines\" | \"searchInferenceEndpoints:inferenceEndpoints\" | \"elasticsearchStart\" | \"elasticsearchIndices\" | \"observability-logs-explorer\" | \"last-used-logs-viewer\" | \"observabilityOnboarding\" | \"inventory\" | \"logs:settings\" | \"logs:stream\" | \"logs:log-categories\" | \"logs:anomalies\" | \"observability-overview:cases\" | \"observability-overview:alerts\" | \"observability-overview:rules\" | \"observability-overview:cases_create\" | \"observability-overview:cases_configure\" | \"metrics:settings\" | \"metrics:hosts\" | \"metrics:inventory\" | \"metrics:metrics-explorer\" | \"metrics:assetDetails\" | \"apm:services\" | \"apm:traces\" | \"apm:dependencies\" | \"apm:service-map\" | \"apm:settings\" | \"apm:service-groups-list\" | \"apm:storage-explorer\" | \"synthetics:overview\" | \"synthetics:certificates\" | \"profiling:functions\" | \"profiling:stacktraces\" | \"profiling:flamegraphs\" | \"inventory:datastreams\" | \"securitySolutionUI\" | \"securitySolutionUI:\" | \"securitySolutionUI:cases\" | \"securitySolutionUI:alerts\" | \"securitySolutionUI:rules\" | \"securitySolutionUI:policy\" | \"securitySolutionUI:overview\" | \"securitySolutionUI:dashboards\" | \"securitySolutionUI:kubernetes\" | \"securitySolutionUI:cases_create\" | \"securitySolutionUI:cases_configure\" | \"securitySolutionUI:hosts\" | \"securitySolutionUI:users\" | \"securitySolutionUI:cloud_defend-policies\" | \"securitySolutionUI:cloud_security_posture-dashboard\" | \"securitySolutionUI:cloud_security_posture-findings\" | \"securitySolutionUI:cloud_security_posture-benchmarks\" | \"securitySolutionUI:network\" | \"securitySolutionUI:data_quality\" | \"securitySolutionUI:explore\" | \"securitySolutionUI:assets\" | \"securitySolutionUI:cloud_defend\" | \"securitySolutionUI:notes\" | \"securitySolutionUI:administration\" | \"securitySolutionUI:attack_discovery\" | \"securitySolutionUI:blocklist\" | \"securitySolutionUI:cloud_security_posture-rules\" | \"securitySolutionUI:detections\" | \"securitySolutionUI:detection_response\" | \"securitySolutionUI:endpoints\" | \"securitySolutionUI:event_filters\" | \"securitySolutionUI:exceptions\" | \"securitySolutionUI:host_isolation_exceptions\" | \"securitySolutionUI:hosts-all\" | \"securitySolutionUI:hosts-anomalies\" | \"securitySolutionUI:hosts-risk\" | \"securitySolutionUI:hosts-events\" | \"securitySolutionUI:hosts-sessions\" | \"securitySolutionUI:hosts-uncommon_processes\" | \"securitySolutionUI:investigations\" | \"securitySolutionUI:get_started\" | \"securitySolutionUI:machine_learning-landing\" | \"securitySolutionUI:network-anomalies\" | \"securitySolutionUI:network-dns\" | \"securitySolutionUI:network-events\" | \"securitySolutionUI:network-flows\" | \"securitySolutionUI:network-http\" | \"securitySolutionUI:network-tls\" | \"securitySolutionUI:response_actions_history\" | \"securitySolutionUI:rules-add\" | \"securitySolutionUI:rules-create\" | \"securitySolutionUI:rules-landing\" | \"securitySolutionUI:threat_intelligence\" | \"securitySolutionUI:timelines\" | \"securitySolutionUI:timelines-templates\" | \"securitySolutionUI:trusted_apps\" | \"securitySolutionUI:users-all\" | \"securitySolutionUI:users-anomalies\" | \"securitySolutionUI:users-authentications\" | \"securitySolutionUI:users-events\" | \"securitySolutionUI:users-risk\" | \"securitySolutionUI:entity_analytics\" | \"securitySolutionUI:entity_analytics-management\" | \"securitySolutionUI:entity_analytics-asset-classification\" | \"securitySolutionUI:entity_analytics-entity_store_management\" | \"securitySolutionUI:coverage-overview\" | \"fleet:settings\" | \"fleet:agents\" | \"fleet:policies\" | \"fleet:data_streams\" | \"fleet:enrollment_tokens\" | \"fleet:uninstall_tokens\"" ], "path": "x-pack/plugins/search_indices/public/types.ts", "deprecated": false, diff --git a/api_docs/search_indices.mdx b/api_docs/search_indices.mdx index 71149f0526577..b662d6c015100 100644 --- a/api_docs/search_indices.mdx +++ b/api_docs/search_indices.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchIndices title: "searchIndices" image: https://source.unsplash.com/400x175/?github description: API docs for the searchIndices plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchIndices'] --- import searchIndicesObj from './search_indices.devdocs.json'; diff --git a/api_docs/search_inference_endpoints.mdx b/api_docs/search_inference_endpoints.mdx index cda9aea2d5d0d..66f6d593c078d 100644 --- a/api_docs/search_inference_endpoints.mdx +++ b/api_docs/search_inference_endpoints.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchInferenceEndpoints title: "searchInferenceEndpoints" image: https://source.unsplash.com/400x175/?github description: API docs for the searchInferenceEndpoints plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchInferenceEndpoints'] --- import searchInferenceEndpointsObj from './search_inference_endpoints.devdocs.json'; diff --git a/api_docs/search_notebooks.mdx b/api_docs/search_notebooks.mdx index c9ec072e31cea..05336feed06f4 100644 --- a/api_docs/search_notebooks.mdx +++ b/api_docs/search_notebooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchNotebooks title: "searchNotebooks" image: https://source.unsplash.com/400x175/?github description: API docs for the searchNotebooks plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchNotebooks'] --- import searchNotebooksObj from './search_notebooks.devdocs.json'; diff --git a/api_docs/search_playground.mdx b/api_docs/search_playground.mdx index 82824168be9be..5415cb0166981 100644 --- a/api_docs/search_playground.mdx +++ b/api_docs/search_playground.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchPlayground title: "searchPlayground" image: https://source.unsplash.com/400x175/?github description: API docs for the searchPlayground plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchPlayground'] --- import searchPlaygroundObj from './search_playground.devdocs.json'; diff --git a/api_docs/security.mdx b/api_docs/security.mdx index acafa149b5dfd..d3b7ef9dedc01 100644 --- a/api_docs/security.mdx +++ b/api_docs/security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security title: "security" image: https://source.unsplash.com/400x175/?github description: API docs for the security plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security'] --- import securityObj from './security.devdocs.json'; diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx index 7e9f8d67b7df7..9e393a13639e4 100644 --- a/api_docs/security_solution.mdx +++ b/api_docs/security_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution title: "securitySolution" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolution plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution'] --- import securitySolutionObj from './security_solution.devdocs.json'; diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx index 071bc473f2d76..895e042ec2a5e 100644 --- a/api_docs/security_solution_ess.mdx +++ b/api_docs/security_solution_ess.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss title: "securitySolutionEss" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionEss plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss'] --- import securitySolutionEssObj from './security_solution_ess.devdocs.json'; diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx index ac7994c0f70dd..f4a603c21a5c5 100644 --- a/api_docs/security_solution_serverless.mdx +++ b/api_docs/security_solution_serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless title: "securitySolutionServerless" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionServerless plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless'] --- import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json'; diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx index 160077d47ed37..3735c7acaa940 100644 --- a/api_docs/serverless.mdx +++ b/api_docs/serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless title: "serverless" image: https://source.unsplash.com/400x175/?github description: API docs for the serverless plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless'] --- import serverlessObj from './serverless.devdocs.json'; diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx index 64350dd1762f2..00225f3e8a372 100644 --- a/api_docs/serverless_observability.mdx +++ b/api_docs/serverless_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability title: "serverlessObservability" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessObservability plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability'] --- import serverlessObservabilityObj from './serverless_observability.devdocs.json'; diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx index f8e9805d1dca0..f75308b519a75 100644 --- a/api_docs/serverless_search.mdx +++ b/api_docs/serverless_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch title: "serverlessSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessSearch plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch'] --- import serverlessSearchObj from './serverless_search.devdocs.json'; diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx index d158f70ffc914..f5845f7aa9584 100644 --- a/api_docs/session_view.mdx +++ b/api_docs/session_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView title: "sessionView" image: https://source.unsplash.com/400x175/?github description: API docs for the sessionView plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView'] --- import sessionViewObj from './session_view.devdocs.json'; diff --git a/api_docs/share.devdocs.json b/api_docs/share.devdocs.json index df10eee7ece27..779c2a12f4c64 100644 --- a/api_docs/share.devdocs.json +++ b/api_docs/share.devdocs.json @@ -1419,6 +1419,20 @@ "path": "src/plugins/share/public/types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "share", + "id": "def-public.ShareMenuItemV2.warnings", + "type": "Array", + "tags": [], + "label": "warnings", + "description": [], + "signature": [ + "{ title: string; message: string; }[] | undefined" + ], + "path": "src/plugins/share/public/types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/share.mdx b/api_docs/share.mdx index 301f22da7099c..43620b83f1230 100644 --- a/api_docs/share.mdx +++ b/api_docs/share.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share title: "share" image: https://source.unsplash.com/400x175/?github description: API docs for the share plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share'] --- import shareObj from './share.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sh | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 135 | 0 | 72 | 15 | +| 136 | 0 | 73 | 15 | ## Client diff --git a/api_docs/slo.mdx b/api_docs/slo.mdx index 288e796fc9f2c..1cbb1da238d65 100644 --- a/api_docs/slo.mdx +++ b/api_docs/slo.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/slo title: "slo" image: https://source.unsplash.com/400x175/?github description: API docs for the slo plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'slo'] --- import sloObj from './slo.devdocs.json'; diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx index c227cd6b521ea..c89f36dfc4b71 100644 --- a/api_docs/snapshot_restore.mdx +++ b/api_docs/snapshot_restore.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore title: "snapshotRestore" image: https://source.unsplash.com/400x175/?github description: API docs for the snapshotRestore plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore'] --- import snapshotRestoreObj from './snapshot_restore.devdocs.json'; diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx index 5cbab96cd73d1..f9826555b8385 100644 --- a/api_docs/spaces.mdx +++ b/api_docs/spaces.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces title: "spaces" image: https://source.unsplash.com/400x175/?github description: API docs for the spaces plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces'] --- import spacesObj from './spaces.devdocs.json'; diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx index 706deaed61aa6..fa0f5ed1188d0 100644 --- a/api_docs/stack_alerts.mdx +++ b/api_docs/stack_alerts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts title: "stackAlerts" image: https://source.unsplash.com/400x175/?github description: API docs for the stackAlerts plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts'] --- import stackAlertsObj from './stack_alerts.devdocs.json'; diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx index 001b54e5324b4..8588064cd6a34 100644 --- a/api_docs/stack_connectors.mdx +++ b/api_docs/stack_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors title: "stackConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the stackConnectors plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors'] --- import stackConnectorsObj from './stack_connectors.devdocs.json'; diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx index 9e92f0545ddcd..318b944b62f39 100644 --- a/api_docs/task_manager.mdx +++ b/api_docs/task_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager title: "taskManager" image: https://source.unsplash.com/400x175/?github description: API docs for the taskManager plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager'] --- import taskManagerObj from './task_manager.devdocs.json'; diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx index 4b10e1b6625e8..a341a90574a8f 100644 --- a/api_docs/telemetry.mdx +++ b/api_docs/telemetry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry title: "telemetry" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetry plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry'] --- import telemetryObj from './telemetry.devdocs.json'; diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx index 1a97ff3ddca80..627e130e10d2d 100644 --- a/api_docs/telemetry_collection_manager.mdx +++ b/api_docs/telemetry_collection_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager title: "telemetryCollectionManager" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionManager plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager'] --- import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json'; diff --git a/api_docs/telemetry_collection_xpack.mdx b/api_docs/telemetry_collection_xpack.mdx index 7a68033c55b9f..820a18bf1d8b5 100644 --- a/api_docs/telemetry_collection_xpack.mdx +++ b/api_docs/telemetry_collection_xpack.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionXpack title: "telemetryCollectionXpack" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionXpack plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionXpack'] --- import telemetryCollectionXpackObj from './telemetry_collection_xpack.devdocs.json'; diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx index 57dd1d582df8e..31928ad49e6df 100644 --- a/api_docs/telemetry_management_section.mdx +++ b/api_docs/telemetry_management_section.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection title: "telemetryManagementSection" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryManagementSection plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection'] --- import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json'; diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx index 1305052edfb9a..7eccfa80a188a 100644 --- a/api_docs/threat_intelligence.mdx +++ b/api_docs/threat_intelligence.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence title: "threatIntelligence" image: https://source.unsplash.com/400x175/?github description: API docs for the threatIntelligence plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence'] --- import threatIntelligenceObj from './threat_intelligence.devdocs.json'; diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx index 366d08dc22185..607b2eb7ae1b4 100644 --- a/api_docs/timelines.mdx +++ b/api_docs/timelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines title: "timelines" image: https://source.unsplash.com/400x175/?github description: API docs for the timelines plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines'] --- import timelinesObj from './timelines.devdocs.json'; diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx index 5c58ce988ce89..3b9479ad7e04c 100644 --- a/api_docs/transform.mdx +++ b/api_docs/transform.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform title: "transform" image: https://source.unsplash.com/400x175/?github description: API docs for the transform plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform'] --- import transformObj from './transform.devdocs.json'; diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx index 511df7c0bcb3a..528c0b87a54ab 100644 --- a/api_docs/triggers_actions_ui.mdx +++ b/api_docs/triggers_actions_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi title: "triggersActionsUi" image: https://source.unsplash.com/400x175/?github description: API docs for the triggersActionsUi plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi'] --- import triggersActionsUiObj from './triggers_actions_ui.devdocs.json'; diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx index b3209b954f339..3cb2db5b23aa9 100644 --- a/api_docs/ui_actions.mdx +++ b/api_docs/ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions title: "uiActions" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActions plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions'] --- import uiActionsObj from './ui_actions.devdocs.json'; diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx index 2533be85ee20c..677b0bd6071d0 100644 --- a/api_docs/ui_actions_enhanced.mdx +++ b/api_docs/ui_actions_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced title: "uiActionsEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActionsEnhanced plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced'] --- import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json'; diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx index 8ca3470dd6f6f..faf3ff01f37ef 100644 --- a/api_docs/unified_doc_viewer.mdx +++ b/api_docs/unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer title: "unifiedDocViewer" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedDocViewer plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer'] --- import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json'; diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx index e0012036d3739..e87989b8cbbe2 100644 --- a/api_docs/unified_histogram.mdx +++ b/api_docs/unified_histogram.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram title: "unifiedHistogram" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedHistogram plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram'] --- import unifiedHistogramObj from './unified_histogram.devdocs.json'; diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx index c0348936979b0..03ca2d121383d 100644 --- a/api_docs/unified_search.mdx +++ b/api_docs/unified_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch title: "unifiedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch'] --- import unifiedSearchObj from './unified_search.devdocs.json'; diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx index 16131c2c79919..33d93dd245030 100644 --- a/api_docs/unified_search_autocomplete.mdx +++ b/api_docs/unified_search_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete title: "unifiedSearch.autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch.autocomplete plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete'] --- import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json'; diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx index 8637b8e308f81..8c604601a4565 100644 --- a/api_docs/uptime.mdx +++ b/api_docs/uptime.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime title: "uptime" image: https://source.unsplash.com/400x175/?github description: API docs for the uptime plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime'] --- import uptimeObj from './uptime.devdocs.json'; diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx index 7c3ce38e22076..ba0276527dee7 100644 --- a/api_docs/url_forwarding.mdx +++ b/api_docs/url_forwarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding title: "urlForwarding" image: https://source.unsplash.com/400x175/?github description: API docs for the urlForwarding plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding'] --- import urlForwardingObj from './url_forwarding.devdocs.json'; diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx index e062817d6231e..1170eec5a458a 100644 --- a/api_docs/usage_collection.mdx +++ b/api_docs/usage_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection title: "usageCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the usageCollection plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection'] --- import usageCollectionObj from './usage_collection.devdocs.json'; diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx index 7848a4f61bdb6..c1f92c49c267a 100644 --- a/api_docs/ux.mdx +++ b/api_docs/ux.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux title: "ux" image: https://source.unsplash.com/400x175/?github description: API docs for the ux plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux'] --- import uxObj from './ux.devdocs.json'; diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx index 2eae64c50a84e..70d9bcf78a1dd 100644 --- a/api_docs/vis_default_editor.mdx +++ b/api_docs/vis_default_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor title: "visDefaultEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the visDefaultEditor plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor'] --- import visDefaultEditorObj from './vis_default_editor.devdocs.json'; diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx index c49b3cdca4e33..66ee00301492a 100644 --- a/api_docs/vis_type_gauge.mdx +++ b/api_docs/vis_type_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge title: "visTypeGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeGauge plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge'] --- import visTypeGaugeObj from './vis_type_gauge.devdocs.json'; diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx index a635e54904e8a..7a38ed1c1a068 100644 --- a/api_docs/vis_type_heatmap.mdx +++ b/api_docs/vis_type_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap title: "visTypeHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeHeatmap plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap'] --- import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json'; diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx index 6726f6a9d1767..2025517672cd9 100644 --- a/api_docs/vis_type_pie.mdx +++ b/api_docs/vis_type_pie.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie title: "visTypePie" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypePie plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie'] --- import visTypePieObj from './vis_type_pie.devdocs.json'; diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx index 45e8537ced6f5..70592aa5d8a7a 100644 --- a/api_docs/vis_type_table.mdx +++ b/api_docs/vis_type_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable title: "visTypeTable" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTable plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable'] --- import visTypeTableObj from './vis_type_table.devdocs.json'; diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx index 6f34b1f2e6ac2..688101a8fbc21 100644 --- a/api_docs/vis_type_timelion.mdx +++ b/api_docs/vis_type_timelion.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion title: "visTypeTimelion" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimelion plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion'] --- import visTypeTimelionObj from './vis_type_timelion.devdocs.json'; diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx index 8440e636aeb65..07e0e6f0ff158 100644 --- a/api_docs/vis_type_timeseries.mdx +++ b/api_docs/vis_type_timeseries.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries title: "visTypeTimeseries" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimeseries plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries'] --- import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json'; diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx index 525347351153a..c84cc9645b25b 100644 --- a/api_docs/vis_type_vega.mdx +++ b/api_docs/vis_type_vega.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega title: "visTypeVega" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVega plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega'] --- import visTypeVegaObj from './vis_type_vega.devdocs.json'; diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx index 32c2921db5a10..dea129607f14e 100644 --- a/api_docs/vis_type_vislib.mdx +++ b/api_docs/vis_type_vislib.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib title: "visTypeVislib" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVislib plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib'] --- import visTypeVislibObj from './vis_type_vislib.devdocs.json'; diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx index 5cf5b05ffcfe5..97c9623e46d57 100644 --- a/api_docs/vis_type_xy.mdx +++ b/api_docs/vis_type_xy.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy title: "visTypeXy" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeXy plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy'] --- import visTypeXyObj from './vis_type_xy.devdocs.json'; diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx index 2124c854ffc84..8619c2f4b9ee7 100644 --- a/api_docs/visualizations.mdx +++ b/api_docs/visualizations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations title: "visualizations" image: https://source.unsplash.com/400x175/?github description: API docs for the visualizations plugin -date: 2024-10-23 +date: 2024-10-24 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations'] --- import visualizationsObj from './visualizations.devdocs.json'; From 512bfccd7187c1107ec143498daf980a1422fb4d Mon Sep 17 00:00:00 2001 From: Panagiota Mitsopoulou Date: Thu, 24 Oct 2024 10:23:15 +0300 Subject: [PATCH 09/99] migrate es query rule tests to the deployment agnostic framework (#195715) Fixes https://github.com/elastic/kibana/issues/183395 This PR migrates the ES query rule tests to the [deployment agnostic framework](https://github.com/elastic/kibana/tree/main/x-pack/test/api_integration/deployment_agnostic) ### TODO - [x] Migrate ES rule tests into the deployment agnostic solution - [ ] Test in MKI before merging ### How to run tests locally To run serverless ``` node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts --grep="ElasticSearch query rule" ``` To run stateful ``` node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.stateful.config.ts node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.stateful.config.ts --grep="ElasticSearch query rule" ``` ### How to run tests on MKI According to this [discussion](https://github.com/elastic/observability-dev/issues/3519#issuecomment-2379914274), we should test in MKI environment before merging. For details on how to run in MKI, see [this section of the document](https://docs.google.com/document/d/1tiax7xoDYwFXYZjRTgVKkVMjN-SQzBWk4yn1JY6Z5UY/edit#heading=h.ece2z8p74izh) and [this readme](https://github.com/elastic/kibana/blob/main/x-pack/test_serverless/README.md#run-tests-on-mki). Co-authored-by: Elastic Machine Co-authored-by: Maryam Saeidi --- .../observability/alerting}/es_query_rule.ts | 52 ++++++++++--------- .../apis/observability/alerting/index.ts | 3 +- .../test_suites/observability/index.ts | 1 - 3 files changed, 30 insertions(+), 26 deletions(-) rename x-pack/{test_serverless/api_integration/test_suites/observability/es_query_rule => test/api_integration/deployment_agnostic/apis/observability/alerting}/es_query_rule.ts (69%) diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/es_query_rule/es_query_rule.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/es_query_rule.ts similarity index 69% rename from x-pack/test_serverless/api_integration/test_suites/observability/es_query_rule/es_query_rule.ts rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/es_query_rule.ts index caaecd9f3332a..81527f552a928 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/es_query_rule/es_query_rule.ts +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/es_query_rule.ts @@ -4,24 +4,22 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ + import expect from '@kbn/expect'; -import { FtrProviderContext } from '../../../ftr_provider_context'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import { RoleCredentials, InternalRequestHeader } from '@kbn/ftr-common-functional-services'; +import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context'; -export default function ({ getService }: FtrProviderContext) { +export default function ({ getService }: DeploymentAgnosticFtrProviderContext) { const esClient = getService('es'); - const supertest = getService('supertest'); + const samlAuth = getService('samlAuth'); + const supertestWithoutAuth = getService('supertestWithoutAuth'); const esDeleteAllIndices = getService('esDeleteAllIndices'); const alertingApi = getService('alertingApi'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - let roleAuthc: RoleCredentials; + const config = getService('config'); + const isServerless = config.get('serverless'); + const expectedConsumer = isServerless ? 'observability' : 'logs'; + + let adminRoleAuthc: RoleCredentials; let internalReqHeader: InternalRequestHeader; describe('ElasticSearch query rule', () => { @@ -31,13 +29,19 @@ export default function ({ getService }: FtrProviderContext) { let ruleId: string; before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); + adminRoleAuthc = await samlAuth.createM2mApiKeyWithRoleScope('admin'); + internalReqHeader = samlAuth.getInternalRequestHeader(); }); after(async () => { - await supertest.delete(`/api/alerting/rule/${ruleId}`).set(internalReqHeader); - await supertest.delete(`/api/actions/connector/${actionId}`).set(internalReqHeader); + await supertestWithoutAuth + .delete(`/api/alerting/rule/${ruleId}`) + .set(adminRoleAuthc.apiKeyHeader) + .set(internalReqHeader); + await supertestWithoutAuth + .delete(`/api/actions/connector/${actionId}`) + .set(adminRoleAuthc.apiKeyHeader) + .set(internalReqHeader); await esClient.deleteByQuery({ index: '.kibana-event-log-*', @@ -45,20 +49,20 @@ export default function ({ getService }: FtrProviderContext) { conflicts: 'proceed', }); await esDeleteAllIndices([ALERT_ACTION_INDEX]); - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + await samlAuth.invalidateM2mApiKeyWithRoleScope(adminRoleAuthc); }); describe('Rule creation', () => { it('creates rule successfully', async () => { actionId = await alertingApi.createIndexConnector({ - roleAuthc, + roleAuthc: adminRoleAuthc, name: 'Index Connector: Alerting API test', indexName: ALERT_ACTION_INDEX, }); const createdRule = await alertingApi.helpers.createEsQueryRule({ - roleAuthc, - consumer: 'observability', + roleAuthc: adminRoleAuthc, + consumer: expectedConsumer, name: 'always fire', ruleTypeId: RULE_TYPE_ID, params: { @@ -104,7 +108,7 @@ export default function ({ getService }: FtrProviderContext) { it('should be active', async () => { const executionStatus = await alertingApi.waitForRuleStatus({ - roleAuthc, + roleAuthc: adminRoleAuthc, ruleId, expectedStatus: 'active', }); @@ -112,9 +116,9 @@ export default function ({ getService }: FtrProviderContext) { }); it('should find the created rule with correct information about the consumer', async () => { - const match = await alertingApi.findInRules(roleAuthc, ruleId); + const match = await alertingApi.findInRules(adminRoleAuthc, ruleId); expect(match).not.to.be(undefined); - expect(match.consumer).to.be('observability'); + expect(match.consumer).to.be(expectedConsumer); }); }); }); diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts index 336fcf65c830f..9fa2f0531d325 100644 --- a/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts @@ -8,7 +8,8 @@ import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context'; export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) { - describe('SLO - Burn rate rule', () => { + describe('Observability Alerting', () => { loadTestFile(require.resolve('./burn_rate_rule')); + loadTestFile(require.resolve('./es_query_rule')); }); } diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/index.ts b/x-pack/test_serverless/api_integration/test_suites/observability/index.ts index a138c768d43d4..63f8236a335b6 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/index.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/index.ts @@ -15,7 +15,6 @@ export default function ({ loadTestFile }: FtrProviderContext) { loadTestFile(require.resolve('./apm_api_integration/service_maps/service_maps')); loadTestFile(require.resolve('./apm_api_integration/traces/critical_path')); loadTestFile(require.resolve('./cases')); - loadTestFile(require.resolve('./es_query_rule/es_query_rule')); loadTestFile(require.resolve('./slos')); loadTestFile(require.resolve('./synthetics')); loadTestFile(require.resolve('./dataset_quality_api_integration')); From e0ef5b38c38db85d010f5d07bbb9d0fb27b92023 Mon Sep 17 00:00:00 2001 From: Krzysztof Kowalczyk Date: Thu, 24 Oct 2024 09:54:05 +0200 Subject: [PATCH 10/99] [Saved Objects Tagging] Visually hide tags in Saved Objects Management (#197423) ## Summary This PR visually hides objects with `tag` type from `Saved Objects Management` table while still allowing them to be exportable. Closes: #147786 --- .../saved_objects_table.test.tsx.snap | 23 +++++++++++++++--- .../saved_objects_table.test.tsx | 24 ++++++++++++++++--- .../objects_table/saved_objects_table.tsx | 7 ++++-- 3 files changed, 46 insertions(+), 8 deletions(-) diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/__snapshots__/saved_objects_table.test.tsx.snap b/src/plugins/saved_objects_management/public/management_section/objects_table/__snapshots__/saved_objects_table.test.tsx.snap index 92bae41b22e58..c0035886e6b99 100644 --- a/src/plugins/saved_objects_management/public/management_section/objects_table/__snapshots__/saved_objects_table.test.tsx.snap +++ b/src/plugins/saved_objects_management/public/management_section/objects_table/__snapshots__/saved_objects_table.test.tsx.snap @@ -28,6 +28,12 @@ exports[`SavedObjectsTable delete should show a confirm modal 1`] = ` "name": "search", "namespaceType": "single", }, + Object { + "displayName": "tag", + "hidden": false, + "name": "tag", + "namespaceType": "single", + }, ] } isDeleting={false} @@ -53,7 +59,7 @@ exports[`SavedObjectsTable delete should show a confirm modal 1`] = ` exports[`SavedObjectsTable export should allow the user to choose when exporting all 1`] = `
diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx index bdb47099f17bb..f53cadc7b2f21 100644 --- a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx +++ b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.test.tsx @@ -51,7 +51,9 @@ const convertType = (type: string): SavedObjectManagementTypeInfo => ({ namespaceType: 'single', }); -const allowedTypes = ['index-pattern', 'visualization', 'dashboard', 'search'].map(convertType); +const allowedTypes = ['index-pattern', 'visualization', 'dashboard', 'search', 'tag'].map( + convertType +); const allSavedObjects = [ { @@ -82,6 +84,13 @@ const allSavedObjects = [ title: `MyViz`, }, }, + { + id: '5', + type: 'tag', + attributes: { + title: `HelloWorldTag`, + }, + }, ]; describe('SavedObjectsTable', () => { @@ -129,6 +138,7 @@ describe('SavedObjectsTable', () => { visualization: 0, dashboard: 0, search: 0, + tag: 0, }); defaultProps = { @@ -148,7 +158,7 @@ describe('SavedObjectsTable', () => { }; findObjectsMock.mockImplementation(() => ({ - total: 4, + total: 5, saved_objects: [ { id: '1', @@ -199,6 +209,14 @@ describe('SavedObjectsTable', () => { }, }, }, + { + id: '5', + type: 'tag', + meta: { + title: `HelloWorldTag`, + icon: 'tag', + }, + }, ], })); }); @@ -451,7 +469,7 @@ describe('SavedObjectsTable', () => { component.update(); await component.instance().getRelationships('search', '1'); - const savedObjectTypes = ['index-pattern', 'visualization', 'dashboard', 'search']; + const savedObjectTypes = ['index-pattern', 'visualization', 'dashboard', 'search', 'tag']; expect(getRelationshipsMock).toHaveBeenCalledWith(http, 'search', '1', savedObjectTypes); }); diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx index 44249d30d345b..5842701ad25a7 100644 --- a/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx +++ b/src/plugins/saved_objects_management/public/management_section/objects_table/saved_objects_table.tsx @@ -688,7 +688,10 @@ export class SavedObjectsTable extends Component ({ + const filtersWithoutTags = allowedTypes.filter((t) => t.name !== 'tag'); + const itemsWithoutTags = savedObjects.filter((t) => t.type !== 'tag'); + + const filterOptions = filtersWithoutTags.map((type) => ({ value: type.displayName, name: type.displayName, view: `${type.displayName} (${savedObjectCounts[type.name] || 0})`, @@ -733,7 +736,7 @@ export class SavedObjectsTable extends Component Date: Thu, 24 Oct 2024 09:10:49 +0100 Subject: [PATCH 11/99] [TableListView] Hint message for chars not allowed in search (#197307) --- .../table_list_view_table/src/actions.ts | 6 +- .../src/components/index.ts | 2 +- .../src/components/table.tsx | 30 +++++++- .../table_list_view_table/src/reducer.tsx | 13 +++- .../src/table_list_view.test.tsx | 73 +++++++++++-------- .../src/table_list_view_table.tsx | 45 +++++++++--- .../table_list_view_table/src/types.ts | 7 ++ .../table_list_view_table/src/use_tags.ts | 8 +- 8 files changed, 131 insertions(+), 53 deletions(-) diff --git a/packages/content-management/table_list_view_table/src/actions.ts b/packages/content-management/table_list_view_table/src/actions.ts index ee2e96aadeb07..17f932f0e7b6d 100644 --- a/packages/content-management/table_list_view_table/src/actions.ts +++ b/packages/content-management/table_list_view_table/src/actions.ts @@ -11,6 +11,7 @@ import type { IHttpFetchError } from '@kbn/core-http-browser'; import type { Query } from '@elastic/eui'; import type { UserContentCommonSchema } from '@kbn/content-management-table-list-view-common'; import type { State } from './table_list_view_table'; +import type { SearchQueryError } from './types'; /** Action to trigger a fetch of the table items */ export interface OnFetchItemsAction { @@ -72,8 +73,9 @@ export interface ShowConfirmDeleteItemsModalAction { export interface OnSearchQueryChangeAction { type: 'onSearchQueryChange'; data: { - query: Query; - text: string; + query?: Query; + text?: string; + error: SearchQueryError | null; }; } diff --git a/packages/content-management/table_list_view_table/src/components/index.ts b/packages/content-management/table_list_view_table/src/components/index.ts index f3024081cd58e..beca60ccd1668 100644 --- a/packages/content-management/table_list_view_table/src/components/index.ts +++ b/packages/content-management/table_list_view_table/src/components/index.ts @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -export { Table } from './table'; +export { Table, FORBIDDEN_SEARCH_CHARS } from './table'; export { UpdatedAtField } from './updated_at_field'; export { ConfirmDeleteModal } from './confirm_delete_modal'; export { ListingLimitWarning } from './listing_limit_warning'; diff --git a/packages/content-management/table_list_view_table/src/components/table.tsx b/packages/content-management/table_list_view_table/src/components/table.tsx index 4a23f22ebf352..66c0eaec4d1f8 100644 --- a/packages/content-management/table_list_view_table/src/components/table.tsx +++ b/packages/content-management/table_list_view_table/src/components/table.tsx @@ -20,6 +20,8 @@ import { Search, type EuiTableSelectionType, useEuiTheme, + EuiCode, + EuiText, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import type { UserContentCommonSchema } from '@kbn/content-management-table-list-view-common'; @@ -58,6 +60,8 @@ type TagManagementProps = Pick< 'addOrRemoveIncludeTagFilter' | 'addOrRemoveExcludeTagFilter' | 'tagsToTableItemMap' >; +export const FORBIDDEN_SEARCH_CHARS = '()[]{}<>+=\\"$#!¿?,;`\'/|&'; + interface Props extends State, TagManagementProps { dispatch: Dispatch>; entityName: string; @@ -219,6 +223,7 @@ export function Table({ }, [tableSortSelectFilter, tagFilterPanel, userFilterPanel]); const search = useMemo((): Search => { + const showHint = !!searchQuery.error && searchQuery.error.containsForbiddenChars; return { onChange: onTableSearchChange, toolsLeft: renderToolsLeft(), @@ -229,8 +234,31 @@ export function Table({ 'data-test-subj': 'tableListSearchBox', }, filters: searchFilters, + hint: { + content: ( + + {FORBIDDEN_SEARCH_CHARS}, + }} + /> + + ), + popoverProps: { + isOpen: showHint, + }, + }, }; - }, [onTableSearchChange, renderCreateButton, renderToolsLeft, searchFilters, searchQuery.query]); + }, [ + onTableSearchChange, + renderCreateButton, + renderToolsLeft, + searchFilters, + searchQuery.query, + searchQuery.error, + ]); const hasQueryOrFilters = Boolean(searchQuery.text || tableFilter.createdBy.length > 0); diff --git a/packages/content-management/table_list_view_table/src/reducer.tsx b/packages/content-management/table_list_view_table/src/reducer.tsx index 931b5225e71db..0ca05b97163a4 100644 --- a/packages/content-management/table_list_view_table/src/reducer.tsx +++ b/packages/content-management/table_list_view_table/src/reducer.tsx @@ -84,14 +84,21 @@ export function getReducer() { }; } case 'onSearchQueryChange': { - if (action.data.text === state.searchQuery.text) { + if ( + action.data.text === state.searchQuery.text && + action.data.error === state.searchQuery.error + ) { return state; } return { ...state, - searchQuery: action.data, - isFetchingItems: true, + searchQuery: { + ...state.searchQuery, + ...action.data, + }, + isFetchingItems: + action.data.error === null && action.data.text !== state.searchQuery.text, }; } case 'onTableChange': { diff --git a/packages/content-management/table_list_view_table/src/table_list_view.test.tsx b/packages/content-management/table_list_view_table/src/table_list_view.test.tsx index a4e06fbb1e4a4..38e05299184e4 100644 --- a/packages/content-management/table_list_view_table/src/table_list_view.test.tsx +++ b/packages/content-management/table_list_view_table/src/table_list_view.test.tsx @@ -1078,25 +1078,29 @@ describe('TableListView', () => { const findItems = jest.fn(); - const setupSearch = (...args: Parameters>) => { - const testBed = registerTestBed( - WithServices(TableListViewTable), - { - defaultProps: { - ...requiredProps, - findItems, - urlStateEnabled: false, - entityName: 'Foo', - entityNamePlural: 'Foos', - }, - memoryRouter: { wrapComponent: true }, - } - )(...args); + const setupSearch = async (...args: Parameters>) => { + let testBed: TestBed; - const { updateSearchText, getSearchBoxValue } = getActions(testBed); + await act(async () => { + testBed = registerTestBed( + WithServices(TableListViewTable), + { + defaultProps: { + ...requiredProps, + findItems, + urlStateEnabled: false, + entityName: 'Foo', + entityNamePlural: 'Foos', + }, + memoryRouter: { wrapComponent: true }, + } + )(...args); + }); + + const { updateSearchText, getSearchBoxValue } = getActions(testBed!); return { - testBed, + testBed: testBed!, updateSearchText, getSearchBoxValue, getLastCallArgsFromFindItems: () => findItems.mock.calls[findItems.mock.calls.length - 1], @@ -1108,15 +1112,8 @@ describe('TableListView', () => { }); test('should search the table items', async () => { - let testBed: TestBed; - let updateSearchText: (value: string) => Promise; - let getLastCallArgsFromFindItems: () => Parameters; - let getSearchBoxValue: () => string; - - await act(async () => { - ({ testBed, getLastCallArgsFromFindItems, getSearchBoxValue, updateSearchText } = - await setupSearch()); - }); + const { testBed, getLastCallArgsFromFindItems, getSearchBoxValue, updateSearchText } = + await setupSearch(); const { component, table } = testBed!; component.update(); @@ -1173,12 +1170,7 @@ describe('TableListView', () => { }); test('should search and render empty list if no result', async () => { - let testBed: TestBed; - let updateSearchText: (value: string) => Promise; - - await act(async () => { - ({ testBed, updateSearchText } = await setupSearch()); - }); + const { testBed, updateSearchText } = await setupSearch(); const { component, table, find } = testBed!; component.update(); @@ -1217,6 +1209,25 @@ describe('TableListView', () => { ] `); }); + + test('should show error hint when inserting invalid chars', async () => { + const { testBed, getLastCallArgsFromFindItems, getSearchBoxValue, updateSearchText } = + await setupSearch(); + + const { component, exists } = testBed; + component.update(); + + expect(exists('forbiddenCharErrorMessage')).toBe(false); + + const expected = '[foo'; + await updateSearchText!(expected); + expect(getSearchBoxValue!()).toBe(expected); + + expect(exists('forbiddenCharErrorMessage')).toBe(true); // hint is shown + + const [searchTerm] = getLastCallArgsFromFindItems!(); + expect(searchTerm).toBe(''); // no search has been made + }); }); describe('url state', () => { diff --git a/packages/content-management/table_list_view_table/src/table_list_view_table.tsx b/packages/content-management/table_list_view_table/src/table_list_view_table.tsx index 0f6df7c81533b..1fe5123d54151 100644 --- a/packages/content-management/table_list_view_table/src/table_list_view_table.tsx +++ b/packages/content-management/table_list_view_table/src/table_list_view_table.tsx @@ -50,6 +50,7 @@ import { ListingLimitWarning, ItemDetails, UpdatedAtField, + FORBIDDEN_SEARCH_CHARS, } from './components'; import { useServices } from './services'; import type { SavedObjectsFindOptionsReference } from './services'; @@ -57,7 +58,7 @@ import { getReducer } from './reducer'; import { type SortColumnField, getInitialSorting, saveSorting } from './components'; import { useTags } from './use_tags'; import { useInRouterContext, useUrlState } from './use_url_state'; -import { RowActions, TableItemsRowActions } from './types'; +import type { RowActions, SearchQueryError, TableItemsRowActions } from './types'; import { sortByRecentlyAccessed } from './components/table_sort_select'; import { ContentEditorActivityRow } from './components/content_editor_activity_row'; @@ -146,6 +147,7 @@ export interface State({ hasCreatedByMetadata: false, hasRecentlyAccessedMetadata: recentlyAccessed ? recentlyAccessed.get().length > 0 : false, selectedIds: [], - searchQuery: { text: '', query: new Query(Ast.create([]), undefined, '') }, + searchQuery: { text: '', query: new Query(Ast.create([]), undefined, ''), error: null }, pagination: { pageIndex: 0, totalItemCount: 0, @@ -492,14 +496,14 @@ function TableListViewTableComp({ }, [searchQueryParser, searchQuery.text, findItems, onFetchSuccess, recentlyAccessed]); const updateQuery = useCallback( - (query: Query) => { - if (urlStateEnabled) { + (query: Query | null, error: SearchQueryError | null) => { + if (urlStateEnabled && query) { setUrlState({ s: query.text }); } dispatch({ type: 'onSearchQueryChange', - data: { query, text: query.text }, + data: query ? { query, text: query.text, error } : { error }, }); }, [urlStateEnabled, setUrlState] @@ -809,14 +813,32 @@ function TableListViewTableComp({ ); const onTableSearchChange = useCallback( - (arg: { query: Query | null; queryText: string }) => { - if (arg.query) { - updateQuery(arg.query); + (arg: { + query: Query | null; + queryText: string; + error?: { message: string; name: string }; + }) => { + const { query, queryText, error: _error } = arg; + + let error: SearchQueryError | null = null; + if (_error) { + const containsForbiddenChars = FORBIDDEN_SEARCH_CHARS_ARRAY.some((char) => + queryText.includes(char) + ); + error = { + ..._error, + queryText, + containsForbiddenChars, + }; + } + + if (query || error) { + updateQuery(query, error); } else { const idx = tableSearchChangeIdx.current + 1; - buildQueryFromText(arg.queryText).then((query) => { + buildQueryFromText(queryText).then((q) => { if (idx === tableSearchChangeIdx.current) { - updateQuery(query); + updateQuery(q, null); } }); } @@ -1036,6 +1058,7 @@ function TableListViewTableComp({ data: { query: updatedQuery, text, + error: null, }, }); }; @@ -1089,7 +1112,7 @@ function TableListViewTableComp({ useEffect(() => { if (initialQuery && !initialQueryInitialized.current) { initialQueryInitialized.current = true; - buildQueryFromText(initialQuery).then(updateQuery); + buildQueryFromText(initialQuery).then((q) => updateQuery(q, null)); } }, [initialQuery, buildQueryFromText, updateQuery]); diff --git a/packages/content-management/table_list_view_table/src/types.ts b/packages/content-management/table_list_view_table/src/types.ts index 0815aea627d38..a2c260454dfea 100644 --- a/packages/content-management/table_list_view_table/src/types.ts +++ b/packages/content-management/table_list_view_table/src/types.ts @@ -27,3 +27,10 @@ export type RowActions = { export interface TableItemsRowActions { [id: string]: RowActions | undefined; } + +export interface SearchQueryError { + message: string; + name: string; + queryText: string; + containsForbiddenChars: boolean; +} diff --git a/packages/content-management/table_list_view_table/src/use_tags.ts b/packages/content-management/table_list_view_table/src/use_tags.ts index 36f6a7ce54421..7e460ba5405fd 100644 --- a/packages/content-management/table_list_view_table/src/use_tags.ts +++ b/packages/content-management/table_list_view_table/src/use_tags.ts @@ -10,7 +10,7 @@ import { useCallback, useMemo } from 'react'; import { Query } from '@elastic/eui'; import type { UserContentCommonSchema } from '@kbn/content-management-table-list-view-common'; -import type { Tag } from './types'; +import type { SearchQueryError, Tag } from './types'; type QueryUpdater = (query: Query, tag: Tag) => Query; @@ -20,7 +20,7 @@ export function useTags({ items, }: { query: Query; - updateQuery: (query: Query) => void; + updateQuery: (query: Query, error: SearchQueryError | null) => void; items: UserContentCommonSchema[]; }) { // Return a map of tag.id to an array of saved object ids having that tag @@ -47,7 +47,7 @@ export function useTags({ (tag: Tag, q: Query = query, doUpdate: boolean = true) => { const updatedQuery = queryUpdater(q, tag); if (doUpdate) { - updateQuery(updatedQuery); + updateQuery(updatedQuery, null); } return updatedQuery; }, @@ -147,7 +147,7 @@ export function useTags({ const clearTagSelection = useCallback(() => { const updatedQuery = query.removeOrFieldClauses('tag'); - updateQuery(updatedQuery); + updateQuery(updatedQuery, null); return updateQuery; }, [query, updateQuery]); From 8de3636e43be7c874b2c3457f1496a0fc31f224d Mon Sep 17 00:00:00 2001 From: Gerard Soldevila Date: Thu, 24 Oct 2024 10:21:43 +0200 Subject: [PATCH 12/99] Update mappings if/when new SO types are introduced (#197061) ## Summary Addresses https://github.com/elastic/elastic-entity-model/issues/70 Fixes regression introduced in https://github.com/elastic/kibana/pull/176803 --- .../src/actions/check_target_mappings.test.ts | 5 +- .../src/actions/check_target_mappings.ts | 17 ++++- .../src/actions/index.ts | 3 +- .../update_source_mappings_properties.test.ts | 27 ++++++- .../src/core/compare_mappings.test.ts | 52 +++++++++----- .../src/core/compare_mappings.ts | 59 +++++++++------ .../src/core/diff_mappings.test.ts | 26 ++++--- .../src/core/diff_mappings.ts | 11 +-- .../src/model/model.test.ts | 12 ++++ .../src/model/model.ts | 6 ++ .../migrations/group1/v2_migration.test.ts | 71 +++++++++++-------- .../group2/multiple_kb_nodes.test.ts | 6 +- .../kibana_migrator_test_kit.fixtures.ts | 10 ++- 13 files changed, 210 insertions(+), 95 deletions(-) diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.test.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.test.ts index ada352154a3ca..cae79279a14ab 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.test.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.test.ts @@ -176,8 +176,9 @@ describe('checkTargetTypesMappings', () => { const result = await task(); expect(result).toEqual( - Either.right({ - type: 'types_match' as const, + Either.left({ + type: 'types_added' as const, + newTypes: ['type3'], }) ); }); diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.ts index 0caee08825373..d3432d524071a 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/check_target_mappings.ts @@ -11,7 +11,7 @@ import * as Either from 'fp-ts/lib/Either'; import * as TaskEither from 'fp-ts/lib/TaskEither'; import type { IndexMapping, VirtualVersionMap } from '@kbn/core-saved-objects-base-server-internal'; -import { getUpdatedTypes } from '../core/compare_mappings'; +import { getNewAndUpdatedTypes } from '../core/compare_mappings'; /** @internal */ export interface CheckTargetTypesMappingsParams { @@ -38,6 +38,12 @@ export interface TypesChanged { updatedTypes: string[]; } +/** @internal */ +export interface TypesAdded { + type: 'types_added'; + newTypes: string[]; +} + export const checkTargetTypesMappings = ({ indexTypes, @@ -46,7 +52,7 @@ export const checkTargetTypesMappings = latestMappingsVersions, hashToVersionMap = {}, }: CheckTargetTypesMappingsParams): TaskEither.TaskEither< - IndexMappingsIncomplete | TypesChanged, + IndexMappingsIncomplete | TypesChanged | TypesAdded, TypesMatch > => async () => { @@ -58,7 +64,7 @@ export const checkTargetTypesMappings = return Either.left({ type: 'index_mappings_incomplete' as const }); } - const updatedTypes = getUpdatedTypes({ + const { newTypes, updatedTypes } = getNewAndUpdatedTypes({ indexTypes, indexMeta: indexMappings?._meta, latestMappingsVersions, @@ -70,6 +76,11 @@ export const checkTargetTypesMappings = type: 'types_changed' as const, updatedTypes, }); + } else if (newTypes.length) { + return Either.left({ + type: 'types_added' as const, + newTypes, + }); } else { return Either.right({ type: 'types_match' as const }); } diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/index.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/index.ts index d489b6e51ae03..94727f88580ac 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/index.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/index.ts @@ -112,7 +112,7 @@ import type { UnknownDocsFound } from './check_for_unknown_docs'; import type { IncompatibleClusterRoutingAllocation } from './check_cluster_routing_allocation'; import type { ClusterShardLimitExceeded } from './create_index'; import type { SynchronizationFailed } from './synchronize_migrators'; -import type { IndexMappingsIncomplete, TypesChanged } from './check_target_mappings'; +import type { IndexMappingsIncomplete, TypesAdded, TypesChanged } from './check_target_mappings'; export type { CheckForUnknownDocsParams, @@ -193,6 +193,7 @@ export interface ActionErrorTypeMap { synchronization_failed: SynchronizationFailed; index_mappings_incomplete: IndexMappingsIncomplete; types_changed: TypesChanged; + types_added: TypesAdded; operation_not_supported: OperationNotSupported; source_equals_target: SourceEqualsTarget; } diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/update_source_mappings_properties.test.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/update_source_mappings_properties.test.ts index d79b7f531167a..80fad365f2c74 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/update_source_mappings_properties.test.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/update_source_mappings_properties.test.ts @@ -47,6 +47,7 @@ describe('updateSourceMappingsProperties', () => { appMappings: { properties: { a: { type: 'keyword' }, + b: { type: 'long' }, c: { type: 'long' }, ...getBaseMappings().properties, }, @@ -68,8 +69,10 @@ describe('updateSourceMappingsProperties', () => { it('should not update mappings when there are no changes', async () => { // we overwrite the app mappings to have the "unchanged" values with respect to the index mappings const sameMappingsParams = chain(params) + // let's not introduce 'c' for now + .set('indexTypes', ['a', 'b']) // even if the app versions are more recent, we emulate a scenario where mappings haven NOT changed - .set('latestMappingsVersions', { a: '10.1.0', b: '10.1.0', c: '10.1.0' }) + .set('latestMappingsVersions', { a: '10.1.0', b: '10.1.0' }) .value(); const result = await updateSourceMappingsProperties(sameMappingsParams)(); @@ -78,6 +81,28 @@ describe('updateSourceMappingsProperties', () => { expect(result).toHaveProperty('right', 'update_mappings_succeeded'); }); + it('should update mappings if there are new types', async () => { + // we overwrite the app mappings to have the "unchanged" values with respect to the index mappings + const sameMappingsParams = chain(params) + // even if the app versions are more recent, we emulate a scenario where mappings haven NOT changed + .set('latestMappingsVersions', { a: '10.1.0', b: '10.1.0', c: '10.1.0' }) + .value(); + const result = await updateSourceMappingsProperties(sameMappingsParams)(); + + expect(client.indices.putMapping).toHaveBeenCalledTimes(1); + expect(client.indices.putMapping).toHaveBeenCalledWith( + expect.objectContaining({ + properties: expect.objectContaining({ + a: { type: 'keyword' }, + b: { type: 'long' }, + c: { type: 'long' }, + }), + }) + ); + expect(Either.isRight(result)).toEqual(true); + expect(result).toHaveProperty('right', 'update_mappings_succeeded'); + }); + it('should return that mappings are updated when changes are compatible', async () => { const result = await updateSourceMappingsProperties(params)(); diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.test.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.test.ts index 4a155944c4149..e756fb65ce71f 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.test.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.test.ts @@ -9,17 +9,20 @@ import type { IndexMappingMeta } from '@kbn/core-saved-objects-base-server-internal'; import { getBaseMappings } from './build_active_mappings'; -import { getUpdatedTypes, getUpdatedRootFields } from './compare_mappings'; +import { getUpdatedRootFields, getNewAndUpdatedTypes } from './compare_mappings'; -describe('getUpdatedTypes', () => { +describe('getNewAndUpdatedTypes', () => { test('returns all types if _meta is missing in indexMappings', () => { const indexTypes = ['foo', 'bar']; const latestMappingsVersions = {}; - expect(getUpdatedTypes({ indexTypes, indexMeta: undefined, latestMappingsVersions })).toEqual([ - 'foo', - 'bar', - ]); + const { newTypes, updatedTypes } = getNewAndUpdatedTypes({ + indexTypes, + indexMeta: undefined, + latestMappingsVersions, + }); + expect(newTypes).toEqual([]); + expect(updatedTypes).toEqual(['foo', 'bar']); }); test('returns all types if migrationMappingPropertyHashes and mappingVersions are missing in indexMappings', () => { @@ -27,14 +30,17 @@ describe('getUpdatedTypes', () => { const indexMeta: IndexMappingMeta = {}; const latestMappingsVersions = {}; - expect(getUpdatedTypes({ indexTypes, indexMeta, latestMappingsVersions })).toEqual([ - 'foo', - 'bar', - ]); + const { newTypes, updatedTypes } = getNewAndUpdatedTypes({ + indexTypes, + indexMeta, + latestMappingsVersions, + }); + expect(newTypes).toEqual([]); + expect(updatedTypes).toEqual(['foo', 'bar']); }); describe('when ONLY migrationMappingPropertyHashes exists in indexMappings', () => { - test('uses the provided hashToVersionMap to compare changes and return only the types that have changed', async () => { + test('uses the provided hashToVersionMap to compare changes and return new types and types that have changed', async () => { const indexTypes = ['type1', 'type2', 'type4']; const indexMeta: IndexMappingMeta = { migrationMappingPropertyHashes: { @@ -56,14 +62,19 @@ describe('getUpdatedTypes', () => { type4: '10.5.0', // new type, no need to pick it up }; - expect( - getUpdatedTypes({ indexTypes, indexMeta, latestMappingsVersions, hashToVersionMap }) - ).toEqual(['type2']); + const { newTypes, updatedTypes } = getNewAndUpdatedTypes({ + indexTypes, + indexMeta, + latestMappingsVersions, + hashToVersionMap, + }); + expect(newTypes).toEqual(['type4']); + expect(updatedTypes).toEqual(['type2']); }); }); describe('when mappingVersions exist in indexMappings', () => { - test('compares the modelVersions and returns only the types that have changed', async () => { + test('compares the modelVersions and returns new types and types that have changed', async () => { const indexTypes = ['type1', 'type2', 'type4']; const indexMeta: IndexMappingMeta = { @@ -90,9 +101,14 @@ describe('getUpdatedTypes', () => { // empty on purpose, not used as mappingVersions is present in indexMappings }; - expect( - getUpdatedTypes({ indexTypes, indexMeta, latestMappingsVersions, hashToVersionMap }) - ).toEqual(['type2']); + const { newTypes, updatedTypes } = getNewAndUpdatedTypes({ + indexTypes, + indexMeta, + latestMappingsVersions, + hashToVersionMap, + }); + expect(newTypes).toEqual(['type4']); + expect(updatedTypes).toEqual(['type2']); }); }); }); diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.ts index b10311cb9f7ed..0e2de5ee51ec6 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/compare_mappings.ts @@ -33,43 +33,56 @@ export const getUpdatedRootFields = (indexMappings: IndexMapping): string[] => { .map(([propertyName]) => propertyName); }; +interface GetUpdatedTypesParams { + indexMeta?: IndexMappingMeta; + indexTypes: string[]; + latestMappingsVersions: VirtualVersionMap; + hashToVersionMap?: Record; +} + /** * Compares the current vs stored mappings' hashes or modelVersions. - * Returns a list with all the types that have been updated. + * Returns 2 lists: one with all the new types and one with the types that have been updated. * @param indexMeta The meta information stored in the SO index * @param knownTypes The list of SO types that belong to the index and are enabled * @param latestMappingsVersions A map holding [type => version] with the latest versions where mappings have changed for each type * @param hashToVersionMap A map holding information about [md5 => modelVersion] equivalence - * @returns the list of types that have been updated (in terms of their mappings) + * @returns the lists of new types and updated types */ -export const getUpdatedTypes = ({ +export const getNewAndUpdatedTypes = ({ indexMeta, indexTypes, latestMappingsVersions, hashToVersionMap = {}, -}: { - indexMeta?: IndexMappingMeta; - indexTypes: string[]; - latestMappingsVersions: VirtualVersionMap; - hashToVersionMap?: Record; -}): string[] => { +}: GetUpdatedTypesParams) => { if (!indexMeta || (!indexMeta.mappingVersions && !indexMeta.migrationMappingPropertyHashes)) { // if we currently do NOT have meta information stored in the index // we consider that all types have been updated - return indexTypes; + return { newTypes: [], updatedTypes: indexTypes }; } // If something exists in stored, but is missing in current // we don't care, as it could be a disabled plugin, etc // and keeping stale stuff around is better than migrating unecessesarily. - return indexTypes.filter((type) => - isTypeUpdated({ + const newTypes: string[] = []; + const updatedTypes: string[] = []; + + indexTypes.forEach((type) => { + const status = checkTypeStatus({ type, mappingVersion: latestMappingsVersions[type], indexMeta, hashToVersionMap, - }) - ); + }); + + if (status === 'new') { + newTypes.push(type); + } else if (status === 'updated') { + updatedTypes.push(type); + } + }); + + return { newTypes, updatedTypes }; }; /** @@ -78,9 +91,9 @@ export const getUpdatedTypes = ({ * @param mappingVersion The most recent model version that includes mappings changes * @param indexMeta The meta information stored in the SO index * @param hashToVersionMap A map holding information about [md5 => modelVersion] equivalence - * @returns true if the mappings for the given type have changed since Kibana was last started + * @returns 'new' | 'updated' | 'unchanged' depending on whether the type has changed */ -function isTypeUpdated({ +function checkTypeStatus({ type, mappingVersion, indexMeta, @@ -90,7 +103,7 @@ function isTypeUpdated({ mappingVersion: string; indexMeta: IndexMappingMeta; hashToVersionMap: Record; -}): boolean { +}): 'new' | 'updated' | 'unchanged' { const latestMappingsVersion = Semver.parse(mappingVersion); if (!latestMappingsVersion) { throw new Error( @@ -104,26 +117,28 @@ function isTypeUpdated({ if (!indexVersion) { // either a new type, and thus there's not need to update + pickup any docs // or an old re-enabled type, which will be updated on OUTDATED_DOCUMENTS_TRANSFORM - return false; + return 'new'; } // if the last version where mappings have changed is more recent than the one stored in the index // it means that the type has been updated - return latestMappingsVersion.compare(indexVersion) === 1; + return latestMappingsVersion.compare(indexVersion) === 1 ? 'updated' : 'unchanged'; } else if (indexMeta.migrationMappingPropertyHashes) { const latestHash = indexMeta.migrationMappingPropertyHashes?.[type]; if (!latestHash) { // either a new type, and thus there's not need to update + pickup any docs // or an old re-enabled type, which will be updated on OUTDATED_DOCUMENTS_TRANSFORM - return false; + return 'new'; } const indexEquivalentVersion = hashToVersionMap[`${type}|${latestHash}`]; - return !indexEquivalentVersion || latestMappingsVersion.compare(indexEquivalentVersion) === 1; + return !indexEquivalentVersion || latestMappingsVersion.compare(indexEquivalentVersion) === 1 + ? 'updated' + : 'unchanged'; } // at this point, the mappings do not contain any meta informataion // we consider the type has been updated, out of caution - return true; + return 'updated'; } diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.test.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.test.ts index c9c4beabe2d7f..5a34dfba6eddc 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.test.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.test.ts @@ -9,12 +9,14 @@ import type { IndexMapping } from '@kbn/core-saved-objects-base-server-internal'; import { getBaseMappings } from './build_active_mappings'; -import { getUpdatedRootFields, getUpdatedTypes } from './compare_mappings'; +import { getUpdatedRootFields, getNewAndUpdatedTypes } from './compare_mappings'; import { diffMappings } from './diff_mappings'; jest.mock('./compare_mappings'); const getUpdatedRootFieldsMock = getUpdatedRootFields as jest.MockedFn; -const getUpdatedTypesMock = getUpdatedTypes as jest.MockedFn; +const getNewAndUpdatedTypesMock = getNewAndUpdatedTypes as jest.MockedFn< + typeof getNewAndUpdatedTypes +>; const dummyMappings: IndexMapping = { _meta: { @@ -56,7 +58,7 @@ const dummyHashToVersionMap = { describe('diffMappings', () => { beforeEach(() => { getUpdatedRootFieldsMock.mockReset(); - getUpdatedTypesMock.mockReset(); + getNewAndUpdatedTypesMock.mockReset(); }); test('is different if dynamic is different', () => { @@ -114,14 +116,17 @@ describe('diffMappings', () => { expect(getUpdatedRootFieldsMock).toHaveBeenCalledTimes(1); expect(getUpdatedRootFieldsMock).toHaveBeenCalledWith(initialMappings); - expect(getUpdatedTypesMock).not.toHaveBeenCalled(); + expect(getNewAndUpdatedTypesMock).not.toHaveBeenCalled(); }); }); - describe('if some types have changed', () => { + describe('if there are new or updated types', () => { test('returns a changed type', () => { getUpdatedRootFieldsMock.mockReturnValueOnce([]); - getUpdatedTypesMock.mockReturnValueOnce(['foo', 'bar']); + getNewAndUpdatedTypesMock.mockReturnValueOnce({ + newTypes: ['baz'], + updatedTypes: ['foo'], + }); expect( diffMappings({ @@ -137,8 +142,8 @@ describe('diffMappings', () => { expect(getUpdatedRootFieldsMock).toHaveBeenCalledTimes(1); expect(getUpdatedRootFieldsMock).toHaveBeenCalledWith(initialMappings); - expect(getUpdatedTypesMock).toHaveBeenCalledTimes(1); - expect(getUpdatedTypesMock).toHaveBeenCalledWith({ + expect(getNewAndUpdatedTypesMock).toHaveBeenCalledTimes(1); + expect(getNewAndUpdatedTypesMock).toHaveBeenCalledWith({ indexTypes: ['foo', 'bar', 'baz'], indexMeta: initialMappings._meta, latestMappingsVersions: { @@ -152,7 +157,10 @@ describe('diffMappings', () => { describe('if no root field or types have changed', () => { test('returns undefined', () => { getUpdatedRootFieldsMock.mockReturnValueOnce([]); - getUpdatedTypesMock.mockReturnValueOnce([]); + getNewAndUpdatedTypesMock.mockReturnValueOnce({ + newTypes: [], + updatedTypes: [], + }); expect( diffMappings({ diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.ts index 1f01848754502..7bc806e4277c0 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/diff_mappings.ts @@ -8,7 +8,7 @@ */ import type { IndexMapping, VirtualVersionMap } from '@kbn/core-saved-objects-base-server-internal'; -import { getUpdatedRootFields, getUpdatedTypes } from './compare_mappings'; +import { getNewAndUpdatedTypes, getUpdatedRootFields } from './compare_mappings'; /** * Diffs the stored vs app mappings. @@ -56,8 +56,9 @@ export function diffMappings({ } /** - * Finds a property that has changed its schema with respect to the mappings stored in the SO index - * It can either be a root field or a SO type + * Finds a property (either a root field or a SO type) that either: + * - is new (did not exist in the current mappings) + * - has changed its schema with respect to the mappings stored in the SO index * @returns the name of the property (if any) */ function findChangedProp({ @@ -76,7 +77,7 @@ function findChangedProp({ return updatedFields[0]; } - const updatedTypes = getUpdatedTypes({ + const { newTypes, updatedTypes } = getNewAndUpdatedTypes({ indexMeta: indexMappings._meta, indexTypes, latestMappingsVersions, @@ -84,6 +85,8 @@ function findChangedProp({ }); if (updatedTypes.length) { return updatedTypes[0]; + } else if (newTypes.length) { + return newTypes[0]; } return undefined; diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.test.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.test.ts index 23e5fba10fe3b..54d8c9a6d0b7c 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.test.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.test.ts @@ -2689,6 +2689,18 @@ describe('migrations v2 model', () => { }); }); + it('CHECK_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS_META if ONLY new SO types have been added', () => { + const res: ResponseType<'CHECK_TARGET_MAPPINGS'> = Either.left({ + type: 'types_added' as const, + updatedFields: [], + newTypes: ['newFeatureType'], + }); + const newState = model(checkTargetTypesMappingsState, res) as UpdateTargetMappingsMeta; + expect(newState.controlState).toEqual('UPDATE_TARGET_MAPPINGS_META'); + expect(newState.retryCount).toEqual(0); + expect(newState.retryDelay).toEqual(0); + }); + it('CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS if types match (there might be additions in core fields)', () => { const res: ResponseType<'CHECK_TARGET_MAPPINGS'> = Either.right({ type: 'types_match' as const, diff --git a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.ts b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.ts index 14b171ac097da..f31f7c886af78 100644 --- a/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.ts +++ b/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/model/model.ts @@ -1522,6 +1522,12 @@ export const model = (currentState: State, resW: ResponseType): }, ], }; + } else if (isTypeof(left, 'types_added')) { + // compatible migration: ONLY new SO types have been introduced, skip directly to UPDATE_TARGET_MAPPINGS_META + return { + ...stateP, + controlState: 'UPDATE_TARGET_MAPPINGS_META', + }; } else { throwBadResponse(stateP, res as never); } diff --git a/src/core/server/integration_tests/saved_objects/migrations/group1/v2_migration.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group1/v2_migration.test.ts index 2236b6adcc62a..06f7877874e83 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/group1/v2_migration.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/group1/v2_migration.test.ts @@ -67,34 +67,48 @@ describe('v2 migration', () => { migrationResults = await upToDateKit.runMigrations(); }); + it('updates the index mappings to account for new SO types', async () => { + const res = await upToDateKit.client.indices.getMapping({ index: defaultKibanaIndex }); + const mappings = res[`${defaultKibanaIndex}_${currentVersion}_001`].mappings; + + expect(mappings._meta?.indexTypesMap[defaultKibanaIndex]).toContain('recent'); + expect(mappings.properties?.recent).toEqual({ + properties: { + name: { + type: 'keyword', + }, + }, + }); + }); + it('skips UPDATE_TARGET_MAPPINGS_PROPERTIES if there are no changes in the mappings', async () => { const logs = await readLog(logFilePath); expect(logs).not.toMatch('CREATE_NEW_TARGET'); + + // defaultKibana index has a new SO type ('recent'), thus we must update the _meta properties expect(logs).toMatch( - `[${defaultKibanaIndex}] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS` + `[${defaultKibanaIndex}] CHECK_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS_META.` ); expect(logs).toMatch( `[${defaultKibanaTaskIndex}] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS` ); + + // no updated types, so no pickup expect(logs).not.toMatch('UPDATE_TARGET_MAPPINGS_PROPERTIES'); - expect(logs).not.toMatch('UPDATE_TARGET_MAPPINGS_PROPERTIES_WAIT_FOR_TASK'); - expect(logs).not.toMatch('UPDATE_TARGET_MAPPINGS_META'); }); it(`returns a 'patched' status for each SO index`, () => { // omit elapsedMs as it varies in each execution - expect(migrationResults.map((result) => omit(result, 'elapsedMs'))).toMatchInlineSnapshot(` - Array [ - Object { - "destIndex": ".kibana_migrator_${currentVersion}_001", - "status": "patched", - }, - Object { - "destIndex": ".kibana_migrator_tasks_${currentVersion}_001", - "status": "patched", - }, - ] - `); + expect(migrationResults.map((result) => omit(result, 'elapsedMs'))).toEqual([ + { + destIndex: `${defaultKibanaIndex}_${currentVersion}_001`, + status: 'patched', + }, + { + destIndex: `${defaultKibanaTaskIndex}_${currentVersion}_001`, + status: 'patched', + }, + ]); }); it('each migrator takes less than 10 seconds', () => { @@ -318,21 +332,18 @@ describe('v2 migration', () => { it('returns a migrated status for each SO index', () => { // omit elapsedMs as it varies in each execution - expect(migrationResults.map((result) => omit(result, 'elapsedMs'))) - .toMatchInlineSnapshot(` - Array [ - Object { - "destIndex": ".kibana_migrator_${nextMinor}_001", - "sourceIndex": ".kibana_migrator_${currentVersion}_001", - "status": "migrated", - }, - Object { - "destIndex": ".kibana_migrator_tasks_${currentVersion}_001", - "sourceIndex": ".kibana_migrator_tasks_${currentVersion}_001", - "status": "migrated", - }, - ] - `); + expect(migrationResults.map((result) => omit(result, 'elapsedMs'))).toEqual([ + { + destIndex: `${defaultKibanaIndex}_${nextMinor}_001`, + sourceIndex: `${defaultKibanaIndex}_${currentVersion}_001`, + status: 'migrated', + }, + { + destIndex: `${defaultKibanaTaskIndex}_${currentVersion}_001`, + sourceIndex: `${defaultKibanaTaskIndex}_${currentVersion}_001`, + status: 'migrated', + }, + ]); }); it('each migrator takes less than 60 seconds', () => { diff --git a/src/core/server/integration_tests/saved_objects/migrations/group2/multiple_kb_nodes.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group2/multiple_kb_nodes.test.ts index 19100fad017d5..2f0e429cadb75 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/group2/multiple_kb_nodes.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/group2/multiple_kb_nodes.test.ts @@ -139,7 +139,7 @@ describe('multiple Kibana nodes performing a reindexing migration', () => { const typesMap = indicesInfo[`${defaultKibanaIndex}_${nextMinor}_001`].mappings?._meta?.indexTypesMap; - expect(typesMap[defaultKibanaIndex]).toEqual(['complex', 'server']); // 'deprecated' no longer present + expect(typesMap[defaultKibanaIndex]).toEqual(['complex', 'recent', 'server']); // 'deprecated' no longer present expect(typesMap[kibanaSplitIndex]).toEqual(['basic', 'task']); } @@ -239,11 +239,11 @@ describe('multiple Kibana nodes performing a reindexing migration', () => { ) ).toEqual([ { - destIndex: `.kibana_migrator_${nextMinor}_001`, + destIndex: `${defaultKibanaIndex}_${nextMinor}_001`, status: 'patched', }, { - destIndex: `.kibana_migrator_split_${nextMinor}_001`, + destIndex: `${kibanaSplitIndex}_${nextMinor}_001`, status: 'patched', }, ]); diff --git a/src/core/server/integration_tests/saved_objects/migrations/kibana_migrator_test_kit.fixtures.ts b/src/core/server/integration_tests/saved_objects/migrations/kibana_migrator_test_kit.fixtures.ts index 36887dd02a146..5b5e6db966ab9 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/kibana_migrator_test_kit.fixtures.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/kibana_migrator_test_kit.fixtures.ts @@ -81,8 +81,14 @@ export const baselineTypes: Array> = [ }, ]; -export const getUpToDateBaselineTypes = (filterDeprecated: boolean) => - baselineTypes.filter((type) => !filterDeprecated || type.name !== 'deprecated'); +export const getUpToDateBaselineTypes = (filterDeprecated: boolean) => [ + ...baselineTypes.filter((type) => !filterDeprecated || type.name !== 'deprecated'), + // we add a new SO type + { + ...defaultType, + name: 'recent', + }, +]; export const getCompatibleBaselineTypes = (filterDeprecated: boolean) => getUpToDateBaselineTypes(filterDeprecated).map((type) => { From c0254a8a554b29e611129d97712327432dc34966 Mon Sep 17 00:00:00 2001 From: Liam Thompson <32779855+leemthompo@users.noreply.github.com> Date: Thu, 24 Oct 2024 10:29:17 +0200 Subject: [PATCH 13/99] [Search][Connectors] Update self-managed instructions, copyedit (#197199) Addresses https://github.com/elastic/search-team/issues/8471 and https://github.com/elastic/search-team/issues/8498 ## Changes in docker_instructions_step.tsx - Simplified and improved Docker setup instructions - Added automatic config.yml file generation with proper escaping - Removed manual config file download step - Added link to example config in elastic/connectors repo - Improved section headings and instructions clarity - Updated text to be more user-friendly and direct ## Changes in deployment.tsx - Updated configuration step description to emphasize automatic generation - Changed "Configure index and API key" to "Generate index and API key" - Improved wording around configuration automation ## Changes in manual_configuration_flyout.tsx - Renamed "CLI" to "Command-line interface" - Added separate "Connectors CLI" text constant - Improved manual configuration description - Enhanced CLI usage instructions with better config.yml references - Made redirect message more direct and clear ## Changes in start_step.tsx - Changed "Set up" to "Setup" - Updated deployment choice text to be more concise - Changed "Self managed" to "Self-managed" - Improved automatic configuration description - Made manual configuration options clearer ## Changes in constants.ts - Simplified Docker run command - Removed verbose comments from Docker command - Updated path handling to use $HOME consistently - Made Docker volume mounting more straightforward ## Changes in run_from_source_step.tsx * Moved all content into an accordion with clearer heading * Improved source code download instructions and button text * Added link to example config file in repository * Enhanced step-by-step instructions with "First", "Next", "Finally" * Improved text clarity and formatting throughout * Added EuiLink component import for the example file link --- .../components/docker_instructions_step.tsx | 122 ++++++++---- .../components/run_from_source_step.tsx | 183 ++++++++++++------ .../connector_detail/deployment.tsx | 4 +- .../manual_configuration_flyout.tsx | 18 +- .../create_connector/start_step.tsx | 9 +- .../search_index/connector/constants.ts | 21 +- .../translations/translations/fr-FR.json | 5 - .../translations/translations/ja-JP.json | 5 - .../translations/translations/zh-CN.json | 5 - 9 files changed, 235 insertions(+), 137 deletions(-) diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/docker_instructions_step.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/docker_instructions_step.tsx index c3415b781c471..46e7998444729 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/docker_instructions_step.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/docker_instructions_step.tsx @@ -7,7 +7,14 @@ import React, { useEffect } from 'react'; -import { EuiAccordion, EuiAccordionProps, EuiCode, EuiSpacer, EuiText } from '@elastic/eui'; +import { + EuiAccordion, + EuiAccordionProps, + EuiSpacer, + EuiText, + EuiLink, + EuiCode, +} from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; @@ -43,6 +50,16 @@ export const DockerInstructionsStep: React.FC = ({ } }, [isWaitingForConnector]); + const configYamlContent = getConnectorTemplate({ + apiKeyData, + connectorData: { id: connectorId, service_type: serviceType }, + host: elasticsearchUrl, + }); + + const escapedConfigYamlContent = configYamlContent.replace(/"/g, '\\"').replace(/\$/g, '\\$'); + + const createConfigCommand = `mkdir -p "$HOME/elastic-connectors" && echo "${escapedConfigYamlContent}" > "$HOME/elastic-connectors/config.yml"`; + return ( <> = ({ forceState={isOpen} buttonContent={ -

+

{i18n.translate( - 'xpack.enterpriseSearch.connectorDeployment.p.downloadConfigurationLabel', + 'xpack.enterpriseSearch.connectorDeployment.dockerInstructionsHeading', { - defaultMessage: - 'You can either download the configuration file manually or run the following command', + defaultMessage: 'Docker instructions', } )} -

+

} > - /connectors' - } - /> + +

+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.dockerInstallationNote', { + defaultMessage: 'Make sure you have Docker installed on your machine.', + })} +

+ + + +
+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.createConfigFileLabel', { + defaultMessage: 'Create configuration file', + })} +
+

+ {i18n.translate( + 'xpack.enterpriseSearch.connectorDeployment.p.createConfigFileInstructions', + { + defaultMessage: + 'You need a configuration file with your Elasticsearch and connector details. In your terminal, run the following command to create the config.yml file:', + } + )} +

+ + +

config.yml, + directory: $HOME/elastic-connectors, + }} + /> +

+

+ --output, + exampleConfigLink: ( + + {i18n.translate( + 'xpack.enterpriseSearch.connectorDeployment.exampleConfigLinkText', + { + defaultMessage: 'example config file', + } + )} + + ), }} />

- config.yml, - }} - /> - - - - + +
+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.runContainerLabel', { + defaultMessage: 'Run container', + })} +

{i18n.translate( 'xpack.enterpriseSearch.connectorDeployment.p.runTheFollowingCommandLabel', { - defaultMessage: - 'Run the following command in your terminal. Make sure you have Docker installed on your machine', + defaultMessage: 'Run the following command to start the container:', } )}

diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/run_from_source_step.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/run_from_source_step.tsx index 07df59597fa75..1c2775dafd54a 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/run_from_source_step.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/components/run_from_source_step.tsx @@ -19,6 +19,7 @@ import { EuiIcon, EuiSpacer, EuiText, + EuiLink, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; @@ -54,65 +55,102 @@ export const RunFromSourceStep: React.FC = ({ return ( <> - -

- {i18n.translate( - 'xpack.enterpriseSearch.connectorDeployment.p.addTheFollowingConfigurationLabel', - { - defaultMessage: 'Clone or download the repo to your local machine', - } - )} -

- - - git clone https://github.com/elastic/connectors    - {i18n.translate('xpack.enterpriseSearch.connectorDeployment.orLabel', { - defaultMessage: 'or', - })} -     - - - - {i18n.translate('xpack.enterpriseSearch.connectorDeployment.goToSourceButtonLabel', { - defaultMessage: 'Go to Source', - })} - - - - - - - setIsOpen(isOpen === 'closed' ? 'open' : 'closed')} forceState={isOpen} buttonContent={ - -

- - {i18n.translate( - 'xpack.enterpriseSearch.connectorDeployment.configYamlCodeBlockLabel', - { defaultMessage: 'config.yml' } - )} - - ), - }} - /> -

+ +
+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.runFromSourceTitle', { + defaultMessage: 'Run connector service from source', + })} +
} > + + +
+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.cloneRepositoryLabel', { + defaultMessage: 'Clone the repository', + })} +
+

+ {i18n.translate( + 'xpack.enterpriseSearch.connectorDeployment.p.addTheFollowingConfigurationLabel', + { + defaultMessage: 'First, you need to clone or download the repo:', + } + )} +

+ + + git clone https://github.com/elastic/connectors    + {i18n.translate('xpack.enterpriseSearch.connectorDeployment.orLabel', { + defaultMessage: 'or', + })} +     + + + + {i18n.translate('xpack.enterpriseSearch.connectorDeployment.goToSourceButtonLabel', { + defaultMessage: 'Download source', + })} + + + + + + + +
+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.createConfigFileLabel', { + defaultMessage: 'Create configuration file', + })} +
+

+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.navigateToRootLabel', { + defaultMessage: + 'Navigate to the root of your cloned repository and create a configuration file:', + })} +

+ + + + + +
+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.populateConfigLabel', { + defaultMessage: 'Populate configuration file', + })} +
+

+ + {i18n.translate( + 'xpack.enterpriseSearch.connectorDeployment.configYamlCodeBlockLabel', + { defaultMessage: 'config.yml' } + )} + + ), + }} + /> +

+ = ({ host: elasticsearchUrl, })} /> - +

- {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.compileAndRunLabel', { - defaultMessage: 'Compile and run', + + {i18n.translate( + 'xpack.enterpriseSearch.connectorDeployment.exampleConfigFileLinkLabel', + { defaultMessage: 'example file' } + )} + + ), + }} + /> +

+ + + +
+ {i18n.translate('xpack.enterpriseSearch.connectorDeployment.p.compileAndRunTitle', { + defaultMessage: 'Run the connector service', })} +
+

+ {i18n.translate( + 'xpack.enterpriseSearch.connectorDeployment.p.compileAndRunInstructions', + { + defaultMessage: 'Finally, compile and run the connector service source code:', + } + )}

- + = ({ make run `} /> + ); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/deployment.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/deployment.tsx index e3bd0e867af3d..2a617a87df8bc 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/deployment.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/deployment.tsx @@ -134,7 +134,7 @@ export const ConnectorDeployment: React.FC = () => { @@ -176,7 +176,7 @@ export const ConnectorDeployment: React.FC = () => { title: i18n.translate( 'xpack.enterpriseSearch.content.connector_detail.configurationConnector.steps.generateApiKey.title', { - defaultMessage: 'Configure index and API key', + defaultMessage: 'Create index and generate API key', } ), titleSize: 'xs', diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/components/manual_configuration_flyout.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/components/manual_configuration_flyout.tsx index 6fc80ec3a81f1..98bea7ed62f70 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/components/manual_configuration_flyout.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/components/manual_configuration_flyout.tsx @@ -41,7 +41,14 @@ import { SelfManagePreference } from '../create_connector'; const CLI_LABEL = i18n.translate( 'xpack.enterpriseSearch.createConnector.manualConfiguration.cliLabel', { - defaultMessage: 'CLI', + defaultMessage: 'Command-line interface', + } +); + +const CLI_LINK_TEXT = i18n.translate( + 'xpack.enterpriseSearch.createConnector.manualConfiguration.cliLinkText', + { + defaultMessage: 'Connectors CLI', } ); @@ -87,7 +94,7 @@ export const ManualConfigurationFlyout: React.FC

@@ -142,7 +149,7 @@ export const ManualConfigurationFlyout: React.FC 'xpack.enterpriseSearch.createConnector.manualConfiguration.p.connectorNameDescription', { defaultMessage: - 'You will be redirected to the connector page to configure the rest of your connector', + "You'll be redirected to the connector page to complete your configuration.", } )}

@@ -199,7 +206,7 @@ export const ManualConfigurationFlyout: React.FC

target="_blank" external > - {CLI_LABEL} + {CLI_LINK_TEXT} ), myIndex: my-index, + configFile: config.yml, }} />

diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/start_step.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/start_step.tsx index 633ea8f58d25c..b66a5653351bd 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/start_step.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/create_connector/start_step.tsx @@ -142,7 +142,7 @@ export const StartStep: React.FC = ({

{i18n.translate('xpack.enterpriseSearch.createConnector.startStep.h4.setUpLabel', { - defaultMessage: 'Set up', + defaultMessage: 'Setup', })}

@@ -152,8 +152,7 @@ export const StartStep: React.FC = ({ {i18n.translate( 'xpack.enterpriseSearch.createConnector.startStep.p.whereDoYouWantLabel', { - defaultMessage: - 'Where do you want to store the connector and how do you want to manage it?', + defaultMessage: 'Choose how to deploy and manage your connector:', } )}

@@ -185,7 +184,7 @@ export const StartStep: React.FC = ({ id={selfManagedRadioButtonId} label={i18n.translate( 'xpack.enterpriseSearch.createConnector.startStep.euiRadio.selfManagedLabel', - { defaultMessage: 'Self managed' } + { defaultMessage: 'Self-managed' } )} checked={selfManagePreference === 'selfManaged'} onChange={() => onSelfManagePreferenceChange('selfManaged')} @@ -223,7 +222,7 @@ export const StartStep: React.FC = ({ 'xpack.enterpriseSearch.createConnector.startStep.p.youWillStartTheLabel', { defaultMessage: - 'You will start the process of creating a new index, API key, and a Web Crawler Connector ID manually. Optionally you can bring your own configuration as well.', + "We'll automatically configure your index, API key, and connector ID. Alternatively, create these manually and use a custom configuration.", } )}

diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts index 3962bbb888d6e..65120d78cec84 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts @@ -35,17 +35,10 @@ export const getConnectorTemplate = ({ api_key: "${apiKeyData?.encoded || ''}" `; -export const getRunFromDockerSnippet = ({ version }: { version: string }) => dedent` -docker run \\ - - -v "/connectors-config:/config" \ # NOTE: change absolute path to match where config.yml is located on your machine - --tty \\ - - --rm \\ - - docker.elastic.co/enterprise-search/elastic-connectors:${version} \\ - - /app/bin/elastic-ingest \\ - - -c /config/config.yml # Path to your configuration file in the container -`; +export const getRunFromDockerSnippet = ({ version }: { version: string }) => `docker run \\ +-v "$HOME/elastic-connectors:/config" \\ +--tty \\ +--rm \\ +docker.elastic.co/enterprise-search/elastic-connectors:${version} \\ +/app/bin/elastic-ingest \\ +-c /config/config.yml`; diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 53b00de0f80fb..66e89113c6323 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -16293,11 +16293,6 @@ "xpack.enterpriseSearch.connectorDeployment.indexCreatedFlexItemLabel": "Index créé", "xpack.enterpriseSearch.connectorDeployment.orLabel": "ou", "xpack.enterpriseSearch.connectorDeployment.p.addTheFollowingConfigurationLabel": "Cloner ou télécharger le référentiel sur votre machine locale", - "xpack.enterpriseSearch.connectorDeployment.p.changeOutputPathLabel": "Modifiez la valeur d'argument {output} pour le chemin auquel vous voulez enregistrer le fichier de configuration.", - "xpack.enterpriseSearch.connectorDeployment.p.compileAndRunLabel": "Compiler et exécuter", - "xpack.enterpriseSearch.connectorDeployment.p.downloadConfigurationLabel": "Vous pouvez soit télécharger le fichier de configuration manuellement, soit exécuter la commande suivante", - "xpack.enterpriseSearch.connectorDeployment.p.editConfigLabel": "Modifiez le fichier {configYaml} et fournissez la configuration suivante", - "xpack.enterpriseSearch.connectorDeployment.p.editConfigYamlLabel": "Modifiez le fichier {configYaml} et fournissez les informations de connexion suivantes", "xpack.enterpriseSearch.connectorDeployment.p.runTheFollowingCommandLabel": "Exécutez la commande suivante dans votre terminal. Assurez-vous que Docker est installé sur votre machine", "xpack.enterpriseSearch.connectorDescriptionBadge.client.chooseADataSourceLabel": "Choisissez une source de données à synchroniser", "xpack.enterpriseSearch.connectorDescriptionBadge.client.configureConnectorLabel": "Déployez le code du connecteur sur votre propre infrastructure en l'exécutant depuis la source ou à l'aide de Docker", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 0df3342d4e5ea..9911ab62dc00b 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -16039,11 +16039,6 @@ "xpack.enterpriseSearch.connectorDeployment.indexCreatedFlexItemLabel": "インデックスが作成されました", "xpack.enterpriseSearch.connectorDeployment.orLabel": "または", "xpack.enterpriseSearch.connectorDeployment.p.addTheFollowingConfigurationLabel": "リポジトリを複製するか、ローカルコンピューターにダウンロード", - "xpack.enterpriseSearch.connectorDeployment.p.changeOutputPathLabel": "{output}引数値を、構成ファイルを保存するパスに変更します。", - "xpack.enterpriseSearch.connectorDeployment.p.compileAndRunLabel": "コンパイルして実行", - "xpack.enterpriseSearch.connectorDeployment.p.downloadConfigurationLabel": "手動で構成ファイルをダウンロードするか、次のコマンドを実行できます", - "xpack.enterpriseSearch.connectorDeployment.p.editConfigLabel": "{configYaml}ファイルを編集し、次の構成を入力", - "xpack.enterpriseSearch.connectorDeployment.p.editConfigYamlLabel": "{configYaml}ファイルを編集し、次の資格情報を入力", "xpack.enterpriseSearch.connectorDeployment.p.runTheFollowingCommandLabel": "ターミナルで次のコマンドを実行します。コンピューターにDockerがインストールされていることを確認します", "xpack.enterpriseSearch.connectorDescriptionBadge.client.chooseADataSourceLabel": "同期したいデータソースを選択します。", "xpack.enterpriseSearch.connectorDescriptionBadge.client.configureConnectorLabel": "ソースから実行するか、Dockerを使用して、独自のインフラにコネクターコードをデプロイします。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 2d6389bacad4f..c4f165450b5ac 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -16068,11 +16068,6 @@ "xpack.enterpriseSearch.connectorDeployment.indexCreatedFlexItemLabel": "索引已创建", "xpack.enterpriseSearch.connectorDeployment.orLabel": "或", "xpack.enterpriseSearch.connectorDeployment.p.addTheFollowingConfigurationLabel": "克隆此存储库或将其下载到本地计算机", - "xpack.enterpriseSearch.connectorDeployment.p.changeOutputPathLabel": "将 {output} 参数值更改为要在其中保存配置文件的路径。", - "xpack.enterpriseSearch.connectorDeployment.p.compileAndRunLabel": "编译并运行", - "xpack.enterpriseSearch.connectorDeployment.p.downloadConfigurationLabel": "您可以手动下载配置文件,也可以运行以下命令", - "xpack.enterpriseSearch.connectorDeployment.p.editConfigLabel": "编辑 {configYaml} 文件并提供以下配置", - "xpack.enterpriseSearch.connectorDeployment.p.editConfigYamlLabel": "编辑 {configYaml} 文件并提供后续凭据", "xpack.enterpriseSearch.connectorDeployment.p.runTheFollowingCommandLabel": "在终端中运行以下命令。确保已在计算机上安装 Docker", "xpack.enterpriseSearch.connectorDescriptionBadge.client.chooseADataSourceLabel": "选择要同步的数据源", "xpack.enterpriseSearch.connectorDescriptionBadge.client.configureConnectorLabel": "通过从源运行或使用 Docker 在您自己的基础设施上部署连接器代码", From b61a627ef3a04617b2834e6c445666318a98d848 Mon Sep 17 00:00:00 2001 From: Shahzad Date: Thu, 24 Oct 2024 11:10:51 +0200 Subject: [PATCH 14/99] [Synthetics] Fixes broken e2e tests !! (#197567) ## Summary Fixes broken e2e tests !! Rules API behavior somehow has changed , i still not sure what changed but now it will rely on UI !! --- .../custom_status_alert.journey.ts | 21 +++---------------- .../journeys/services/synthetics_services.ts | 8 ------- .../page_objects/synthetics_app.tsx | 5 +++++ 3 files changed, 8 insertions(+), 26 deletions(-) diff --git a/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/alert_rules/custom_status_alert.journey.ts b/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/alert_rules/custom_status_alert.journey.ts index 58f59995faabc..3d45e0698f616 100644 --- a/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/alert_rules/custom_status_alert.journey.ts +++ b/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/alert_rules/custom_status_alert.journey.ts @@ -5,8 +5,7 @@ * 2.0. */ -import { journey, step, before, after, expect } from '@elastic/synthetics'; -import { RetryService } from '@kbn/ftr-common-functional-services'; +import { journey, step, before, after } from '@elastic/synthetics'; import { syntheticsAppPageProvider } from '../../page_objects/synthetics_app'; import { SyntheticsServices } from '../services/synthetics_services'; @@ -14,8 +13,6 @@ journey(`CustomStatusAlert`, async ({ page, params }) => { const syntheticsApp = syntheticsAppPageProvider({ page, kibanaUrl: params.kibanaUrl, params }); const services = new SyntheticsServices(params); - const getService = params.getService; - const retry: RetryService = getService('retry'); const firstCheckTime = new Date(Date.now()).toISOString(); @@ -61,19 +58,7 @@ journey(`CustomStatusAlert`, async ({ page, params }) => { }); step('verify rule creation', async () => { - await retry.try(async () => { - const rules = await services.getRules(); - expect(rules.length).toBe(3); - expect(rules[2].params).toStrictEqual({ - condition: { - downThreshold: 3, - locationsThreshold: 1, - groupBy: 'locationId', - window: { - numberOfChecks: 5, - }, - }, - }); - }); + await syntheticsApp.goToRulesPage(); + await page.waitForSelector(`text='Synthetics status rule'`); }); }); diff --git a/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/services/synthetics_services.ts b/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/services/synthetics_services.ts index 23c5ef45d1383..5c356492f1c24 100644 --- a/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/services/synthetics_services.ts +++ b/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/journeys/services/synthetics_services.ts @@ -221,14 +221,6 @@ export class SyntheticsServices { } } - async getRules() { - const response = await axios.get(this.kibanaUrl + '/internal/alerting/rules/_find', { - auth: { username: 'elastic', password: 'changeme' }, - headers: { 'kbn-xsrf': 'true' }, - }); - return response.data.data; - } - async setupTestConnector() { const indexConnector = { name: 'test index', diff --git a/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/page_objects/synthetics_app.tsx b/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/page_objects/synthetics_app.tsx index f6d5ce45b96c3..931694da554ca 100644 --- a/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/page_objects/synthetics_app.tsx +++ b/x-pack/plugins/observability_solution/synthetics/e2e/synthetics/page_objects/synthetics_app.tsx @@ -393,5 +393,10 @@ export function syntheticsAppPageProvider({ const isDisabled = await addMonitorBtn.isDisabled(); return !isDisabled; }, + + async goToRulesPage() { + const rulesPage = '/app/observability/alerts/rules'; + await page.goto(basePath + rulesPage); + }, }; } From 3da02c534b3cd3a02bed023c14486c09c8c844a5 Mon Sep 17 00:00:00 2001 From: "Joey F. Poon" Date: Thu, 24 Oct 2024 18:37:34 +0900 Subject: [PATCH 15/99] [Security Solution] always validate usage-api cert (#196741) ## Summary * enables usage-api cert validation for all requests within Kibana serverless security * removes hardcoded usage-api url, must be passed in configs now * adds user-agent to usage-api requests * fixes a potential issue with usage-api requests retrying too quickly Fixes: https://github.com/elastic/kibana/security/code-scanning/460 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) --- .../cypress/e2e/serverless/metering.cy.ts | 2 +- .../services/usage_reporting_service.test.ts | 69 ++++++++----------- .../services/usage_reporting_service.ts | 21 +++--- .../server/constants.ts | 4 -- .../server/plugin.ts | 7 +- .../task_manager/usage_reporting_task.ts | 1 - 6 files changed, 47 insertions(+), 57 deletions(-) diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts index baa2b37aa0976..ad56520d208f1 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts @@ -25,7 +25,7 @@ describe( ftrConfig: { kbnServerArgs: [ `--xpack.securitySolutionServerless.usageReportingTaskInterval=1m`, - `--xpack.securitySolutionServerless.usageApi.url=https://localhost:3623`, + `--xpack.securitySolutionServerless.usageApi.url=http://localhost:3623`, ], }, }, diff --git a/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.test.ts b/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.test.ts index e43df68cc200b..e1fec63213dfb 100644 --- a/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.test.ts +++ b/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.test.ts @@ -14,8 +14,8 @@ import { KBN_CERT_PATH, KBN_KEY_PATH, CA_CERT_PATH } from '@kbn/dev-utils'; import type { UsageApiConfigSchema } from '../../config'; import type { UsageRecord } from '../../types'; +import { USAGE_REPORTING_ENDPOINT } from '../../constants'; import { UsageReportingService } from './usage_reporting_service'; -import { USAGE_REPORTING_ENDPOINT, USAGE_SERVICE_USAGE_URL } from '../../constants'; jest.mock('node-fetch'); const { Response } = jest.requireActual('node-fetch'); @@ -24,6 +24,8 @@ describe('UsageReportingService', () => { let usageApiConfig: UsageApiConfigSchema; let service: UsageReportingService; + const kibanaVersion = '8.16.0'; + function generateUsageApiConfig(overrides?: Partial): UsageApiConfigSchema { const DEFAULT_USAGE_API_CONFIG = { enabled: false }; usageApiConfig = merge(DEFAULT_USAGE_API_CONFIG, overrides); @@ -34,7 +36,7 @@ describe('UsageReportingService', () => { function setupService( usageApi: UsageApiConfigSchema = generateUsageApiConfig() ): UsageReportingService { - service = new UsageReportingService(usageApi); + service = new UsageReportingService(usageApi, kibanaVersion); return service; } @@ -59,61 +61,42 @@ describe('UsageReportingService', () => { setupService(); }); - it('should still work if usageApi.url is not provided', async () => { + it('should not set agent if the URL is not https', async () => { + const url = 'http://usage-api.example'; + setupService(generateUsageApiConfig({ url })); const usageRecord = generateUsageRecord(); const records: UsageRecord[] = [usageRecord]; const mockResponse = new Response(null, { status: 200 }); - (fetch as jest.MockedFunction).mockResolvedValueOnce(mockResponse); + (fetch as jest.MockedFunction).mockResolvedValue(mockResponse); const response = await service.reportUsage(records); expect(fetch).toHaveBeenCalledTimes(1); - expect(fetch).toHaveBeenCalledWith(USAGE_SERVICE_USAGE_URL, { + expect(fetch).toHaveBeenCalledWith(`${url}${USAGE_REPORTING_ENDPOINT}`, { method: 'post', body: JSON.stringify(records), - headers: { 'Content-Type': 'application/json' }, - agent: expect.any(https.Agent), + headers: { + 'Content-Type': 'application/json', + 'User-Agent': `Kibana/${kibanaVersion} node-fetch`, + }, }); expect(response).toBe(mockResponse); }); - it('should use an agent with rejectUnauthorized false if config.enabled is false', async () => { + it('should throw if url not provided', async () => { const usageRecord = generateUsageRecord(); const records: UsageRecord[] = [usageRecord]; - const mockResponse = new Response(null, { status: 200 }); - (fetch as jest.MockedFunction).mockResolvedValueOnce(mockResponse); - - const response = await service.reportUsage(records); - - expect(fetch).toHaveBeenCalledTimes(1); - expect(fetch).toHaveBeenCalledWith(USAGE_SERVICE_USAGE_URL, { - method: 'post', - body: JSON.stringify(records), - headers: { 'Content-Type': 'application/json' }, - agent: expect.objectContaining({ - options: expect.objectContaining({ rejectUnauthorized: false }), - }), - }); - expect(response).toBe(mockResponse); + await expect(service.reportUsage(records)).rejects.toThrowError('usage-api url not provided'); }); - it('should not set agent if the URL is not https', async () => { - const url = 'http://usage-api.example'; + it('should throw if TLS configs not provided', async () => { + const url = 'https://some-url'; setupService(generateUsageApiConfig({ url })); const usageRecord = generateUsageRecord(); const records: UsageRecord[] = [usageRecord]; - const mockResponse = new Response(null, { status: 200 }); - (fetch as jest.MockedFunction).mockResolvedValue(mockResponse); - - const response = await service.reportUsage(records); - - expect(fetch).toHaveBeenCalledTimes(1); - expect(fetch).toHaveBeenCalledWith(`${url}${USAGE_REPORTING_ENDPOINT}`, { - method: 'post', - body: JSON.stringify(records), - headers: { 'Content-Type': 'application/json' }, - }); - expect(response).toBe(mockResponse); + await expect(service.reportUsage(records)).rejects.toThrowError( + 'usage-api TLS configs not provided' + ); }); }); @@ -132,7 +115,7 @@ describe('UsageReportingService', () => { setupService(generateUsageApiConfig(DEFAULT_CONFIG)); }); - it('should use usageApi.url if provided', async () => { + it('should correctly use usageApi.url', async () => { const usageRecord = generateUsageRecord(); const records: UsageRecord[] = [usageRecord]; const mockResponse = new Response(null, { status: 200 }); @@ -145,7 +128,10 @@ describe('UsageReportingService', () => { expect(fetch).toHaveBeenCalledWith(url, { method: 'post', body: JSON.stringify(records), - headers: { 'Content-Type': 'application/json' }, + headers: { + 'Content-Type': 'application/json', + 'User-Agent': `Kibana/${kibanaVersion} node-fetch`, + }, agent: expect.any(https.Agent), }); expect(response).toBe(mockResponse); @@ -164,7 +150,10 @@ describe('UsageReportingService', () => { expect(fetch).toHaveBeenCalledWith(url, { method: 'post', body: JSON.stringify(records), - headers: { 'Content-Type': 'application/json' }, + headers: { + 'Content-Type': 'application/json', + 'User-Agent': `Kibana/${kibanaVersion} node-fetch`, + }, agent: expect.objectContaining({ options: expect.objectContaining({ cert: expect.any(String), diff --git a/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts b/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts index ee402872ef33a..e7cabdf3e6f27 100644 --- a/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts +++ b/x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts @@ -15,18 +15,24 @@ import { SslConfig, sslSchema } from '@kbn/server-http-tools'; import type { UsageRecord } from '../../types'; import type { UsageApiConfigSchema, TlsConfigSchema } from '../../config'; -import { USAGE_REPORTING_ENDPOINT, USAGE_SERVICE_USAGE_URL } from '../../constants'; +import { USAGE_REPORTING_ENDPOINT } from '../../constants'; export class UsageReportingService { private agent: https.Agent | undefined; - constructor(private readonly config: UsageApiConfigSchema) {} + constructor( + private readonly config: UsageApiConfigSchema, + private readonly kibanaVersion: string + ) {} public async reportUsage(records: UsageRecord[]): Promise { const reqArgs: RequestInit = { method: 'post', body: JSON.stringify(records), - headers: { 'Content-Type': 'application/json' }, + headers: { + 'Content-Type': 'application/json', + 'User-Agent': `Kibana/${this.kibanaVersion} node-fetch`, + }, }; if (this.usageApiUrl.includes('https')) { reqArgs.agent = this.httpAgent; @@ -36,7 +42,7 @@ export class UsageReportingService { private get tlsConfigs(): NonNullable { if (!this.config.tls) { - throw new Error('UsageReportingService: usageApi.tls configs not provided'); + throw new Error('usage-api TLS configs not provided'); } return this.config.tls; @@ -44,7 +50,7 @@ export class UsageReportingService { private get usageApiUrl(): string { if (!this.config.url) { - return USAGE_SERVICE_USAGE_URL; + throw new Error('usage-api url not provided'); } return `${this.config.url}${USAGE_REPORTING_ENDPOINT}`; @@ -55,11 +61,6 @@ export class UsageReportingService { return this.agent; } - if (!this.config.enabled) { - this.agent = new https.Agent({ rejectUnauthorized: false }); - return this.agent; - } - const tlsConfig = new SslConfig( sslSchema.validate({ enabled: true, diff --git a/x-pack/plugins/security_solution_serverless/server/constants.ts b/x-pack/plugins/security_solution_serverless/server/constants.ts index 411a7209682de..7a5e20c76273b 100644 --- a/x-pack/plugins/security_solution_serverless/server/constants.ts +++ b/x-pack/plugins/security_solution_serverless/server/constants.ts @@ -5,9 +5,5 @@ * 2.0. */ -const namespace = 'elastic-system'; -const USAGE_SERVICE_BASE_API_URL = `https://usage-api.${namespace}/api`; -const USAGE_SERVICE_BASE_API_URL_V1 = `${USAGE_SERVICE_BASE_API_URL}/v1`; -export const USAGE_SERVICE_USAGE_URL = `${USAGE_SERVICE_BASE_API_URL_V1}/usage`; export const USAGE_REPORTING_ENDPOINT = '/api/v1/usage'; export const METERING_SERVICE_BATCH_SIZE = 1000; diff --git a/x-pack/plugins/security_solution_serverless/server/plugin.ts b/x-pack/plugins/security_solution_serverless/server/plugin.ts index c249e48ca13a0..3e58f0fd9f790 100644 --- a/x-pack/plugins/security_solution_serverless/server/plugin.ts +++ b/x-pack/plugins/security_solution_serverless/server/plugin.ts @@ -45,6 +45,7 @@ export class SecuritySolutionServerlessPlugin SecuritySolutionServerlessPluginStartDeps > { + private kibanaVersion: string; private config: ServerlessSecurityConfig; private cloudSecurityUsageReportingTask: SecurityUsageReportingTask | undefined; private endpointUsageReportingTask: SecurityUsageReportingTask | undefined; @@ -53,10 +54,14 @@ export class SecuritySolutionServerlessPlugin private readonly usageReportingService: UsageReportingService; constructor(private readonly initializerContext: PluginInitializerContext) { + this.kibanaVersion = initializerContext.env.packageInfo.version; this.config = this.initializerContext.config.get(); this.logger = this.initializerContext.logger.get(); - this.usageReportingService = new UsageReportingService(this.config.usageApi); + this.usageReportingService = new UsageReportingService( + this.config.usageApi, + this.kibanaVersion + ); const productTypesStr = JSON.stringify(this.config.productTypes, null, 2); this.logger.info(`Security Solution running with product types:\n${productTypesStr}`); diff --git a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts index 6eb682a84d474..d2cf2de4a9a04 100644 --- a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts +++ b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts @@ -188,7 +188,6 @@ export class SecurityUsageReportingTask { usageRecords.length }) usage records starting from ${lastSuccessfulReport.toISOString()}: ${err} ` ); - shouldRunAgain = true; } } From d7109d67810cedfce1ad2bf9e8fd826b20aee06b Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Thu, 24 Oct 2024 11:56:08 +0200 Subject: [PATCH 16/99] [SecuritySolution][SIEM Migrations] Rule migrations storage (#197032) ## Summary issue: https://github.com/elastic/security-team/issues/10654?reload=1 Implements the persistence layer for the rule migrations from other vendors, as part of the SIEM Rule migrations effort. ### Changes - Schemas created for `SiemRuleMigration` document entity, along with `ElasticRule` and `OriginalRule`. - New API `/internal/siem_migrations/rules` was created: - `POST` -> Receives an array of (original) rules and stores them with `status: pending` to be processed. Responds with the `migration_id` that will be used to start the migration background task (implementation details here: https://github.com/elastic/security-team/issues/10850). - `GET` -> (to be implemented later) - New `SiemMigrationsService` added to the `securitySolution` route context, to encapsulate all operations related to SIEM migrations (We start with _rule_ migrations, but there are more "kinds" of SIEM migrations in the pipeline: _dashboards_, _saved queries_...). It contains: - `SiemRuleMigrationsService` to encapsulate all operations related to SIEM rule migrations. - `RuleMigrationsDataStream` class to manage the `.kibana.siem-rule-migrations-` data stream operations using `DataStreamSpacesAdapter`. - It exposes a client with abstracted operations that are exposed to the API routes: - `create`: indexes an array of _SiemRuleMigration_ documents to the data stream - `search`: searches _SiemRuleMigration_ documents by specific terms. > [!NOTE] > Without `siemMigrationsEnabled` experimental flag the new API route won't be registered, and the `SiemRuleMigrationsService` _setup_ won't be called, so no index/component template will be installed to ES. ### Testing locally Enable the flag ``` xpack.securitySolution.enableExperimental: ['siemMigrationsEnabled'] ```
Example curl request ``` curl --location 'http://elastic:changeme@localhost:5601/internal/siem_migrations/rules' \ --header 'kbn-xsrf;' \ --header 'x-elastic-internal-origin: security-solution' \ --header 'elastic-api-version: 1' \ --header 'Content-Type: application/json' \ --data '[ { "id": "f8c325ea-506e-4105-8ccf-da1492e90115", "vendor": "splunk", "title": "Linux Auditd Add User Account Type", "description": "The following analytic detects the suspicious add user account type. This behavior is critical for a SOC to monitor because it may indicate attempts to gain unauthorized access or maintain control over a system. Such actions could be signs of malicious activity. If confirmed, this could lead to serious consequences, including a compromised system, unauthorized access to sensitive data, or even a wider breach affecting the entire network. Detecting and responding to these signs early is essential to prevent potential security incidents.", "query": "sourcetype=\"linux:audit\" type=ADD_USER \n| rename hostname as dest \n| stats count min(_time) as firstTime max(_time) as lastTime by exe pid dest res UID type \n| `security_content_ctime(firstTime)` \n| `security_content_ctime(lastTime)`\n| search *", "query_language":"spl", "mitre_attack_ids": [ "T1136" ] }, { "id": "7b87c556-0ca4-47e0-b84c-6cd62a0a3e90", "vendor": "splunk", "title": "Linux Auditd Change File Owner To Root", "description": "The following analytic detects the use of the '\''chown'\'' command to change a file owner to '\''root'\'' on a Linux system. It leverages Linux Auditd telemetry, specifically monitoring command-line executions and process details. This activity is significant as it may indicate an attempt to escalate privileges by adversaries, malware, or red teamers. If confirmed malicious, this action could allow an attacker to gain root-level access, leading to full control over the compromised host and potential persistence within the environment.", "query": "`linux_auditd` `linux_auditd_normalized_proctitle_process`\r\n| rename host as dest \r\n| where LIKE (process_exec, \"%chown %root%\") \r\n| stats count min(_time) as firstTime max(_time) as lastTime by process_exec proctitle normalized_proctitle_delimiter dest \r\n| `security_content_ctime(firstTime)` \r\n| `security_content_ctime(lastTime)`\r\n| `linux_auditd_change_file_owner_to_root_filter`", "query_language": "spl", "mitre_attack_ids": [ "T1222" ] } ]' ```
The newly created documents can be retrieved using Kibana DevTools console: ``` GET .kibana.siem-rule-migrations-default/_search ``` ### Screenshots ![postman_screenshot](https://github.com/user-attachments/assets/9d3852d2-48ef-4955-b621-fdba6b249c65) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .github/CODEOWNERS | 9 +- .../src/field_maps/types.ts | 21 ++- .../common/api/quickstart_client.gen.ts | 39 ++++++ .../common/experimental_features.ts | 5 + .../common/siem_migrations/constants.ts | 16 +++ .../siem_migrations/model/api/common.gen.ts | 38 ++++++ .../model/api/common.schema.yaml | 24 ++++ .../model/api/rules/rules_migration.gen.ts | 34 +++++ .../api/rules/rules_migration.schema.yaml | 52 ++++++++ .../model/rule_migration.gen.ts | 124 ++++++++++++++++++ .../model/rule_migration.schema.yaml | 124 ++++++++++++++++++ .../routes/__mocks__/request_context.ts | 3 + .../lib/siem_migrations/__mocks__/mocks.ts | 24 ++++ .../server/lib/siem_migrations/routes.ts | 21 +++ .../siem_migrations/rules/__mocks__/mocks.ts | 21 +++ .../__mocks__/siem_rule_migrations_service.ts | 9 ++ .../lib/siem_migrations/rules/api/create.ts | 64 +++++++++ .../lib/siem_migrations/rules/api/index.ts | 17 +++ .../rules/data_stream/__mocks__/mocks.ts | 15 +++ .../__mocks__/rule_migrations_data_stream.ts | 9 ++ .../rule_migrations_data_stream.test.ts | 118 +++++++++++++++++ .../rule_migrations_data_stream.ts | 57 ++++++++ .../data_stream/rule_migrations_field_map.ts | 35 +++++ .../siem_rule_migrations_service.test.ts | 115 ++++++++++++++++ .../rules/siem_rule_migrations_service.ts | 56 ++++++++ .../server/lib/siem_migrations/rules/types.ts | 30 +++++ .../siem_migrations_service.test.ts | 97 ++++++++++++++ .../siem_migrations_service.ts | 43 ++++++ .../server/lib/siem_migrations/types.ts | 20 +++ .../security_solution/server/plugin.ts | 13 +- .../server/request_context_factory.ts | 15 ++- .../security_solution/server/routes/index.ts | 5 + .../plugins/security_solution/server/types.ts | 2 + .../plugins/security_solution/tsconfig.json | 1 + .../services/security_solution_api.gen.ts | 25 ++++ 35 files changed, 1293 insertions(+), 8 deletions(-) create mode 100644 x-pack/plugins/security_solution/common/siem_migrations/constants.ts create mode 100644 x-pack/plugins/security_solution/common/siem_migrations/model/api/common.gen.ts create mode 100644 x-pack/plugins/security_solution/common/siem_migrations/model/api/common.schema.yaml create mode 100644 x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.gen.ts create mode 100644 x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.schema.yaml create mode 100644 x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.gen.ts create mode 100644 x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.schema.yaml create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/__mocks__/mocks.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/routes.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/mocks.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/siem_rule_migrations_service.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/index.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/mocks.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/rule_migrations_data_stream.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_field_map.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/rules/types.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.ts create mode 100644 x-pack/plugins/security_solution/server/lib/siem_migrations/types.ts diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b7a69b94d1c26..eb96d1cfd1293 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1649,7 +1649,12 @@ x-pack/test/security_solution_api_integration/test_suites/sources @elastic/secur /x-pack/test/security_solution_playwright @elastic/security-engineering-productivity /x-pack/plugins/security_solution/scripts/run_cypress @MadameSheema @patrykkopycinski @maximpn @banderror -## Security Solution sub teams - Threat Hunting Investigations +## Security Solution sub teams - Threat Hunting + +/x-pack/plugins/security_solution/server/lib/siem_migrations @elastic/security-threat-hunting +/x-pack/plugins/security_solution/common/siem_migrations @elastic/security-threat-hunting + +## Security Solution Threat Hunting areas - Threat Hunting Investigations /x-pack/plugins/security_solution/common/api/timeline @elastic/security-threat-hunting-investigations /x-pack/plugins/security_solution/common/search_strategy/timeline @elastic/security-threat-hunting-investigations @@ -1679,7 +1684,7 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout @elastic/ /x-pack/plugins/security_solution/server/lib/timeline @elastic/security-threat-hunting-investigations -## Security Solution sub teams - Threat Hunting Explore +## Security Solution Threat Hunting areas - Threat Hunting Explore /x-pack/plugins/security_solution/common/api/tags @elastic/security-threat-hunting-explore /x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts @elastic/security-threat-hunting-explore /x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram @elastic/security-threat-hunting-explore diff --git a/packages/kbn-data-stream-adapter/src/field_maps/types.ts b/packages/kbn-data-stream-adapter/src/field_maps/types.ts index 4f42a6c6b686d..62f4c7c600036 100644 --- a/packages/kbn-data-stream-adapter/src/field_maps/types.ts +++ b/packages/kbn-data-stream-adapter/src/field_maps/types.ts @@ -38,8 +38,9 @@ export interface EcsMetadata { properties?: Record; } -export interface FieldMap { - [key: string]: { +export type FieldMap = Record< + T, + { type: string; required: boolean; array?: boolean; @@ -53,5 +54,17 @@ export interface FieldMap { scaling_factor?: number; dynamic?: boolean | 'strict'; properties?: Record; - }; -} + } +>; + +// This utility type flattens all the keys of a schema object and its nested objects as a union type. +// Its purpose is to ensure that the FieldMap keys are always in sync with the schema object. +// It assumes all optional fields of the schema are required in the field map, they can always be omitted from the resulting type. +export type SchemaFieldMapKeys< + T extends Record, + Key = keyof T +> = Key extends string + ? NonNullable extends Record + ? `${Key}` | `${Key}.${SchemaFieldMapKeys>}` + : `${Key}` + : never; diff --git a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts index 19fbc38072c14..25560aeffdbbe 100644 --- a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -361,6 +361,11 @@ import type { ResolveTimelineRequestQueryInput, ResolveTimelineResponse, } from './timeline/resolve_timeline/resolve_timeline_route.gen'; +import type { + CreateRuleMigrationRequestBodyInput, + CreateRuleMigrationResponse, + GetRuleMigrationResponse, +} from '../siem_migrations/model/api/rules/rules_migration.gen'; export interface ClientOptions { kbnClient: KbnClient; @@ -655,6 +660,22 @@ If a record already exists for the specified entity, that record is overwritten }) .catch(catchAxiosErrorFormatAndThrow); } + /** + * Creates a new SIEM rules migration using the original vendor rules provided + */ + async createRuleMigration(props: CreateRuleMigrationProps) { + this.log.info(`${new Date().toISOString()} Calling API CreateRuleMigration`); + return this.kbnClient + .request({ + path: '/internal/siem_migrations/rules', + headers: { + [ELASTIC_HTTP_VERSION_HEADER]: '1', + }, + method: 'POST', + body: props.body, + }) + .catch(catchAxiosErrorFormatAndThrow); + } /** * Create a new Timeline or Timeline template. */ @@ -1396,6 +1417,21 @@ finalize it. }) .catch(catchAxiosErrorFormatAndThrow); } + /** + * Retrieves the rule migrations stored in the system + */ + async getRuleMigration() { + this.log.info(`${new Date().toISOString()} Calling API GetRuleMigration`); + return this.kbnClient + .request({ + path: '/internal/siem_migrations/rules', + headers: { + [ELASTIC_HTTP_VERSION_HEADER]: '1', + }, + method: 'GET', + }) + .catch(catchAxiosErrorFormatAndThrow); + } /** * Get the details of an existing saved Timeline or Timeline template. */ @@ -2039,6 +2075,9 @@ export interface CreateAssetCriticalityRecordProps { export interface CreateRuleProps { body: CreateRuleRequestBodyInput; } +export interface CreateRuleMigrationProps { + body: CreateRuleMigrationRequestBodyInput; +} export interface CreateTimelinesProps { body: CreateTimelinesRequestBodyInput; } diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index 5e438669916c6..a16b88f649618 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -235,6 +235,11 @@ export const allowedExperimentalValues = Object.freeze({ * can be disabled if necessary in a given environment. */ entityStoreDisabled: false, + + /** + * Enables the siem migrations feature + */ + siemMigrationsEnabled: false, }); type ExperimentalConfigKeys = Array; diff --git a/x-pack/plugins/security_solution/common/siem_migrations/constants.ts b/x-pack/plugins/security_solution/common/siem_migrations/constants.ts new file mode 100644 index 0000000000000..96ca75679f112 --- /dev/null +++ b/x-pack/plugins/security_solution/common/siem_migrations/constants.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const SIEM_MIGRATIONS_PATH = '/internal/siem_migrations' as const; +export const SIEM_RULE_MIGRATIONS_PATH = `${SIEM_MIGRATIONS_PATH}/rules` as const; + +export enum SiemMigrationsStatus { + PENDING = 'pending', + PROCESSING = 'processing', + FINISHED = 'finished', + ERROR = 'error', +} diff --git a/x-pack/plugins/security_solution/common/siem_migrations/model/api/common.gen.ts b/x-pack/plugins/security_solution/common/siem_migrations/model/api/common.gen.ts new file mode 100644 index 0000000000000..620475a6eb73d --- /dev/null +++ b/x-pack/plugins/security_solution/common/siem_migrations/model/api/common.gen.ts @@ -0,0 +1,38 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Common SIEM Migrations Attributes + * version: not applicable + */ + +import { z } from '@kbn/zod'; + +/** + * The GenAI connector id to use. + */ +export type ConnectorId = z.infer; +export const ConnectorId = z.string(); + +/** + * The LangSmith options object. + */ +export type LangSmithOptions = z.infer; +export const LangSmithOptions = z.object({ + /** + * The project name. + */ + project_name: z.string(), + /** + * The API key to use for tracing. + */ + api_key: z.string(), +}); diff --git a/x-pack/plugins/security_solution/common/siem_migrations/model/api/common.schema.yaml b/x-pack/plugins/security_solution/common/siem_migrations/model/api/common.schema.yaml new file mode 100644 index 0000000000000..97450d191f300 --- /dev/null +++ b/x-pack/plugins/security_solution/common/siem_migrations/model/api/common.schema.yaml @@ -0,0 +1,24 @@ +openapi: 3.0.3 +info: + title: Common SIEM Migrations Attributes + version: 'not applicable' +paths: {} +components: + x-codegen-enabled: true + schemas: + ConnectorId: + type: string + description: The GenAI connector id to use. + LangSmithOptions: + type: object + description: The LangSmith options object. + required: + - project_name + - api_key + properties: + project_name: + type: string + description: The project name. + api_key: + type: string + description: The API key to use for tracing. diff --git a/x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.gen.ts b/x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.gen.ts new file mode 100644 index 0000000000000..fa8a1cc8a6778 --- /dev/null +++ b/x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.gen.ts @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: SIEM Rules Migration API endpoint + * version: 1 + */ + +import { z } from '@kbn/zod'; + +import { OriginalRule, RuleMigration } from '../../rule_migration.gen'; + +export type CreateRuleMigrationRequestBody = z.infer; +export const CreateRuleMigrationRequestBody = z.array(OriginalRule); +export type CreateRuleMigrationRequestBodyInput = z.input; + +export type CreateRuleMigrationResponse = z.infer; +export const CreateRuleMigrationResponse = z.object({ + /** + * The migration id created. + */ + migration_id: z.string(), +}); + +export type GetRuleMigrationResponse = z.infer; +export const GetRuleMigrationResponse = z.array(RuleMigration); diff --git a/x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.schema.yaml b/x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.schema.yaml new file mode 100644 index 0000000000000..40596ba7e712d --- /dev/null +++ b/x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.schema.yaml @@ -0,0 +1,52 @@ +openapi: 3.0.3 +info: + title: SIEM Rules Migration API endpoint + version: '1' +paths: + /internal/siem_migrations/rules: + post: + summary: Creates a new rule migration + operationId: CreateRuleMigration + x-codegen-enabled: true + description: Creates a new SIEM rules migration using the original vendor rules provided + tags: + - SIEM Migrations + - Rule Migrations + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + $ref: '../../rule_migration.schema.yaml#/components/schemas/OriginalRule' + responses: + 200: + description: Indicates migration have been created correctly. + content: + application/json: + schema: + type: object + required: + - migration_id + properties: + migration_id: + type: string + description: The migration id created. + get: + summary: Retrieves rule migrations + operationId: GetRuleMigration + x-codegen-enabled: true + description: Retrieves the rule migrations stored in the system + tags: + - SIEM Migrations + - Rule Migrations + responses: + 200: + description: Indicates rule migrations have been retrieved correctly. + content: + application/json: + schema: + type: array + items: + $ref: '../../rule_migration.schema.yaml#/components/schemas/RuleMigration' diff --git a/x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.gen.ts b/x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.gen.ts new file mode 100644 index 0000000000000..0e07ef2f208da --- /dev/null +++ b/x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.gen.ts @@ -0,0 +1,124 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Common Splunk Rules Attributes + * version: not applicable + */ + +import { z } from '@kbn/zod'; + +/** + * The original rule to migrate. + */ +export type OriginalRule = z.infer; +export const OriginalRule = z.object({ + /** + * The original rule id. + */ + id: z.string(), + /** + * The original rule vendor identifier. + */ + vendor: z.literal('splunk'), + /** + * The original rule name. + */ + title: z.string(), + /** + * The original rule description. + */ + description: z.string(), + /** + * The original rule query. + */ + query: z.string(), + /** + * The original rule query language. + */ + query_language: z.string(), + /** + * The original rule Mitre Attack technique IDs. + */ + mitre_attack_ids: z.array(z.string()).optional(), +}); + +/** + * The migrated elastic rule. + */ +export type ElasticRule = z.infer; +export const ElasticRule = z.object({ + /** + * The migrated rule title. + */ + title: z.string(), + /** + * The migrated rule description. + */ + description: z.string().optional(), + /** + * The migrated rule severity. + */ + severity: z.string().optional(), + /** + * The translated elastic query. + */ + query: z.string(), + /** + * The translated elastic query language. + */ + query_language: z.literal('esql').default('esql'), + /** + * The Elastic prebuilt rule id matched. + */ + prebuilt_rule_id: z.string().optional(), + /** + * The Elastic rule id installed as a result. + */ + id: z.string().optional(), +}); + +/** + * The rule migration document object. + */ +export type RuleMigration = z.infer; +export const RuleMigration = z.object({ + /** + * The moment of creation + */ + '@timestamp': z.string(), + /** + * The migration id. + */ + migration_id: z.string(), + original_rule: OriginalRule, + elastic_rule: ElasticRule.optional(), + /** + * The translation state. + */ + translation_state: z.enum(['complete', 'partial', 'untranslatable']).optional(), + /** + * The status of the rule migration. + */ + status: z.enum(['pending', 'processing', 'finished', 'error']).default('pending'), + /** + * The comments for the migration including a summary from the LLM in markdown. + */ + comments: z.array(z.string()).optional(), + /** + * The moment of the last update + */ + updated_at: z.string().optional(), + /** + * The user who last updated the migration + */ + updated_by: z.string().optional(), +}); diff --git a/x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.schema.yaml b/x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.schema.yaml new file mode 100644 index 0000000000000..9ec825389a52b --- /dev/null +++ b/x-pack/plugins/security_solution/common/siem_migrations/model/rule_migration.schema.yaml @@ -0,0 +1,124 @@ +openapi: 3.0.3 +info: + title: Common Splunk Rules Attributes + version: 'not applicable' +paths: {} +components: + x-codegen-enabled: true + schemas: + OriginalRule: + type: object + description: The original rule to migrate. + required: + - id + - vendor + - title + - description + - query + - query_language + properties: + id: + type: string + description: The original rule id. + vendor: + type: string + description: The original rule vendor identifier. + enum: + - splunk + title: + type: string + description: The original rule name. + description: + type: string + description: The original rule description. + query: + type: string + description: The original rule query. + query_language: + type: string + description: The original rule query language. + mitre_attack_ids: + type: array + items: + type: string + description: The original rule Mitre Attack technique IDs. + + ElasticRule: + type: object + description: The migrated elastic rule. + required: + - title + - query + - query_language + properties: + title: + type: string + description: The migrated rule title. + description: + type: string + description: The migrated rule description. + severity: + type: string + description: The migrated rule severity. + query: + type: string + description: The translated elastic query. + query_language: + type: string + description: The translated elastic query language. + enum: + - esql + default: esql + prebuilt_rule_id: + type: string + description: The Elastic prebuilt rule id matched. + id: + type: string + description: The Elastic rule id installed as a result. + + RuleMigration: + type: object + description: The rule migration document object. + required: + - '@timestamp' + - migration_id + - original_rule + - status + properties: + "@timestamp": + type: string + description: The moment of creation + migration_id: + type: string + description: The migration id. + original_rule: + $ref: '#/components/schemas/OriginalRule' + elastic_rule: + $ref: '#/components/schemas/ElasticRule' + translation_state: + type: string + description: The translation state. + enum: + - complete + - partial + - untranslatable + status: + type: string + description: The status of the rule migration. + enum: # should match SiemMigrationsStatus enum at ../constants.ts + - pending + - processing + - finished + - error + default: pending + comments: + type: array + description: The comments for the migration including a summary from the LLM in markdown. + items: + type: string + updated_at: + type: string + description: The moment of the last update + updated_by: + type: string + description: The user who last updated the migration diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_context.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_context.ts index f562ea7f7bf5f..ebc1706b309f8 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_context.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_context.ts @@ -42,6 +42,7 @@ import { auditLoggerMock } from '@kbn/security-plugin/server/audit/mocks'; import { detectionRulesClientMock } from '../../rule_management/logic/detection_rules_client/__mocks__/detection_rules_client'; import { packageServiceMock } from '@kbn/fleet-plugin/server/services/epm/package_service.mock'; import type { EndpointInternalFleetServicesInterface } from '../../../../endpoint/services/fleet'; +import { siemMigrationsServiceMock } from '../../../siem_migrations/__mocks__/mocks'; export const createMockClients = () => { const core = coreMock.createRequestHandlerContext(); @@ -78,6 +79,7 @@ export const createMockClients = () => { internalFleetServices: { packages: packageServiceMock.createClient(), }, + siemMigrationsClient: siemMigrationsServiceMock.createClient(), }; }; @@ -163,6 +165,7 @@ const createSecuritySolutionRequestContextMock = ( getAssetCriticalityDataClient: jest.fn(() => clients.assetCriticalityDataClient), getAuditLogger: jest.fn(() => mockAuditLogger), getEntityStoreDataClient: jest.fn(() => clients.entityStoreDataClient), + getSiemMigrationsClient: jest.fn(() => clients.siemMigrationsClient), }; }; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/__mocks__/mocks.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/__mocks__/mocks.ts new file mode 100644 index 0000000000000..fcf119e19ece5 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/__mocks__/mocks.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createRuleMigrationClient } from '../rules/__mocks__/mocks'; + +const createClient = () => ({ rules: createRuleMigrationClient() }); + +export const mockSetup = jest.fn().mockResolvedValue(undefined); +export const mockCreateClient = jest.fn().mockReturnValue(createClient()); +export const mockStop = jest.fn(); + +export const siemMigrationsServiceMock = { + create: () => + jest.fn().mockImplementation(() => ({ + setup: mockSetup, + createClient: mockCreateClient, + stop: mockStop, + })), + createClient: () => createClient(), +}; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/routes.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/routes.ts new file mode 100644 index 0000000000000..4d7b91cc5bfc3 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/routes.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Logger } from '@kbn/core/server'; +import { registerSiemRuleMigrationsRoutes } from './rules/api'; +import type { SecuritySolutionPluginRouter } from '../../types'; +import type { ConfigType } from '../../config'; + +export const registerSiemMigrationsRoutes = ( + router: SecuritySolutionPluginRouter, + config: ConfigType, + logger: Logger +) => { + if (config.experimentalFeatures.siemMigrationsEnabled) { + registerSiemRuleMigrationsRoutes(router, logger); + } +}; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/mocks.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/mocks.ts new file mode 100644 index 0000000000000..8233151f513e4 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/mocks.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SiemRuleMigrationsClient } from '../types'; + +export const createRuleMigrationClient = (): SiemRuleMigrationsClient => ({ + create: jest.fn().mockResolvedValue({ success: true }), + search: jest.fn().mockResolvedValue([]), +}); + +export const mockSetup = jest.fn(); +export const mockGetClient = jest.fn().mockReturnValue(createRuleMigrationClient()); + +export const MockSiemRuleMigrationsService = jest.fn().mockImplementation(() => ({ + setup: mockSetup, + getClient: mockGetClient, +})); diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/siem_rule_migrations_service.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/siem_rule_migrations_service.ts new file mode 100644 index 0000000000000..fc06996366520 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/__mocks__/siem_rule_migrations_service.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { MockSiemRuleMigrationsService } from './mocks'; +export const SiemRuleMigrationsService = MockSiemRuleMigrationsService; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts new file mode 100644 index 0000000000000..e2cf97dd094a9 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts @@ -0,0 +1,64 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { IKibanaResponse, Logger } from '@kbn/core/server'; +import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { v4 as uuidV4 } from 'uuid'; +import type { RuleMigration } from '../../../../../common/siem_migrations/model/rule_migration.gen'; +import type { CreateRuleMigrationResponse } from '../../../../../common/siem_migrations/model/api/rules/rules_migration.gen'; +import { CreateRuleMigrationRequestBody } from '../../../../../common/siem_migrations/model/api/rules/rules_migration.gen'; +import { + SIEM_RULE_MIGRATIONS_PATH, + SiemMigrationsStatus, +} from '../../../../../common/siem_migrations/constants'; +import type { SecuritySolutionPluginRouter } from '../../../../types'; + +export const registerSiemRuleMigrationsCreateRoute = ( + router: SecuritySolutionPluginRouter, + logger: Logger +) => { + router.versioned + .post({ + path: SIEM_RULE_MIGRATIONS_PATH, + access: 'internal', + options: { tags: ['access:securitySolution'] }, + }) + .addVersion( + { + version: '1', + validate: { + request: { body: buildRouteValidationWithZod(CreateRuleMigrationRequestBody) }, + }, + }, + async (context, req, res): Promise> => { + const originalRules = req.body; + try { + const ctx = await context.resolve(['core', 'actions', 'securitySolution']); + + const siemMigrationClient = ctx.securitySolution.getSiemMigrationsClient(); + + const migrationId = uuidV4(); + const timestamp = new Date().toISOString(); + + const ruleMigrations = originalRules.map((originalRule) => ({ + '@timestamp': timestamp, + migration_id: migrationId, + original_rule: originalRule, + status: SiemMigrationsStatus.PENDING, + })); + await siemMigrationClient.rules.create(ruleMigrations); + + return res.ok({ body: { migration_id: migrationId } }); + } catch (err) { + logger.error(err); + return res.badRequest({ + body: err.message, + }); + } + } + ); +}; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/index.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/index.ts new file mode 100644 index 0000000000000..0de49eb7df92b --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/index.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Logger } from '@kbn/core/server'; +import type { SecuritySolutionPluginRouter } from '../../../../types'; +import { registerSiemRuleMigrationsCreateRoute } from './create'; + +export const registerSiemRuleMigrationsRoutes = ( + router: SecuritySolutionPluginRouter, + logger: Logger +) => { + registerSiemRuleMigrationsCreateRoute(router, logger); +}; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/mocks.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/mocks.ts new file mode 100644 index 0000000000000..103c0f9b0c952 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/mocks.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const mockIndexName = 'mocked_data_stream_name'; +export const mockInstall = jest.fn().mockResolvedValue(undefined); +export const mockInstallSpace = jest.fn().mockResolvedValue(mockIndexName); + +export const MockRuleMigrationsDataStream = jest.fn().mockImplementation(() => ({ + install: mockInstall, + installSpace: mockInstallSpace, +})); diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/rule_migrations_data_stream.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/rule_migrations_data_stream.ts new file mode 100644 index 0000000000000..eb04aec6c60e5 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/__mocks__/rule_migrations_data_stream.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { MockRuleMigrationsDataStream } from './mocks'; +export const RuleMigrationsDataStream = MockRuleMigrationsDataStream; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.test.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.test.ts new file mode 100644 index 0000000000000..56510da48f1bb --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.test.ts @@ -0,0 +1,118 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { RuleMigrationsDataStream } from './rule_migrations_data_stream'; +import { Subject } from 'rxjs'; +import type { InstallParams } from '@kbn/data-stream-adapter'; +import { DataStreamSpacesAdapter } from '@kbn/data-stream-adapter'; +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { loggerMock } from '@kbn/logging-mocks'; + +jest.mock('@kbn/data-stream-adapter'); + +const MockedDataStreamSpacesAdapter = DataStreamSpacesAdapter as unknown as jest.MockedClass< + typeof DataStreamSpacesAdapter +>; + +const esClient = elasticsearchServiceMock.createStart().client.asInternalUser; + +describe('SiemRuleMigrationsDataStream', () => { + beforeEach(() => { + jest.clearAllMocks(); + }); + + describe('constructor', () => { + it('should create DataStreamSpacesAdapter', () => { + new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + expect(MockedDataStreamSpacesAdapter).toHaveBeenCalledTimes(1); + }); + + it('should create component templates', () => { + new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + const [dataStreamSpacesAdapter] = MockedDataStreamSpacesAdapter.mock.instances; + expect(dataStreamSpacesAdapter.setComponentTemplate).toHaveBeenCalledWith( + expect.objectContaining({ name: '.kibana.siem-rule-migrations' }) + ); + }); + + it('should create index templates', () => { + new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + const [dataStreamSpacesAdapter] = MockedDataStreamSpacesAdapter.mock.instances; + expect(dataStreamSpacesAdapter.setIndexTemplate).toHaveBeenCalledWith( + expect.objectContaining({ name: '.kibana.siem-rule-migrations' }) + ); + }); + }); + + describe('install', () => { + it('should install data stream', async () => { + const dataStream = new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + const params: InstallParams = { + esClient, + logger: loggerMock.create(), + pluginStop$: new Subject(), + }; + await dataStream.install(params); + const [dataStreamSpacesAdapter] = MockedDataStreamSpacesAdapter.mock.instances; + expect(dataStreamSpacesAdapter.install).toHaveBeenCalledWith(params); + }); + + it('should log error', async () => { + const dataStream = new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + const params: InstallParams = { + esClient, + logger: loggerMock.create(), + pluginStop$: new Subject(), + }; + const [dataStreamSpacesAdapter] = MockedDataStreamSpacesAdapter.mock.instances; + const error = new Error('test-error'); + (dataStreamSpacesAdapter.install as jest.Mock).mockRejectedValueOnce(error); + + await dataStream.install(params); + expect(params.logger.error).toHaveBeenCalledWith(expect.any(String), error); + }); + }); + + describe('installSpace', () => { + it('should install space data stream', async () => { + const dataStream = new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + const params: InstallParams = { + esClient, + logger: loggerMock.create(), + pluginStop$: new Subject(), + }; + const [dataStreamSpacesAdapter] = MockedDataStreamSpacesAdapter.mock.instances; + (dataStreamSpacesAdapter.install as jest.Mock).mockResolvedValueOnce(undefined); + + await dataStream.install(params); + await dataStream.installSpace('space1'); + + expect(dataStreamSpacesAdapter.getInstalledSpaceName).toHaveBeenCalledWith('space1'); + expect(dataStreamSpacesAdapter.installSpace).toHaveBeenCalledWith('space1'); + }); + + it('should not install space data stream if install not executed', async () => { + const dataStream = new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + await expect(dataStream.installSpace('space1')).rejects.toThrowError(); + }); + + it('should throw error if main install had error', async () => { + const dataStream = new RuleMigrationsDataStream({ kibanaVersion: '8.13.0' }); + const params: InstallParams = { + esClient, + logger: loggerMock.create(), + pluginStop$: new Subject(), + }; + const [dataStreamSpacesAdapter] = MockedDataStreamSpacesAdapter.mock.instances; + const error = new Error('test-error'); + (dataStreamSpacesAdapter.install as jest.Mock).mockRejectedValueOnce(error); + await dataStream.install(params); + + await expect(dataStream.installSpace('space1')).rejects.toThrowError(error); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.ts new file mode 100644 index 0000000000000..83eb471e0cee3 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_data_stream.ts @@ -0,0 +1,57 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { DataStreamSpacesAdapter, type InstallParams } from '@kbn/data-stream-adapter'; +import { ruleMigrationsFieldMap } from './rule_migrations_field_map'; + +const TOTAL_FIELDS_LIMIT = 2500; + +const DATA_STREAM_NAME = '.kibana.siem-rule-migrations'; +const ECS_COMPONENT_TEMPLATE_NAME = 'ecs'; + +export class RuleMigrationsDataStream { + private readonly dataStream: DataStreamSpacesAdapter; + private installPromise?: Promise; + + constructor({ kibanaVersion }: { kibanaVersion: string }) { + this.dataStream = new DataStreamSpacesAdapter(DATA_STREAM_NAME, { + kibanaVersion, + totalFieldsLimit: TOTAL_FIELDS_LIMIT, + }); + this.dataStream.setComponentTemplate({ + name: DATA_STREAM_NAME, + fieldMap: ruleMigrationsFieldMap, + }); + + this.dataStream.setIndexTemplate({ + name: DATA_STREAM_NAME, + componentTemplateRefs: [DATA_STREAM_NAME, ECS_COMPONENT_TEMPLATE_NAME], + }); + } + + async install(params: InstallParams) { + try { + this.installPromise = this.dataStream.install(params); + await this.installPromise; + } catch (err) { + params.logger.error(`Error installing siem rule migrations data stream. ${err.message}`, err); + } + } + + async installSpace(spaceId: string): Promise { + if (!this.installPromise) { + throw new Error('Siem rule migrations data stream not installed'); + } + // wait for install to complete, may reject if install failed, routes should handle this + await this.installPromise; + let dataStreamName = await this.dataStream.getInstalledSpaceName(spaceId); + if (!dataStreamName) { + dataStreamName = await this.dataStream.installSpace(spaceId); + } + return dataStreamName; + } +} diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_field_map.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_field_map.ts new file mode 100644 index 0000000000000..ba9a706957bcb --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data_stream/rule_migrations_field_map.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FieldMap, SchemaFieldMapKeys } from '@kbn/data-stream-adapter'; +import type { RuleMigration } from '../../../../../common/siem_migrations/model/rule_migration.gen'; + +export const ruleMigrationsFieldMap: FieldMap> = { + '@timestamp': { type: 'date', required: false }, + migration_id: { type: 'keyword', required: true }, + status: { type: 'keyword', required: true }, + original_rule: { type: 'nested', required: true }, + 'original_rule.vendor': { type: 'keyword', required: true }, + 'original_rule.id': { type: 'keyword', required: true }, + 'original_rule.title': { type: 'keyword', required: true }, + 'original_rule.description': { type: 'keyword', required: false }, + 'original_rule.query': { type: 'text', required: true }, + 'original_rule.query_language': { type: 'keyword', required: true }, + 'original_rule.mitre_attack_ids': { type: 'keyword', array: true, required: false }, + elastic_rule: { type: 'nested', required: false }, + 'elastic_rule.title': { type: 'keyword', required: true }, + 'elastic_rule.query': { type: 'text', required: true }, + 'elastic_rule.query_language': { type: 'keyword', required: true }, + 'elastic_rule.description': { type: 'keyword', required: false }, + 'elastic_rule.severity': { type: 'keyword', required: false }, + 'elastic_rule.prebuilt_rule_id': { type: 'keyword', required: false }, + 'elastic_rule.id': { type: 'keyword', required: false }, + translation_state: { type: 'keyword', required: false }, + comments: { type: 'text', array: true, required: false }, + updated_at: { type: 'date', required: false }, + updated_by: { type: 'keyword', required: false }, +}; diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.test.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.test.ts new file mode 100644 index 0000000000000..390d302264cea --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.test.ts @@ -0,0 +1,115 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { + loggingSystemMock, + elasticsearchServiceMock, + httpServerMock, +} from '@kbn/core/server/mocks'; +import { SiemRuleMigrationsService } from './siem_rule_migrations_service'; +import { Subject } from 'rxjs'; +import type { RuleMigration } from '../../../../common/siem_migrations/model/rule_migration.gen'; +import { + MockRuleMigrationsDataStream, + mockInstall, + mockInstallSpace, + mockIndexName, +} from './data_stream/__mocks__/mocks'; +import type { KibanaRequest } from '@kbn/core/server'; + +jest.mock('./data_stream/rule_migrations_data_stream'); + +describe('SiemRuleMigrationsService', () => { + let ruleMigrationsService: SiemRuleMigrationsService; + const kibanaVersion = '8.16.0'; + + const esClusterClient = elasticsearchServiceMock.createClusterClient(); + const logger = loggingSystemMock.createLogger(); + const pluginStop$ = new Subject(); + + beforeEach(() => { + jest.clearAllMocks(); + ruleMigrationsService = new SiemRuleMigrationsService(logger, kibanaVersion); + }); + + it('should instantiate the rule migrations data stream adapter', () => { + expect(MockRuleMigrationsDataStream).toHaveBeenCalledWith({ kibanaVersion }); + }); + + describe('when setup is called', () => { + it('should set esClusterClient and call dataStreamAdapter.install', () => { + ruleMigrationsService.setup({ esClusterClient, pluginStop$ }); + + expect(mockInstall).toHaveBeenCalledWith({ + esClient: esClusterClient.asInternalUser, + logger, + pluginStop$, + }); + }); + }); + + describe('when getClient is called', () => { + let request: KibanaRequest; + beforeEach(() => { + request = httpServerMock.createKibanaRequest(); + }); + + describe('without setup', () => { + it('should throw an error', () => { + expect(() => { + ruleMigrationsService.getClient({ spaceId: 'default', request }); + }).toThrowError('ES client not available, please call setup first'); + }); + }); + + describe('with setup', () => { + beforeEach(() => { + ruleMigrationsService.setup({ esClusterClient, pluginStop$ }); + }); + + it('should call installSpace', () => { + ruleMigrationsService.getClient({ spaceId: 'default', request }); + + expect(mockInstallSpace).toHaveBeenCalledWith('default'); + }); + + it('should return a client with create and search methods after setup', () => { + const client = ruleMigrationsService.getClient({ spaceId: 'default', request }); + + expect(client).toHaveProperty('create'); + expect(client).toHaveProperty('search'); + }); + + it('should call ES bulk create API with the correct parameters with create is called', async () => { + const client = ruleMigrationsService.getClient({ spaceId: 'default', request }); + + const ruleMigrations = [{ migration_id: 'dummy_migration_id' } as RuleMigration]; + await client.create(ruleMigrations); + + expect(esClusterClient.asScoped().asCurrentUser.bulk).toHaveBeenCalledWith( + expect.objectContaining({ + body: [{ create: { _index: mockIndexName } }, { migration_id: 'dummy_migration_id' }], + refresh: 'wait_for', + }) + ); + }); + + it('should call ES search API with the correct parameters with search is called', async () => { + const client = ruleMigrationsService.getClient({ spaceId: 'default', request }); + + const term = { migration_id: 'dummy_migration_id' }; + await client.search(term); + + expect(esClusterClient.asScoped().asCurrentUser.search).toHaveBeenCalledWith( + expect.objectContaining({ + index: mockIndexName, + body: { query: { term } }, + }) + ); + }); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.ts new file mode 100644 index 0000000000000..5b20f957cb6fa --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/siem_rule_migrations_service.ts @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { IClusterClient, Logger } from '@kbn/core/server'; +import { RuleMigrationsDataStream } from './data_stream/rule_migrations_data_stream'; +import type { + SiemRuleMigrationsClient, + SiemRulesMigrationsSetupParams, + SiemRuleMigrationsGetClientParams, +} from './types'; + +export class SiemRuleMigrationsService { + private dataStreamAdapter: RuleMigrationsDataStream; + private esClusterClient?: IClusterClient; + + constructor(private logger: Logger, kibanaVersion: string) { + this.dataStreamAdapter = new RuleMigrationsDataStream({ kibanaVersion }); + } + + setup({ esClusterClient, ...params }: SiemRulesMigrationsSetupParams) { + this.esClusterClient = esClusterClient; + const esClient = esClusterClient.asInternalUser; + this.dataStreamAdapter.install({ ...params, esClient, logger: this.logger }).catch((err) => { + this.logger.error(`Error installing data stream for rule migrations: ${err.message}`); + throw err; + }); + } + + getClient({ spaceId, request }: SiemRuleMigrationsGetClientParams): SiemRuleMigrationsClient { + if (!this.esClusterClient) { + throw new Error('ES client not available, please call setup first'); + } + // Installs the data stream for the specific space. it will only install if it hasn't been installed yet. + // The adapter stores the data stream name promise, it will return it directly when the data stream is known to be installed. + const dataStreamNamePromise = this.dataStreamAdapter.installSpace(spaceId); + + const esClient = this.esClusterClient.asScoped(request).asCurrentUser; + return { + create: async (ruleMigrations) => { + const _index = await dataStreamNamePromise; + return esClient.bulk({ + refresh: 'wait_for', + body: ruleMigrations.flatMap((ruleMigration) => [{ create: { _index } }, ruleMigration]), + }); + }, + search: async (term) => { + const index = await dataStreamNamePromise; + return esClient.search({ index, body: { query: { term } } }); + }, + }; + } +} diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/types.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/types.ts new file mode 100644 index 0000000000000..1892032a21723 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/types.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { BulkResponse, SearchResponse } from '@elastic/elasticsearch/lib/api/types'; +import type { IClusterClient, KibanaRequest } from '@kbn/core/server'; +import type { Subject } from 'rxjs'; +import type { RuleMigration } from '../../../../common/siem_migrations/model/rule_migration.gen'; + +export interface SiemRulesMigrationsSetupParams { + esClusterClient: IClusterClient; + pluginStop$: Subject; + tasksTimeoutMs?: number; +} + +export interface SiemRuleMigrationsGetClientParams { + request: KibanaRequest; + spaceId: string; +} + +export interface RuleMigrationSearchParams { + migration_id?: string; +} +export interface SiemRuleMigrationsClient { + create: (body: RuleMigration[]) => Promise; + search: (params: RuleMigrationSearchParams) => Promise; +} diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.test.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.test.ts new file mode 100644 index 0000000000000..3d9e5b9fe179b --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.test.ts @@ -0,0 +1,97 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { + loggingSystemMock, + elasticsearchServiceMock, + httpServerMock, +} from '@kbn/core/server/mocks'; +import { SiemMigrationsService } from './siem_migrations_service'; +import { MockSiemRuleMigrationsService, mockSetup, mockGetClient } from './rules/__mocks__/mocks'; +import type { ConfigType } from '../../config'; + +jest.mock('./rules/siem_rule_migrations_service'); + +const mockReplaySubject$ = { next: jest.fn(), complete: jest.fn() }; +jest.mock('rxjs', () => ({ + ...jest.requireActual('rxjs'), + ReplaySubject: jest.fn().mockImplementation(() => mockReplaySubject$), +})); + +describe('SiemMigrationsService', () => { + let siemMigrationsService: SiemMigrationsService; + const kibanaVersion = '8.16.0'; + + const esClusterClient = elasticsearchServiceMock.createClusterClient(); + const logger = loggingSystemMock.createLogger(); + + beforeEach(() => { + jest.clearAllMocks(); + }); + + describe('with siemMigrationsEnabled flag', () => { + beforeEach(() => { + siemMigrationsService = new SiemMigrationsService( + { experimentalFeatures: { siemMigrationsEnabled: true } } as ConfigType, + logger, + kibanaVersion + ); + }); + + it('should instantiate the rule migrations service', async () => { + expect(MockSiemRuleMigrationsService).toHaveBeenCalledWith(logger, kibanaVersion); + }); + + describe('when setup is called', () => { + it('should call siemRuleMigrationsService setup', async () => { + siemMigrationsService.setup({ esClusterClient, tasksTimeoutMs: 100 }); + + expect(mockSetup).toHaveBeenCalledWith({ + esClusterClient, + tasksTimeoutMs: 100, + pluginStop$: mockReplaySubject$, + }); + }); + }); + + describe('when createClient is called', () => { + it('should create rules client', async () => { + const request = httpServerMock.createKibanaRequest(); + siemMigrationsService.createClient({ spaceId: 'default', request }); + expect(mockGetClient).toHaveBeenCalledWith({ spaceId: 'default', request }); + }); + }); + + describe('when stop is called', () => { + it('should trigger the pluginStop subject', async () => { + siemMigrationsService.stop(); + expect(mockReplaySubject$.next).toHaveBeenCalled(); + expect(mockReplaySubject$.complete).toHaveBeenCalled(); + }); + }); + }); + + describe('without siemMigrationsEnabled flag', () => { + beforeEach(() => { + siemMigrationsService = new SiemMigrationsService( + { experimentalFeatures: { siemMigrationsEnabled: false } } as ConfigType, + logger, + kibanaVersion + ); + }); + + it('should instantiate the rule migrations service', async () => { + expect(MockSiemRuleMigrationsService).toHaveBeenCalledWith(logger, kibanaVersion); + }); + + describe('when setup is called', () => { + it('should not call siemRuleMigrationsService setup', async () => { + siemMigrationsService.setup({ esClusterClient, tasksTimeoutMs: 100 }); + expect(mockSetup).not.toHaveBeenCalled(); + }); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.ts new file mode 100644 index 0000000000000..b84281eb13d9b --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.ts @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Logger } from '@kbn/core/server'; +import { ReplaySubject, type Subject } from 'rxjs'; +import type { ConfigType } from '../../config'; +import { SiemRuleMigrationsService } from './rules/siem_rule_migrations_service'; +import type { + SiemMigrationsClient, + SiemMigrationsSetupParams, + SiemMigrationsGetClientParams, +} from './types'; + +export class SiemMigrationsService { + private pluginStop$: Subject; + private rules: SiemRuleMigrationsService; + + constructor(private config: ConfigType, logger: Logger, kibanaVersion: string) { + this.pluginStop$ = new ReplaySubject(1); + this.rules = new SiemRuleMigrationsService(logger, kibanaVersion); + } + + setup(params: SiemMigrationsSetupParams) { + if (this.config.experimentalFeatures.siemMigrationsEnabled) { + this.rules.setup({ ...params, pluginStop$: this.pluginStop$ }); + } + } + + createClient(params: SiemMigrationsGetClientParams): SiemMigrationsClient { + return { + rules: this.rules.getClient(params), + }; + } + + stop() { + this.pluginStop$.next(); + this.pluginStop$.complete(); + } +} diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/types.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/types.ts new file mode 100644 index 0000000000000..b5647ff65e214 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/types.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { IClusterClient } from '@kbn/core/server'; +import type { SiemRuleMigrationsClient, SiemRuleMigrationsGetClientParams } from './rules/types'; + +export interface SiemMigrationsSetupParams { + esClusterClient: IClusterClient; + tasksTimeoutMs?: number; +} + +export type SiemMigrationsGetClientParams = SiemRuleMigrationsGetClientParams; + +export interface SiemMigrationsClient { + rules: SiemRuleMigrationsClient; +} diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index 2ac776d37f1e5..794c37cd38b40 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -123,6 +123,7 @@ import { getAssistantTools } from './assistant/tools'; import { turnOffAgentPolicyFeatures } from './endpoint/migrations/turn_off_agent_policy_features'; import { getCriblPackagePolicyPostCreateOrUpdateCallback } from './security_integrations'; import { scheduleEntityAnalyticsMigration } from './lib/entity_analytics/migrations'; +import { SiemMigrationsService } from './lib/siem_migrations/siem_migrations_service'; export type { SetupPlugins, StartPlugins, PluginSetup, PluginStart } from './plugin_contract'; @@ -135,6 +136,7 @@ export class Plugin implements ISecuritySolutionPlugin { private readonly ruleMonitoringService: IRuleMonitoringService; private readonly endpointAppContextService = new EndpointAppContextService(); + private readonly siemMigrationsService: SiemMigrationsService; private readonly telemetryReceiver: ITelemetryReceiver; private readonly telemetryEventsSender: ITelemetryEventsSender; private readonly asyncTelemetryEventsSender: IAsyncTelemetryEventsSender; @@ -160,6 +162,11 @@ export class Plugin implements ISecuritySolutionPlugin { this.logger, this.config.experimentalFeatures ); + this.siemMigrationsService = new SiemMigrationsService( + this.config, + this.logger, + this.pluginContext.env.packageInfo.version + ); this.ruleMonitoringService = createRuleMonitoringService(this.config, this.logger); this.telemetryEventsSender = new TelemetryEventsSender(this.logger); @@ -236,6 +243,7 @@ export class Plugin implements ISecuritySolutionPlugin { plugins, endpointAppContextService: this.endpointAppContextService, ruleMonitoringService: this.ruleMonitoringService, + siemMigrationsService: this.siemMigrationsService, kibanaVersion: pluginContext.env.packageInfo.version, kibanaBranch: pluginContext.env.packageInfo.branch, buildFlavor: pluginContext.env.packageInfo.buildFlavor, @@ -427,7 +435,7 @@ export class Plugin implements ISecuritySolutionPlugin { core .getStartServices() - .then(async ([_, depsStart]) => { + .then(async ([coreStart, depsStart]) => { appClientFactory.setup({ getSpaceId: depsStart.spaces?.spacesService?.getSpaceId, config, @@ -477,6 +485,8 @@ export class Plugin implements ISecuritySolutionPlugin { * Register a config for the security guide */ plugins.guidedOnboarding?.registerGuideConfig(siemGuideId, getSiemGuideConfig()); + + this.siemMigrationsService.setup({ esClusterClient: coreStart.elasticsearch.client }); }) .catch(() => {}); // it shouldn't reject, but just in case @@ -715,6 +725,7 @@ export class Plugin implements ISecuritySolutionPlugin { this.endpointAppContextService.stop(); this.policyWatcher?.stop(); this.completeExternalResponseActionsTask.stop().catch(() => {}); + this.siemMigrationsService.stop(); licenseService.stop(); } } diff --git a/x-pack/plugins/security_solution/server/request_context_factory.ts b/x-pack/plugins/security_solution/server/request_context_factory.ts index d2bd579dc6b03..8e3af9b9bce8a 100644 --- a/x-pack/plugins/security_solution/server/request_context_factory.ts +++ b/x-pack/plugins/security_solution/server/request_context_factory.ts @@ -32,6 +32,7 @@ import { AssetCriticalityDataClient } from './lib/entity_analytics/asset_critica import { createDetectionRulesClient } from './lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client'; import { buildMlAuthz } from './lib/machine_learning/authz'; import { EntityStoreDataClient } from './lib/entity_analytics/entity_store/entity_store_data_client'; +import type { SiemMigrationsService } from './lib/siem_migrations/siem_migrations_service'; export interface IRequestContextFactory { create( @@ -47,6 +48,7 @@ interface ConstructorOptions { plugins: SecuritySolutionPluginSetupDependencies; endpointAppContextService: EndpointAppContextService; ruleMonitoringService: IRuleMonitoringService; + siemMigrationsService: SiemMigrationsService; kibanaVersion: string; kibanaBranch: string; buildFlavor: BuildFlavor; @@ -64,7 +66,14 @@ export class RequestContextFactory implements IRequestContextFactory { request: KibanaRequest ): Promise { const { options, appClientFactory } = this; - const { config, core, plugins, endpointAppContextService, ruleMonitoringService } = options; + const { + config, + core, + plugins, + endpointAppContextService, + ruleMonitoringService, + siemMigrationsService, + } = options; const { lists, ruleRegistry, security } = plugins; @@ -157,6 +166,10 @@ export class RequestContextFactory implements IRequestContextFactory { }) ), + getSiemMigrationsClient: memoize(() => + siemMigrationsService.createClient({ request, spaceId: getSpaceId() }) + ), + getExceptionListClient: () => { if (!lists) { return null; diff --git a/x-pack/plugins/security_solution/server/routes/index.ts b/x-pack/plugins/security_solution/server/routes/index.ts index 6f245bd04a02b..0b80d142e14ce 100644 --- a/x-pack/plugins/security_solution/server/routes/index.ts +++ b/x-pack/plugins/security_solution/server/routes/index.ts @@ -61,6 +61,7 @@ import { suggestUserProfilesRoute } from '../lib/detection_engine/routes/users/s import { registerTimelineRoutes } from '../lib/timeline/routes'; import { getFleetManagedIndexTemplatesRoute } from '../lib/security_integrations/cribl/routes'; import { registerEntityAnalyticsRoutes } from '../lib/entity_analytics/register_entity_analytics_routes'; +import { registerSiemMigrationsRoutes } from '../lib/siem_migrations/routes'; export const initRoutes = ( router: SecuritySolutionPluginRouter, @@ -138,13 +139,17 @@ export const initRoutes = ( // Dashboards registerDashboardsRoutes(router, logger); registerTagsRoutes(router, logger); + const { previewTelemetryUrlEnabled } = config.experimentalFeatures; + if (previewTelemetryUrlEnabled) { // telemetry preview endpoint for e2e integration tests only at the moment. telemetryDetectionRulesPreviewRoute(router, logger, previewTelemetryReceiver, telemetrySender); } registerEntityAnalyticsRoutes({ router, config, getStartServices, logger }); + registerSiemMigrationsRoutes(router, config, logger); + // Security Integrations getFleetManagedIndexTemplatesRoute(router); }; diff --git a/x-pack/plugins/security_solution/server/types.ts b/x-pack/plugins/security_solution/server/types.ts index 31e10b70adbcf..1355904dbe7f7 100644 --- a/x-pack/plugins/security_solution/server/types.ts +++ b/x-pack/plugins/security_solution/server/types.ts @@ -35,6 +35,7 @@ import type { RiskScoreDataClient } from './lib/entity_analytics/risk_score/risk import type { AssetCriticalityDataClient } from './lib/entity_analytics/asset_criticality'; import type { IDetectionRulesClient } from './lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client_interface'; import type { EntityStoreDataClient } from './lib/entity_analytics/entity_store/entity_store_data_client'; +import type { SiemMigrationsClient } from './lib/siem_migrations/types'; export { AppClient }; export interface SecuritySolutionApiRequestHandlerContext { @@ -57,6 +58,7 @@ export interface SecuritySolutionApiRequestHandlerContext { getRiskScoreDataClient: () => RiskScoreDataClient; getAssetCriticalityDataClient: () => AssetCriticalityDataClient; getEntityStoreDataClient: () => EntityStoreDataClient; + getSiemMigrationsClient: () => SiemMigrationsClient; } export type SecuritySolutionRequestHandlerContext = CustomRequestHandlerContext<{ diff --git a/x-pack/plugins/security_solution/tsconfig.json b/x-pack/plugins/security_solution/tsconfig.json index 5098a75e00cf2..0459b62bb1f6f 100644 --- a/x-pack/plugins/security_solution/tsconfig.json +++ b/x-pack/plugins/security_solution/tsconfig.json @@ -230,5 +230,6 @@ "@kbn/core-security-server-mocks", "@kbn/serverless", "@kbn/core-user-profile-browser", + "@kbn/data-stream-adapter", ] } diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index 7e1e532806a6c..3503f07fec574 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -32,6 +32,7 @@ import { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/comm import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; +import { CreateRuleMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rules_migration.gen'; import { CreateTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/create_timelines/create_timelines_route.gen'; import { CreateUpdateProtectionUpdatesNoteRequestParamsInput, @@ -340,6 +341,17 @@ If a record already exists for the specified entity, that record is overwritten .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') .send(props.body as object); }, + /** + * Creates a new SIEM rules migration using the original vendor rules provided + */ + createRuleMigration(props: CreateRuleMigrationProps, kibanaSpace: string = 'default') { + return supertest + .post(routeWithNamespace('/internal/siem_migrations/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, /** * Create a new Timeline or Timeline template. */ @@ -919,6 +931,16 @@ finalize it. .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') .query(props.query); }, + /** + * Retrieves the rule migrations stored in the system + */ + getRuleMigration(kibanaSpace: string = 'default') { + return supertest + .get(routeWithNamespace('/internal/siem_migrations/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, /** * Get the details of an existing saved Timeline or Timeline template. */ @@ -1382,6 +1404,9 @@ export interface CreateAssetCriticalityRecordProps { export interface CreateRuleProps { body: CreateRuleRequestBodyInput; } +export interface CreateRuleMigrationProps { + body: CreateRuleMigrationRequestBodyInput; +} export interface CreateTimelinesProps { body: CreateTimelinesRequestBodyInput; } From bd11d1ae5df52fe7e63eb8e2c931deee68cb425a Mon Sep 17 00:00:00 2001 From: Miriam <31922082+MiriamAparicio@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:03:04 +0100 Subject: [PATCH 17/99] [ObsUX] Unskip failing test (#196727) Closes https://github.com/elastic/kibana/issues/191961 --- .../cypress/e2e/service_inventory/service_inventory.cy.ts | 3 +-- .../mobile_overview_with_most_used_charts.cy.ts | 2 +- .../cypress/e2e/service_overview/service_overview.cy.ts | 3 +-- .../cypress/e2e/storage_explorer/storage_explorer.cy.ts | 3 +-- .../cypress/e2e/transaction_details/transaction_details.cy.ts | 4 ++-- 5 files changed, 6 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_inventory/service_inventory.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_inventory/service_inventory.cy.ts index 3e913d4f527f0..6198ba8c5d05f 100644 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_inventory/service_inventory.cy.ts +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_inventory/service_inventory.cy.ts @@ -34,8 +34,7 @@ const mainApiRequestsToIntercept = [ const mainAliasNames = mainApiRequestsToIntercept.map(({ aliasName }) => `@${aliasName}`); -// See details: https://github.com/elastic/kibana/issues/191961 -describe.skip('Service inventory', () => { +describe('Service inventory', () => { before(() => { const { rangeFrom, rangeTo } = timeRange; synthtrace.index( diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/mobile_overview_with_most_used_charts.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/mobile_overview_with_most_used_charts.cy.ts index 1f8eb7f5396a5..7483d5f77769f 100644 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/mobile_overview_with_most_used_charts.cy.ts +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/mobile_overview_with_most_used_charts.cy.ts @@ -31,7 +31,7 @@ const apmMobileServiceOverview = url.format({ rangeTo, }, }); -describe.skip('Mobile Service overview page', () => { +describe('Mobile Service overview page', () => { before(() => { synthtrace.index( generateMobileData({ diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/service_overview.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/service_overview.cy.ts index 794e290acb7c0..4840037cafb83 100644 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/service_overview.cy.ts +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/service_overview/service_overview.cy.ts @@ -76,8 +76,7 @@ const aliasNamesWithComparison = apiRequestsToInterceptWithComparison.map( const aliasNames = [...aliasNamesNoComparison, ...aliasNamesWithComparison]; -// See details: https://github.com/elastic/kibana/issues/191961 -describe.skip('Service Overview', () => { +describe('Service Overview', () => { before(() => { synthtrace.index( opbeans({ diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/storage_explorer/storage_explorer.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/storage_explorer/storage_explorer.cy.ts index 2132fee724950..519f309105f54 100644 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/storage_explorer/storage_explorer.cy.ts +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/storage_explorer/storage_explorer.cy.ts @@ -36,8 +36,7 @@ const mainApiRequestsToIntercept = [ ]; const mainAliasNames = mainApiRequestsToIntercept.map(({ aliasName }) => `@${aliasName}`); - -// See details: https://github.com/elastic/kibana/issues/191961 +// flaky test describe.skip('Storage Explorer', () => { before(() => { const { rangeFrom, rangeTo } = timeRange; diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts index 38ced9a6587ee..3ae431f5d3299 100644 --- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts +++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts @@ -15,8 +15,8 @@ const timeRange = { rangeFrom: start, rangeTo: end, }; - -describe('Transaction details', () => { +// flaky +describe.skip('Transaction details', () => { before(() => { synthtrace.index( opbeans({ From fb2452e1a129fbefe0866b734ae4111e63222cad Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Thu, 24 Oct 2024 05:06:06 -0500 Subject: [PATCH 18/99] [ingest pipeline mgmt] sort list of ip location databases for consistent output (#197361) ## Summary Sort ip location database list for api output. Consistent results are testable results. Closes: https://github.com/elastic/kibana/issues/196765 --- .../server/routes/api/database/list.ts | 5 +++-- .../management/ingest_pipelines/databases.ts | 17 +++++++---------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/x-pack/plugins/ingest_pipelines/server/routes/api/database/list.ts b/x-pack/plugins/ingest_pipelines/server/routes/api/database/list.ts index b3509a5486435..eb6eb2e7dabd8 100644 --- a/x-pack/plugins/ingest_pipelines/server/routes/api/database/list.ts +++ b/x-pack/plugins/ingest_pipelines/server/routes/api/database/list.ts @@ -5,6 +5,7 @@ * 2.0. */ +import sortBy from 'lodash/sortBy'; import { deserializeGeoipDatabase, type GeoipDatabaseFromES } from './serialization'; import { API_BASE_PATH } from '../../../../common/constants'; import { RouteDependencies } from '../../../types'; @@ -21,9 +22,9 @@ export const registerListDatabaseRoute = ({ databases: GeoipDatabaseFromES[]; }; - const geoipDatabases = data.databases; + const body = sortBy(data.databases.map(deserializeGeoipDatabase), 'name'); - return res.ok({ body: geoipDatabases.map(deserializeGeoipDatabase) }); + return res.ok({ body }); } catch (error) { const esErrorResponse = handleEsError({ error, response: res }); if (esErrorResponse.status === 404) { diff --git a/x-pack/test/api_integration/apis/management/ingest_pipelines/databases.ts b/x-pack/test/api_integration/apis/management/ingest_pipelines/databases.ts index 9bd0ab353e1f5..913e9aeca3c90 100644 --- a/x-pack/test/api_integration/apis/management/ingest_pipelines/databases.ts +++ b/x-pack/test/api_integration/apis/management/ingest_pipelines/databases.ts @@ -18,9 +18,7 @@ export default function ({ getService }: FtrProviderContext) { const ipinfoDatabaseName = 'asn'; const normalizedIpinfoDatabaseName = 'asn'; - // Failing: See https://github.com/elastic/kibana/issues/196765 - // Failing: See https://github.com/elastic/kibana/issues/196765 - describe.skip('Manage databases', function () { + describe('Manage databases', function () { after(async () => { await ingestPipelines.api.deleteGeoipDatabases(); }); @@ -64,21 +62,20 @@ export default function ({ getService }: FtrProviderContext) { }); }); - // FLAKY: https://github.com/elastic/kibana/issues/196765 - describe.skip('List', () => { + describe('List', () => { it('returns existing databases', async () => { const { body } = await supertest.get(url).set('kbn-xsrf', 'xxx').expect(200); expect(body).to.eql([ - { - id: normalizedIpinfoDatabaseName, - name: ipinfoDatabaseName, - type: 'ipinfo', - }, { id: normalizedMaxmindDatabaseName, name: maxmindDatabaseName, type: 'maxmind', }, + { + id: normalizedIpinfoDatabaseName, + name: ipinfoDatabaseName, + type: 'ipinfo', + }, ]); }); }); From ee9fe0e82ad365eb898240ebbb28614617ce3c62 Mon Sep 17 00:00:00 2001 From: "elastic-renovate-prod[bot]" <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Thu, 24 Oct 2024 05:14:36 -0500 Subject: [PATCH 19/99] Update dependency trace to ^3.2.0 (main) (#197354) --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 0003e07a63960..dea3744893f0a 100644 --- a/package.json +++ b/package.json @@ -1819,7 +1819,7 @@ "terser": "^5.34.0", "terser-webpack-plugin": "^4.2.3", "tough-cookie": "^5.0.0", - "trace": "^3.1.1", + "trace": "^3.2.0", "tree-kill": "^1.2.2", "ts-morph": "^15.1.0", "tsd": "^0.31.1", diff --git a/yarn.lock b/yarn.lock index 0bea2d384b4cd..d02e89fcda226 100644 --- a/yarn.lock +++ b/yarn.lock @@ -30655,10 +30655,10 @@ tr46@~0.0.3: resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o= -trace@^3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/trace/-/trace-3.1.1.tgz#061eebf012805611cb02138440bc716979b0eb11" - integrity sha512-iVxFnDKps8bCRQ6kXj66rHYFJY3fNkoYPHeFTFZn89YdwmmQ9Hz97IFPf3NdfbCF3zuqUqFpRNTu6N9+eZR2qg== +trace@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/trace/-/trace-3.2.0.tgz#7ae270f75107acf24e3137988d83c6a9da944015" + integrity sha512-o5sIvza+ygxvws5TAtDX/SwMzgyS5YaeGpNkPd0TFVtYTNQp2nRpC/o7YU4A/zP6Hp4hDrLOgaZUKNc3c4huMQ== dependencies: stack-chain "^2.0.0" From 1c3705ba5b5aa60ea451a7d0ff7f95f2d21a1b80 Mon Sep 17 00:00:00 2001 From: Julia Rechkunova Date: Thu, 24 Oct 2024 12:16:21 +0200 Subject: [PATCH 20/99] [Discover][Embeddable] Pass embeddable filters to Surrounding Docs page (#197190) ## Summary This PR makes sure to pass `filters` to DocViewer from the search panel on Dashboard. And DocViewer will pass `filters` over to Surrounding Docs page. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --- .../components/saved_search_grid.tsx | 7 +++-- .../search_embeddable_grid_component.tsx | 26 ++++++++++++------- .../group2_data_grid1/_data_grid_context.ts | 4 +++ 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/src/plugins/discover/public/embeddable/components/saved_search_grid.tsx b/src/plugins/discover/public/embeddable/components/saved_search_grid.tsx index 23e06062d166b..e45ad009db898 100644 --- a/src/plugins/discover/public/embeddable/components/saved_search_grid.tsx +++ b/src/plugins/discover/public/embeddable/components/saved_search_grid.tsx @@ -9,7 +9,7 @@ import React, { useCallback, useMemo, useState } from 'react'; import type { DataTableRecord } from '@kbn/discover-utils/types'; -import { AggregateQuery, Query } from '@kbn/es-query'; +import type { AggregateQuery, Query, Filter } from '@kbn/es-query'; import type { SearchResponseWarning } from '@kbn/search-response-warnings'; import { MAX_DOC_FIELDS_DISPLAYED, SHOW_MULTIFIELDS } from '@kbn/discover-utils'; import { @@ -30,7 +30,8 @@ import { useProfileAccessor } from '../../context_awareness'; interface DiscoverGridEmbeddableProps extends Omit { sampleSizeState: number; // a required prop totalHitCount?: number; - query?: AggregateQuery | Query; + query: AggregateQuery | Query | undefined; + filters: Filter[] | undefined; interceptedWarnings?: SearchResponseWarning[]; onAddColumn: (column: string) => void; onRemoveColumn: (column: string) => void; @@ -65,6 +66,7 @@ export function DiscoverGridEmbeddable(props: DiscoverGridEmbeddableProps) { onClose={() => setExpandedDoc(undefined)} setExpandedDoc={setExpandedDoc} query={props.query} + filters={props.filters} /> ), [ @@ -73,6 +75,7 @@ export function DiscoverGridEmbeddable(props: DiscoverGridEmbeddableProps) { props.onFilter, props.onRemoveColumn, props.query, + props.filters, props.savedSearchId, ] ); diff --git a/src/plugins/discover/public/embeddable/components/search_embeddable_grid_component.tsx b/src/plugins/discover/public/embeddable/components/search_embeddable_grid_component.tsx index 50f26bcf974b3..44d3c1685cbfe 100644 --- a/src/plugins/discover/public/embeddable/components/search_embeddable_grid_component.tsx +++ b/src/plugins/discover/public/embeddable/components/search_embeddable_grid_component.tsx @@ -17,7 +17,6 @@ import { SORT_DEFAULT_ORDER_SETTING, isLegacyTableEnabled, } from '@kbn/discover-utils'; -import { Filter } from '@kbn/es-query'; import { FetchContext, useBatchedOptionalPublishingSubjects, @@ -27,7 +26,6 @@ import { SortOrder } from '@kbn/saved-search-plugin/public'; import { SearchResponseIncompleteWarning } from '@kbn/search-response-warnings/src/types'; import { DataGridDensity, DataLoadingState, useColumns } from '@kbn/unified-data-table'; import { DocViewFilterFn } from '@kbn/unified-doc-viewer/types'; - import { DiscoverGridSettings } from '@kbn/saved-search-plugin/common'; import useObservable from 'react-use/lib/useObservable'; import { DiscoverDocTableEmbeddable } from '../../components/doc_table/create_doc_table_embeddable'; @@ -69,8 +67,8 @@ export function SearchEmbeddableGridComponent({ savedSearch, savedSearchId, interceptedWarnings, - query, - filters, + apiQuery, + apiFilters, fetchContext, rows, totalHitCount, @@ -90,6 +88,12 @@ export function SearchEmbeddableGridComponent({ stateManager.grid ); + // `api.query$` and `api.filters$` are the initial values from the saved search SO (as of now) + // `fetchContext.query` and `fetchContext.filters` are Dashboard's query and filters + + const savedSearchQuery = apiQuery; + const savedSearchFilters = apiFilters; + const [panelTitle, panelDescription, savedSearchTitle, savedSearchDescription] = useBatchedOptionalPublishingSubjects( api.panelTitle, @@ -137,7 +141,10 @@ export function SearchEmbeddableGridComponent({ settings: grid, }); - const dataSource = useMemo(() => createDataSource({ dataView, query }), [dataView, query]); + const dataSource = useMemo( + () => createDataSource({ dataView, query: savedSearchQuery }), + [dataView, savedSearchQuery] + ); const timeRange = useMemo( () => (fetchContext ? getTimeRangeFromFetchContext(fetchContext) : undefined), [fetchContext] @@ -146,8 +153,8 @@ export function SearchEmbeddableGridComponent({ const cellActionsMetadata = useAdditionalCellActions({ dataSource, dataView, - query, - filters, + query: savedSearchQuery, + filters: savedSearchFilters, timeRange, }); @@ -229,7 +236,7 @@ export function SearchEmbeddableGridComponent({ { await common.navigateToApp('discover'); + await header.waitUntilLoadingHasFinished(); + await filterBar.addFilter({ field: 'extension.raw', operation: 'is', value: 'jpg' }); + await header.waitUntilLoadingHasFinished(); await discover.saveSearch('my search'); await header.waitUntilLoadingHasFinished(); @@ -134,6 +137,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { log.debug('document table length', nrOfDocs); return nrOfDocs === 6; }); + await filterBar.hasFilter('extension.raw', 'jpg', false); }); }); } From 30f81ce4e932622e4d284b1e6af8c015c22836f5 Mon Sep 17 00:00:00 2001 From: Maryam Saeidi Date: Thu, 24 Oct 2024 12:22:59 +0200 Subject: [PATCH 21/99] Migrate Custom threshold > AVG - PCT - FIRED test to the deployment agnostic framework (#195902) Part of #183378 ## Summary This PR moves the first Custom threshold rule test to the deployment agnostic test. The rest will follow in a follow-up PR. ## How to run To run serverless ``` node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts --grep="Custom Threshold rule" ``` To run stateful ``` node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.stateful.config.ts node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.stateful.config.ts --grep="Custom Threshold rule" ``` ### TODO - [x] https://github.com/elastic/kibana/pull/195890 - [x] Test in MKI before merging #### How to run tests on MKI According to this [discussion](https://github.com/elastic/observability-dev/issues/3519#issuecomment-2379914274), we should test in MKI environment before merging. For details on how to run in MKI, see [this section of the document](https://docs.google.com/document/d/1tiax7xoDYwFXYZjRTgVKkVMjN-SQzBWk4yn1JY6Z5UY/edit#heading=h.ece2z8p74izh) and [this readme](https://github.com/elastic/kibana/blob/main/x-pack/test_serverless/README.md#run-tests-on-mki). --- .../custom_threshold_rule/avg_pct_fired.ts | 271 ------------------ .../observability/index.ts | 1 - .../custom_threshold}/avg_pct_fired.ts | 48 ++-- .../alerting/custom_threshold/constants.ts | 8 + .../alerting/custom_threshold/index.ts | 14 + .../alerting/custom_threshold/types.ts | 25 ++ .../apis/observability/alerting/index.ts | 1 + .../services/data_view_api.ts | 2 +- .../custom_threshold_rule/index.ts | 1 - 9 files changed, 78 insertions(+), 293 deletions(-) delete mode 100644 x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts rename x-pack/{test_serverless/api_integration/test_suites/observability/custom_threshold_rule => test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold}/avg_pct_fired.ts (88%) create mode 100644 x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/constants.ts create mode 100644 x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/index.ts create mode 100644 x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/types.ts diff --git a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts deleted file mode 100644 index dc6197320ecf0..0000000000000 --- a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts +++ /dev/null @@ -1,271 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { omit } from 'lodash'; -import { cleanup, generate, Dataset, PartialConfig } from '@kbn/data-forge'; -import { Aggregators } from '@kbn/observability-plugin/common/custom_threshold_rule/types'; -import { FIRED_ACTIONS_ID } from '@kbn/observability-plugin/server/lib/rules/custom_threshold/constants'; -import expect from '@kbn/expect'; -import { OBSERVABILITY_THRESHOLD_RULE_TYPE_ID } from '@kbn/rule-data-utils'; -import { parseSearchParams } from '@kbn/share-plugin/common/url_service'; -import { COMPARATORS } from '@kbn/alerting-comparators'; -import { createIndexConnector, createRule } from '../helpers/alerting_api_helper'; -import { - waitForAlertInIndex, - waitForDocumentInIndex, - waitForRuleStatus, -} from '../helpers/alerting_wait_for_helpers'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { ActionDocument, LogsExplorerLocatorParsedParams } from './typings'; -import { ISO_DATE_REGEX } from './constants'; - -// eslint-disable-next-line import/no-default-export -export default function ({ getService }: FtrProviderContext) { - const esClient = getService('es'); - const supertest = getService('supertest'); - const esDeleteAllIndices = getService('esDeleteAllIndices'); - const logger = getService('log'); - const retryService = getService('retry'); - - describe('Custom Threshold rule - AVG - PCT - FIRED', () => { - const CUSTOM_THRESHOLD_RULE_ALERT_INDEX = '.alerts-observability.threshold.alerts-default'; - const ALERT_ACTION_INDEX = 'alert-action-threshold'; - const DATA_VIEW_TITLE = 'kbn-data-forge-fake_hosts.fake_hosts-*'; - const DATA_VIEW_NAME = 'ad-hoc-data-view-name'; - const DATA_VIEW_ID = 'data-view-id'; - const MOCKED_AD_HOC_DATA_VIEW = { - id: DATA_VIEW_ID, - title: DATA_VIEW_TITLE, - timeFieldName: '@timestamp', - sourceFilters: [], - fieldFormats: {}, - runtimeFieldMap: {}, - allowNoIndex: false, - name: DATA_VIEW_NAME, - allowHidden: false, - }; - let dataForgeConfig: PartialConfig; - let dataForgeIndices: string[]; - let actionId: string; - let ruleId: string; - let alertId: string; - - before(async () => { - dataForgeConfig = { - schedule: [ - { - template: 'good', - start: 'now-10m', - end: 'now+5m', - metrics: [ - { name: 'system.cpu.user.pct', method: 'linear', start: 2.5, end: 2.5 }, - { name: 'system.cpu.total.pct', method: 'linear', start: 0.5, end: 0.5 }, - ], - }, - ], - indexing: { - dataset: 'fake_hosts' as Dataset, - eventsPerCycle: 1, - interval: 10000, - alignEventsToInterval: true, - }, - }; - dataForgeIndices = await generate({ client: esClient, config: dataForgeConfig, logger }); - logger.info(JSON.stringify(dataForgeIndices.join(','))); - await waitForDocumentInIndex({ - esClient, - indexName: DATA_VIEW_TITLE, - docCountTarget: 270, - retryService, - logger, - }); - }); - - after(async () => { - await supertest.delete(`/api/alerting/rule/${ruleId}`).set('kbn-xsrf', 'foo'); - await supertest.delete(`/api/actions/connector/${actionId}`).set('kbn-xsrf', 'foo'); - await esClient.deleteByQuery({ - index: CUSTOM_THRESHOLD_RULE_ALERT_INDEX, - query: { term: { 'kibana.alert.rule.uuid': ruleId } }, - }); - await esClient.deleteByQuery({ - index: '.kibana-event-log-*', - query: { term: { 'kibana.alert.rule.consumer': 'logs' } }, - }); - await esDeleteAllIndices([ALERT_ACTION_INDEX, ...dataForgeIndices]); - await cleanup({ client: esClient, config: dataForgeConfig, logger }); - }); - - describe('Rule creation', () => { - it('creates rule successfully', async () => { - actionId = await createIndexConnector({ - supertest, - name: 'Index Connector: Threshold API test', - indexName: ALERT_ACTION_INDEX, - logger, - }); - - const createdRule = await createRule({ - supertest, - logger, - esClient, - tags: ['observability'], - consumer: 'logs', - name: 'Threshold rule', - ruleTypeId: OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, - params: { - criteria: [ - { - comparator: COMPARATORS.GREATER_THAN, - threshold: [0.5], - timeSize: 5, - timeUnit: 'm', - metrics: [ - { name: 'A', field: 'system.cpu.user.pct', aggType: Aggregators.AVERAGE }, - ], - }, - ], - alertOnNoData: true, - alertOnGroupDisappear: true, - searchConfiguration: { - query: { - query: '', - language: 'kuery', - }, - index: MOCKED_AD_HOC_DATA_VIEW, - }, - }, - actions: [ - { - group: FIRED_ACTIONS_ID, - id: actionId, - params: { - documents: [ - { - ruleType: '{{rule.type}}', - alertDetailsUrl: '{{context.alertDetailsUrl}}', - reason: '{{context.reason}}', - value: '{{context.value}}', - host: '{{context.host}}', - viewInAppUrl: '{{context.viewInAppUrl}}', - }, - ], - }, - frequency: { - notify_when: 'onActionGroupChange', - throttle: null, - summary: false, - }, - }, - ], - }); - ruleId = createdRule.id; - expect(ruleId).not.to.be(undefined); - }); - - it('should be active', async () => { - const executionStatus = await waitForRuleStatus({ - id: ruleId, - expectedStatus: 'active', - supertest, - retryService, - logger, - }); - expect(executionStatus.status).to.be('active'); - }); - - it('should set correct information in the alert document', async () => { - const resp = await waitForAlertInIndex({ - esClient, - indexName: CUSTOM_THRESHOLD_RULE_ALERT_INDEX, - ruleId, - retryService, - logger, - }); - alertId = (resp.hits.hits[0]._source as any)['kibana.alert.uuid']; - - expect(resp.hits.hits[0]._source).property( - 'kibana.alert.rule.category', - 'Custom threshold' - ); - expect(resp.hits.hits[0]._source).property('kibana.alert.rule.consumer', 'logs'); - expect(resp.hits.hits[0]._source).property('kibana.alert.rule.name', 'Threshold rule'); - expect(resp.hits.hits[0]._source).property('kibana.alert.rule.producer', 'observability'); - expect(resp.hits.hits[0]._source).property('kibana.alert.rule.revision', 0); - expect(resp.hits.hits[0]._source).property( - 'kibana.alert.rule.rule_type_id', - 'observability.rules.custom_threshold' - ); - expect(resp.hits.hits[0]._source).property('kibana.alert.rule.uuid', ruleId); - expect(resp.hits.hits[0]._source).property('kibana.space_ids').contain('default'); - expect(resp.hits.hits[0]._source) - .property('kibana.alert.rule.tags') - .contain('observability'); - expect(resp.hits.hits[0]._source).property( - 'kibana.alert.action_group', - 'custom_threshold.fired' - ); - expect(resp.hits.hits[0]._source).property('tags').contain('observability'); - expect(resp.hits.hits[0]._source).property('kibana.alert.instance.id', '*'); - expect(resp.hits.hits[0]._source).property('kibana.alert.workflow_status', 'open'); - expect(resp.hits.hits[0]._source).property('event.kind', 'signal'); - expect(resp.hits.hits[0]._source).property('event.action', 'open'); - expect(resp.hits.hits[0]._source).property('kibana.alert.evaluation.threshold').eql([0.5]); - expect(resp.hits.hits[0]._source) - .property('kibana.alert.rule.parameters') - .eql({ - criteria: [ - { - comparator: '>', - threshold: [0.5], - timeSize: 5, - timeUnit: 'm', - metrics: [{ name: 'A', field: 'system.cpu.user.pct', aggType: 'avg' }], - }, - ], - alertOnNoData: true, - alertOnGroupDisappear: true, - searchConfiguration: { - index: MOCKED_AD_HOC_DATA_VIEW, - query: { query: '', language: 'kuery' }, - }, - }); - }); - - it('should set correct action variables', async () => { - const resp = await waitForDocumentInIndex({ - esClient, - indexName: ALERT_ACTION_INDEX, - retryService, - logger, - }); - - expect(resp.hits.hits[0]._source?.ruleType).eql('observability.rules.custom_threshold'); - expect(resp.hits.hits[0]._source?.alertDetailsUrl).eql( - `https://localhost:5601/app/observability/alerts/${alertId}` - ); - expect(resp.hits.hits[0]._source?.reason).eql( - `Average system.cpu.user.pct is 250%, above the threshold of 50%. (duration: 5 mins, data view: ${DATA_VIEW_NAME})` - ); - expect(resp.hits.hits[0]._source?.value).eql('250%'); - - const parsedViewInAppUrl = parseSearchParams( - new URL(resp.hits.hits[0]._source?.viewInAppUrl || '').search - ); - - expect(resp.hits.hits[0]._source?.viewInAppUrl).contain('LOGS_EXPLORER_LOCATOR'); - expect(omit(parsedViewInAppUrl.params, 'timeRange.from')).eql({ - dataset: DATA_VIEW_TITLE, - timeRange: { to: 'now' }, - query: { query: '', language: 'kuery' }, - filters: [], - }); - expect(parsedViewInAppUrl.params.timeRange.from).match(ISO_DATE_REGEX); - }); - }); - }); -} diff --git a/x-pack/test/alerting_api_integration/observability/index.ts b/x-pack/test/alerting_api_integration/observability/index.ts index 547c05a46bfcd..8b2f7b5b4c20e 100644 --- a/x-pack/test/alerting_api_integration/observability/index.ts +++ b/x-pack/test/alerting_api_integration/observability/index.ts @@ -10,7 +10,6 @@ export default function ({ loadTestFile }: any) { describe('Observability Rules', () => { describe('Rules Endpoints', () => { loadTestFile(require.resolve('./metric_threshold_rule')); - loadTestFile(require.resolve('./custom_threshold_rule/avg_pct_fired')); loadTestFile(require.resolve('./custom_threshold_rule/p99_pct_fired')); loadTestFile(require.resolve('./custom_threshold_rule/rate_bytes_fired')); loadTestFile(require.resolve('./custom_threshold_rule/avg_pct_no_data')); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/custom_threshold_rule/avg_pct_fired.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/avg_pct_fired.ts similarity index 88% rename from x-pack/test_serverless/api_integration/test_suites/observability/custom_threshold_rule/avg_pct_fired.ts rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/avg_pct_fired.ts index 358fabd7956ef..63530c98c26df 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/custom_threshold_rule/avg_pct_fired.ts +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/avg_pct_fired.ts @@ -5,33 +5,35 @@ * 2.0. */ +import expect from '@kbn/expect'; +import { omit } from 'lodash'; import { cleanup, generate, Dataset, PartialConfig } from '@kbn/data-forge'; import { Aggregators } from '@kbn/observability-plugin/common/custom_threshold_rule/types'; import { FIRED_ACTIONS_ID } from '@kbn/observability-plugin/server/lib/rules/custom_threshold/constants'; -import expect from '@kbn/expect'; import { OBSERVABILITY_THRESHOLD_RULE_TYPE_ID } from '@kbn/rule-data-utils'; import { parseSearchParams } from '@kbn/share-plugin/common/url_service'; -import { omit } from 'lodash'; import { COMPARATORS } from '@kbn/alerting-comparators'; import { kbnTestConfig } from '@kbn/test'; -import { FtrProviderContext } from '../../../ftr_provider_context'; +import type { InternalRequestHeader, RoleCredentials } from '@kbn/ftr-common-functional-services'; +import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context'; import { ISO_DATE_REGEX } from './constants'; -import { ActionDocument, LogsExplorerLocatorParsedParams } from './typings'; -import type { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import { ActionDocument, LogsExplorerLocatorParsedParams } from './types'; -export default function ({ getService }: FtrProviderContext) { +export default function ({ getService }: DeploymentAgnosticFtrProviderContext) { const esClient = getService('es'); - const supertest = getService('supertest'); + const samlAuth = getService('samlAuth'); + const supertestWithoutAuth = getService('supertestWithoutAuth'); const esDeleteAllIndices = getService('esDeleteAllIndices'); const alertingApi = getService('alertingApi'); const dataViewApi = getService('dataViewApi'); const logger = getService('log'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); let roleAuthc: RoleCredentials; let internalReqHeader: InternalRequestHeader; + const config = getService('config'); + const isServerless = config.get('serverless'); + const expectedConsumer = isServerless ? 'observability' : 'logs'; - describe('Custom Threshold rule - AVG - PCT - FIRED', () => { + describe('AVG - PCT - FIRED', () => { const CUSTOM_THRESHOLD_RULE_ALERT_INDEX = '.alerts-observability.threshold.alerts-default'; const ALERT_ACTION_INDEX = 'alert-action-threshold'; const DATA_VIEW_TITLE = 'kbn-data-forge-fake_hosts.fake_hosts-*'; @@ -44,8 +46,8 @@ export default function ({ getService }: FtrProviderContext) { let alertId: string; before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); + roleAuthc = await samlAuth.createM2mApiKeyWithRoleScope('admin'); + internalReqHeader = samlAuth.getInternalRequestHeader(); dataForgeConfig = { schedule: [ { @@ -71,12 +73,19 @@ export default function ({ getService }: FtrProviderContext) { name: DATA_VIEW_NAME, id: DATA_VIEW_ID, title: DATA_VIEW_TITLE, + roleAuthc, }); }); after(async () => { - await supertest.delete(`/api/alerting/rule/${ruleId}`).set(internalReqHeader); - await supertest.delete(`/api/actions/connector/${actionId}`).set(internalReqHeader); + await supertestWithoutAuth + .delete(`/api/alerting/rule/${ruleId}`) + .set(roleAuthc.apiKeyHeader) + .set(internalReqHeader); + await supertestWithoutAuth + .delete(`/api/actions/connector/${actionId}`) + .set(roleAuthc.apiKeyHeader) + .set(internalReqHeader); await esClient.deleteByQuery({ index: CUSTOM_THRESHOLD_RULE_ALERT_INDEX, query: { term: { 'kibana.alert.rule.uuid': ruleId } }, @@ -89,10 +98,11 @@ export default function ({ getService }: FtrProviderContext) { }); await dataViewApi.delete({ id: DATA_VIEW_ID, + roleAuthc, }); await esDeleteAllIndices([ALERT_ACTION_INDEX, ...dataForgeIndices]); await cleanup({ client: esClient, config: dataForgeConfig, logger }); - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + await samlAuth.invalidateM2mApiKeyWithRoleScope(roleAuthc); }); describe('Rule creation', () => { @@ -106,7 +116,7 @@ export default function ({ getService }: FtrProviderContext) { const createdRule = await alertingApi.createRule({ roleAuthc, tags: ['observability'], - consumer: 'observability', + consumer: expectedConsumer, name: 'Threshold rule', ruleTypeId: OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, params: { @@ -171,7 +181,7 @@ export default function ({ getService }: FtrProviderContext) { it('should find the created rule with correct information about the consumer', async () => { const match = await alertingApi.findInRules(roleAuthc, ruleId); expect(match).not.to.be(undefined); - expect(match.consumer).to.be('observability'); + expect(match.consumer).to.be(expectedConsumer); }); it('should set correct information in the alert document', async () => { @@ -185,7 +195,7 @@ export default function ({ getService }: FtrProviderContext) { 'kibana.alert.rule.category', 'Custom threshold' ); - expect(resp.hits.hits[0]._source).property('kibana.alert.rule.consumer', 'observability'); + expect(resp.hits.hits[0]._source).property('kibana.alert.rule.consumer', expectedConsumer); expect(resp.hits.hits[0]._source).property('kibana.alert.rule.name', 'Threshold rule'); expect(resp.hits.hits[0]._source).property('kibana.alert.rule.producer', 'observability'); expect(resp.hits.hits[0]._source).property('kibana.alert.rule.revision', 0); @@ -232,7 +242,7 @@ export default function ({ getService }: FtrProviderContext) { docCountTarget: 1, }); - const { protocol, hostname, port } = kbnTestConfig.getUrlParts(); + const { protocol, hostname, port } = kbnTestConfig.getUrlPartsWithStrippedDefaultPort(); expect(resp.hits.hits[0]._source?.ruleType).eql('observability.rules.custom_threshold'); expect(resp.hits.hits[0]._source?.alertDetailsUrl).eql( `${protocol}://${hostname}${port ? `:${port}` : ''}/app/observability/alerts/${alertId}` diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/constants.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/constants.ts new file mode 100644 index 0000000000000..5cf1e0b4d6614 --- /dev/null +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/constants.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const ISO_DATE_REGEX = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$/; diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/index.ts new file mode 100644 index 0000000000000..505cbba20eb7c --- /dev/null +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) { + describe('Custom Threshold rule', () => { + loadTestFile(require.resolve('./avg_pct_fired')); + }); +} diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/types.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/types.ts new file mode 100644 index 0000000000000..9002e9991292f --- /dev/null +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/custom_threshold/types.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Query, TimeRange } from '@kbn/es-query'; +import { SerializableRecord } from '@kbn/utility-types'; + +export interface ActionDocument { + ruleType: string; + alertDetailsUrl: string; + reason: string; + value: string; + viewInAppUrl: string; + host?: string; + group?: string; +} + +export interface LogsExplorerLocatorParsedParams extends SerializableRecord { + dataset: string; + timeRange: TimeRange; + query: Query; +} diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts index 9fa2f0531d325..e425aa1010a6d 100644 --- a/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts +++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts @@ -11,5 +11,6 @@ export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) describe('Observability Alerting', () => { loadTestFile(require.resolve('./burn_rate_rule')); loadTestFile(require.resolve('./es_query_rule')); + loadTestFile(require.resolve('./custom_threshold')); }); } diff --git a/x-pack/test/api_integration/deployment_agnostic/services/data_view_api.ts b/x-pack/test/api_integration/deployment_agnostic/services/data_view_api.ts index c22db40882b60..33e829d8c9e39 100644 --- a/x-pack/test/api_integration/deployment_agnostic/services/data_view_api.ts +++ b/x-pack/test/api_integration/deployment_agnostic/services/data_view_api.ts @@ -50,7 +50,7 @@ export function DataViewApiProvider({ getService }: DeploymentAgnosticFtrProvide async delete({ roleAuthc, id }: { roleAuthc: RoleCredentials; id: string }) { const { body } = await supertestWithoutAuth - .post(`/api/content_management/rpc/create`) + .post(`/api/content_management/rpc/delete`) .set(roleAuthc.apiKeyHeader) .set(samlAuth.getInternalRequestHeader()) .set(samlAuth.getCommonRequestHeader()) diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/custom_threshold_rule/index.ts b/x-pack/test_serverless/api_integration/test_suites/observability/custom_threshold_rule/index.ts index e8246cbe79809..01e91f1d5840b 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/custom_threshold_rule/index.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/custom_threshold_rule/index.ts @@ -9,7 +9,6 @@ import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Custom Threshold Rule', function () { - loadTestFile(require.resolve('./avg_pct_fired')); loadTestFile(require.resolve('./avg_pct_no_data')); loadTestFile(require.resolve('./documents_count_fired')); loadTestFile(require.resolve('./custom_eq_avg_bytes_fired')); From 6ae07b382dc134a50b854c56f61cbc78225acbd9 Mon Sep 17 00:00:00 2001 From: Gloria Hornero Date: Thu, 24 Oct 2024 12:46:30 +0200 Subject: [PATCH 22/99] [Security Solution] Removes unmaintained tests (#197408) ## Summary Deleting some tests that we don't maintain since we don't use the `test_serverless` folder for our serverless tests, in that way we'll prevent misunderstandings regarding ownership of it. --- .github/CODEOWNERS | 3 ++- .../test_suites/security/ftr/landing_page.ts | 25 ------------------- .../functional/test_suites/security/index.ts | 1 - 3 files changed, 2 insertions(+), 27 deletions(-) delete mode 100644 x-pack/test_serverless/functional/test_suites/security/ftr/landing_page.ts diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index eb96d1cfd1293..08f31b4e1fcf0 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1585,7 +1585,6 @@ x-pack/test/api_integration/apis/management/index_management/inference_endpoints /x-pack/test/functional/es_archives/auditbeat/hosts @elastic/security-solution /x-pack/test_serverless/functional/page_objects/svl_management_page.ts @elastic/security-solution /x-pack/test_serverless/api_integration/test_suites/security @elastic/security-solution -/x-pack/test_serverless/functional/page_objects/svl_sec_landing_page.ts @elastic/security-solution /x-pack/test_serverless/functional/test_suites/security/cypress @elastic/security-solution /x-pack/test_serverless/functional/test_suites/security/index.feature_flags.ts @elastic/security-solution @@ -1973,6 +1972,8 @@ packages/react @elastic/appex-sharedux test/functional/page_objects/solution_navigation.ts @elastic/appex-sharedux /x-pack/test_serverless/functional/page_objects/svl_common_navigation.ts @elastic/appex-sharedux /x-pack/test_serverless/functional/fixtures/kbn_archiver/reporting @elastic/appex-sharedux +/x-pack/test_serverless/functional/page_objects/svl_sec_landing_page.ts @elastic/appex-sharedux +/x-pack/test_serverless/functional/test_suites/security/ftr/navigation.ts @elastic/appex-sharedux # OpenAPI spec files oas_docs/.spectral.yaml @elastic/platform-docs diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/landing_page.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/landing_page.ts deleted file mode 100644 index 94c298601a83d..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/ftr/landing_page.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../ftr_provider_context'; - -export default function ({ getPageObject, getService }: FtrProviderContext) { - const svlSecLandingPage = getPageObject('svlSecLandingPage'); - const svlSecNavigation = getService('svlSecNavigation'); - const svlCommonPage = getPageObject('svlCommonPage'); - - describe('landing page', function () { - before(async () => { - await svlCommonPage.loginAsViewer(); - }); - - it('has serverless side nav', async () => { - await svlSecNavigation.navigateToLandingPage(); - await svlSecLandingPage.assertSvlSecSideNavExists(); - }); - }); -} diff --git a/x-pack/test_serverless/functional/test_suites/security/index.ts b/x-pack/test_serverless/functional/test_suites/security/index.ts index daa34ff0c1e73..833df2edb78cd 100644 --- a/x-pack/test_serverless/functional/test_suites/security/index.ts +++ b/x-pack/test_serverless/functional/test_suites/security/index.ts @@ -13,7 +13,6 @@ export default function ({ loadTestFile }: FtrProviderContext) { describe('serverless security UI', function () { this.tags(['esGate']); - loadTestFile(require.resolve('./ftr/landing_page')); loadTestFile(require.resolve('./ftr/navigation')); loadTestFile(require.resolve('./ftr/cases')); loadTestFile(require.resolve('./ftr/advanced_settings')); From 9aa67ef45596080f742166f1c63e2c8f9a44f100 Mon Sep 17 00:00:00 2001 From: James Gowdy Date: Thu, 24 Oct 2024 11:47:58 +0100 Subject: [PATCH 23/99] [ML] File upload fixing PDF character count limit (#197333) The default character limit for the attachment processor is 100000 characters. This limit is useful when previewing the contents of the file, but should not be applied when ingesting the file. This PR changes the ingest character limit to be unlimited (-1) for ingest and displays the character limit instead of the line limit for the document preview. ![image](https://github.com/user-attachments/assets/1c0cf324-a2b8-452c-b504-7c5b2935ba1c) --- .../file_contents/file_contents.tsx | 27 +++++++++++++------ .../tika_analyzer.ts | 2 ++ .../plugins/file_upload/common/constants.ts | 2 ++ x-pack/plugins/file_upload/common/index.ts | 2 ++ .../server/preview_tika_contents.ts | 2 ++ 5 files changed, 27 insertions(+), 8 deletions(-) diff --git a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_contents/file_contents.tsx b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_contents/file_contents.tsx index 412423a0ba0d8..e5dfe56065bad 100644 --- a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_contents/file_contents.tsx +++ b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_contents/file_contents.tsx @@ -18,9 +18,10 @@ import { EuiSwitch, } from '@elastic/eui'; -import type { FindFileStructureResponse } from '@kbn/file-upload-plugin/common'; +import { TIKA_PREVIEW_CHARS, type FindFileStructureResponse } from '@kbn/file-upload-plugin/common'; import useMountedState from 'react-use/lib/useMountedState'; import { i18n } from '@kbn/i18n'; +import { FILE_FORMATS } from '../../../../../common/constants'; import { EDITOR_MODE, JsonEditor } from '../json_editor'; import { useGrokHighlighter } from './use_text_parser'; import { LINE_LIMIT } from './grok_highlighter'; @@ -132,13 +133,23 @@ export const FileContents: FC = ({ - + {format === FILE_FORMATS.TIKA ? ( + + ) : ( + + )} diff --git a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_data_visualizer_view/tika_analyzer.ts b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_data_visualizer_view/tika_analyzer.ts index 181999b39f22d..aeaf9682b25a8 100644 --- a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_data_visualizer_view/tika_analyzer.ts +++ b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/components/file_data_visualizer_view/tika_analyzer.ts @@ -98,6 +98,8 @@ export async function analyzeTikaFile( attachment: { field: 'data', remove_binary: true, + // unlimited character count + indexed_chars: -1, }, }, ], diff --git a/x-pack/plugins/file_upload/common/constants.ts b/x-pack/plugins/file_upload/common/constants.ts index af0c3c07db6c8..991dccac56f04 100644 --- a/x-pack/plugins/file_upload/common/constants.ts +++ b/x-pack/plugins/file_upload/common/constants.ts @@ -23,3 +23,5 @@ export const FILE_FORMATS = { SEMI_STRUCTURED_TEXT: 'semi_structured_text', TIKA: 'tika', }; + +export const TIKA_PREVIEW_CHARS = 100000; diff --git a/x-pack/plugins/file_upload/common/index.ts b/x-pack/plugins/file_upload/common/index.ts index eb5fcdc6b1c00..a331eb67e9786 100644 --- a/x-pack/plugins/file_upload/common/index.ts +++ b/x-pack/plugins/file_upload/common/index.ts @@ -15,3 +15,5 @@ export type { InputOverrides, IngestPipeline, } from './types'; + +export { TIKA_PREVIEW_CHARS } from './constants'; diff --git a/x-pack/plugins/file_upload/server/preview_tika_contents.ts b/x-pack/plugins/file_upload/server/preview_tika_contents.ts index f99a070d90414..c2f9f5a219243 100644 --- a/x-pack/plugins/file_upload/server/preview_tika_contents.ts +++ b/x-pack/plugins/file_upload/server/preview_tika_contents.ts @@ -7,6 +7,7 @@ import type { IScopedClusterClient } from '@kbn/core/server'; import type { PreviewTikaResponse } from '../common/types'; +import { TIKA_PREVIEW_CHARS } from '../common/constants'; /** * Returns the contents of a file using the attachment ingest processor @@ -24,6 +25,7 @@ export async function previewTikaContents( attachment: { field: 'data', remove_binary: true, + indexed_chars: TIKA_PREVIEW_CHARS, }, }, ], From 26ec293f07a990930c4caf9765d79882723dbfa6 Mon Sep 17 00:00:00 2001 From: Sander Philipse <94373878+sphilipse@users.noreply.github.com> Date: Thu, 24 Oct 2024 13:13:43 +0200 Subject: [PATCH 24/99] [AI Assistant] Set scope and rename to Observability and Search (#196322) ## Summary This renames the Observability AI Assistant in some places to AI Assistant for Observability and Search. It also makes the scope multi-valued on both sides. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- docs/developer/plugin-list.asciidoc | 2 +- .../ai_assistant_selection_page.tsx | 2 +- .../selection/server/plugin.ts | 6 +- .../src/utils/filter_scopes.ts | 10 +- .../src/conversation/conversation_view.tsx | 11 +- .../__storybook_mocks__/use_conversation.ts | 2 +- .../kbn-ai-assistant/src/hooks/index.ts | 2 +- .../src/hooks/use_conversation.test.tsx | 6 +- .../src/hooks/use_conversation.ts | 6 +- .../src/hooks/{use_scope.ts => use_scopes.ts} | 6 +- .../src/utils/create_mock_chat_service.ts | 2 +- .../get_apm_dataset_info.ts | 3 +- .../get_apm_downstream_dependencies.ts | 3 +- .../get_apm_services_list.ts | 3 +- .../assistant_functions/get_apm_timeseries.ts | 3 +- .../apm/server/assistant_functions/index.ts | 5 +- .../common/functions/types.ts | 2 - .../public/components/insight/insight.tsx | 4 +- .../public/hooks/use_chat.test.ts | 6 +- .../public/hooks/use_chat.ts | 8 +- .../public/mock.tsx | 8 +- .../public/plugin.tsx | 2 +- .../public/service/complete.test.ts | 2 +- .../public/service/complete.ts | 6 +- .../service/create_chat_service.test.ts | 6 +- .../public/service/create_chat_service.ts | 43 ++- .../service/create_mock_chat_service.ts | 2 +- .../public/service/create_service.ts | 24 +- .../public/storybook_mock.tsx | 10 +- .../public/types.ts | 14 +- .../server/functions/context.ts | 3 +- .../server/functions/elasticsearch.ts | 3 +- .../server/functions/execute_connector.ts | 3 +- .../functions/get_dataset_info/index.ts | 3 +- .../server/functions/index.ts | 100 ++++--- .../server/functions/kibana.ts | 3 +- .../server/functions/summarize.ts | 3 +- .../server/routes/chat/route.ts | 16 +- .../server/routes/functions/route.ts | 15 +- .../chat_function_client/index.test.ts | 3 +- .../service/chat_function_client/index.ts | 21 +- .../server/service/client/index.test.ts | 2 +- .../server/service/client/index.ts | 7 +- .../client/operators/continue_conversation.ts | 11 +- .../server/service/index.ts | 9 +- .../server/service/types.ts | 16 +- .../observability_ai_assistant/tsconfig.json | 2 +- .../public/hooks/use_nav_control_scope.ts | 15 +- .../conversation_view_with_props.tsx | 1 + .../scripts/evaluation/evaluation.ts | 2 +- .../scripts/evaluation/kibana_client.ts | 8 +- .../server/functions/alerts.ts | 263 +++++++++--------- .../server/functions/changes/index.ts | 216 +++++++------- .../server/functions/lens.ts | 14 +- .../server/functions/query/index.ts | 8 +- .../server/functions/visualize_esql.ts | 3 +- .../server/rule_connector/index.ts | 5 +- .../README.md | 2 +- .../public/app.tsx | 2 +- .../public/plugin.ts | 4 +- .../routes/components/settings_page.tsx | 2 +- .../components/settings_tab/settings_tab.tsx | 2 +- .../tsconfig.json | 2 +- .../conversation_view_with_props.tsx | 2 +- .../server/functions/index.ts | 15 +- .../serverless_observability/public/plugin.ts | 2 +- .../tests/chat/chat.spec.ts | 6 +- .../tests/complete/complete.spec.ts | 8 +- .../tests/complete/functions/helpers.ts | 6 +- .../knowledge_base_user_instructions.spec.ts | 2 +- .../ai_assistant/tests/chat/chat.spec.ts | 6 +- .../tests/complete/complete.spec.ts | 8 +- .../tests/complete/functions/helpers.ts | 6 +- .../knowledge_base_user_instructions.spec.ts | 2 +- 74 files changed, 523 insertions(+), 518 deletions(-) rename x-pack/packages/kbn-ai-assistant/src/hooks/{use_scope.ts => use_scopes.ts} (79%) diff --git a/docs/developer/plugin-list.asciidoc b/docs/developer/plugin-list.asciidoc index a99e030a4adc1..b6ba24df78976 100644 --- a/docs/developer/plugin-list.asciidoc +++ b/docs/developer/plugin-list.asciidoc @@ -744,7 +744,7 @@ Elastic. |{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/observability_ai_assistant_management/README.md[observabilityAiAssistantManagement] -|The observabilityAiAssistantManagement plugin manages the Ai Assistant for Observability management section. +|The observabilityAiAssistantManagement plugin manages the Ai Assistant for Observability and Search management section. |{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/observability_logs_explorer/README.md[observabilityLogsExplorer] diff --git a/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx b/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx index 5ff10f3b2c4ba..c4a537042f605 100644 --- a/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx +++ b/src/plugins/ai_assistant_management/selection/public/routes/components/ai_assistant_selection_page.tsx @@ -139,7 +139,7 @@ export function AiAssistantSelectionPage() { isDisabled={!observabilityAIAssistantEnabled} title={i18n.translate( 'aiAssistantManagementSelection.aiAssistantSelectionPage.observabilityLabel', - { defaultMessage: 'Elastic AI Assistant for Observability' } + { defaultMessage: 'Elastic AI Assistant for Observability and Search' } )} titleSize="xs" /> diff --git a/src/plugins/ai_assistant_management/selection/server/plugin.ts b/src/plugins/ai_assistant_management/selection/server/plugin.ts index a8175f2f0bce8..4b74b55e571ab 100644 --- a/src/plugins/ai_assistant_management/selection/server/plugin.ts +++ b/src/plugins/ai_assistant_management/selection/server/plugin.ts @@ -50,7 +50,7 @@ export class AIAssistantManagementSelectionPlugin core.uiSettings.register({ [PREFERRED_AI_ASSISTANT_TYPE_SETTING_KEY]: { name: i18n.translate('aiAssistantManagementSelection.preferredAIAssistantTypeSettingName', { - defaultMessage: 'Observability AI Assistant scope', + defaultMessage: 'AI Assistant for Observability and Search visibility', }), category: [DEFAULT_APP_CATEGORIES.observability.id], value: this.config.preferredAIAssistantType, @@ -58,7 +58,7 @@ export class AIAssistantManagementSelectionPlugin 'aiAssistantManagementSelection.preferredAIAssistantTypeSettingDescription', { defaultMessage: - '[technical preview] Whether to show the Observability AI Assistant menu item in Observability, everywhere, or nowhere.', + '[technical preview] Whether to show the AI Assistant menu item in Observability and Search, everywhere, or nowhere.', values: { em: (chunks) => `${chunks}`, }, @@ -77,7 +77,7 @@ export class AIAssistantManagementSelectionPlugin optionLabels: { [AIAssistantType.Default]: i18n.translate( 'aiAssistantManagementSelection.preferredAIAssistantTypeSettingValueDefault', - { defaultMessage: 'Observability only (default)' } + { defaultMessage: 'Observability and Search only (default)' } ), [AIAssistantType.Observability]: i18n.translate( 'aiAssistantManagementSelection.preferredAIAssistantTypeSettingValueObservability', diff --git a/x-pack/packages/kbn-ai-assistant-common/src/utils/filter_scopes.ts b/x-pack/packages/kbn-ai-assistant-common/src/utils/filter_scopes.ts index ff8f627b10dac..03c3aae1dbd0c 100644 --- a/x-pack/packages/kbn-ai-assistant-common/src/utils/filter_scopes.ts +++ b/x-pack/packages/kbn-ai-assistant-common/src/utils/filter_scopes.ts @@ -7,11 +7,15 @@ import type { AssistantScope } from '../types'; -export function filterScopes(scope?: AssistantScope) { +export function filterScopes( + scopeFilters?: AssistantScope[] +) { return function (value: T): boolean { - if (!scope || !value) { + if (!scopeFilters || !value) { return true; } - return value?.scopes ? value.scopes.includes(scope) || value.scopes.includes('all') : true; + return value?.scopes + ? value.scopes.some((scope) => [...scopeFilters, 'all'].includes(scope)) + : true; }; } diff --git a/x-pack/packages/kbn-ai-assistant/src/conversation/conversation_view.tsx b/x-pack/packages/kbn-ai-assistant/src/conversation/conversation_view.tsx index b7d5831e14f94..fe71a9585dd1e 100644 --- a/x-pack/packages/kbn-ai-assistant/src/conversation/conversation_view.tsx +++ b/x-pack/packages/kbn-ai-assistant/src/conversation/conversation_view.tsx @@ -10,6 +10,7 @@ import { euiThemeVars } from '@kbn/ui-theme'; import React, { useEffect, useState } from 'react'; import ReactDOM from 'react-dom'; import type { AssistantScope } from '@kbn/ai-assistant-common'; +import { isEqual } from 'lodash'; import { useKibana } from '../hooks/use_kibana'; import { ConversationList, ChatBody, ChatInlineEditingContent } from '../chat'; import { useConversationKey } from '../hooks/use_conversation_key'; @@ -27,7 +28,7 @@ interface ConversationViewProps { navigateToConversation: (nextConversationId?: string) => void; getConversationHref?: (conversationId: string) => string; newConversationHref?: string; - scope?: AssistantScope; + scopes?: AssistantScope[]; } export const ConversationView: React.FC = ({ @@ -35,7 +36,7 @@ export const ConversationView: React.FC = ({ navigateToConversation, getConversationHref, newConversationHref, - scope, + scopes, }) => { const { euiTheme } = useEuiTheme(); @@ -61,10 +62,10 @@ export const ConversationView: React.FC = ({ ); useEffect(() => { - if (scope) { - service.setScope(scope); + if (scopes && !isEqual(scopes, service.getScopes())) { + service.setScopes(scopes); } - }, [scope, service]); + }, [scopes, service]); const { key: bodyKey, updateConversationIdInPlace } = useConversationKey(conversationId); diff --git a/x-pack/packages/kbn-ai-assistant/src/hooks/__storybook_mocks__/use_conversation.ts b/x-pack/packages/kbn-ai-assistant/src/hooks/__storybook_mocks__/use_conversation.ts index 8bc8f54e9ac8d..a619164517e29 100644 --- a/x-pack/packages/kbn-ai-assistant/src/hooks/__storybook_mocks__/use_conversation.ts +++ b/x-pack/packages/kbn-ai-assistant/src/hooks/__storybook_mocks__/use_conversation.ts @@ -15,6 +15,6 @@ export function useConversation() { stop: () => {}, messages: [], saveTitle: () => {}, - scope: 'all', + scopes: ['all'], }; } diff --git a/x-pack/packages/kbn-ai-assistant/src/hooks/index.ts b/x-pack/packages/kbn-ai-assistant/src/hooks/index.ts index 41bb8a4906c11..ddfa6c415140a 100644 --- a/x-pack/packages/kbn-ai-assistant/src/hooks/index.ts +++ b/x-pack/packages/kbn-ai-assistant/src/hooks/index.ts @@ -8,4 +8,4 @@ export * from './use_ai_assistant_app_service'; export * from './use_ai_assistant_chat_service'; export * from './use_knowledge_base'; -export * from './use_scope'; +export * from './use_scopes'; diff --git a/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.test.tsx b/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.test.tsx index 02c6018a4216c..dffca3addd34e 100644 --- a/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.test.tsx +++ b/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.test.tsx @@ -55,9 +55,9 @@ const mockService: MockedService = { predefinedConversation$: new Observable(), }, navigate: jest.fn().mockReturnValue(of()), - scope$: new BehaviorSubject('all') as MockedService['scope$'], - setScope: jest.fn(), - getScope: jest.fn(), + scope$: new BehaviorSubject(['all']) as MockedService['scope$'], + setScopes: jest.fn(), + getScopes: jest.fn(), }; const mockChatService = createMockChatService(); diff --git a/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.ts b/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.ts index b40507a09719e..d65fa19991334 100644 --- a/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.ts +++ b/x-pack/packages/kbn-ai-assistant/src/hooks/use_conversation.ts @@ -20,7 +20,7 @@ import { useAIAssistantAppService } from './use_ai_assistant_app_service'; import { useKibana } from './use_kibana'; import { useOnce } from './use_once'; import { useAbortableAsync } from './use_abortable_async'; -import { useScope } from './use_scope'; +import { useScopes } from './use_scopes'; function createNewConversation({ title = EMPTY_CONVERSATION_TITLE, @@ -62,7 +62,7 @@ export function useConversation({ onConversationUpdate, }: UseConversationProps): UseConversationResult { const service = useAIAssistantAppService(); - const scope = useScope(); + const scopes = useScopes(); const { services: { @@ -122,7 +122,7 @@ export function useConversation({ onConversationUpdate?.({ conversation: event.conversation }); }, persist: true, - scope, + scopes, }); const [displayedConversationId, setDisplayedConversationId] = useState(initialConversationId); diff --git a/x-pack/packages/kbn-ai-assistant/src/hooks/use_scope.ts b/x-pack/packages/kbn-ai-assistant/src/hooks/use_scopes.ts similarity index 79% rename from x-pack/packages/kbn-ai-assistant/src/hooks/use_scope.ts rename to x-pack/packages/kbn-ai-assistant/src/hooks/use_scopes.ts index ed752e5011293..0a8bdeed3c823 100644 --- a/x-pack/packages/kbn-ai-assistant/src/hooks/use_scope.ts +++ b/x-pack/packages/kbn-ai-assistant/src/hooks/use_scopes.ts @@ -8,8 +8,8 @@ import { useObservable } from 'react-use/lib'; import { useAIAssistantAppService } from './use_ai_assistant_app_service'; -export const useScope = () => { +export const useScopes = () => { const service = useAIAssistantAppService(); - const scope = useObservable(service.scope$); - return scope || 'all'; + const scopes = useObservable(service.scope$); + return scopes || ['all']; }; diff --git a/x-pack/packages/kbn-ai-assistant/src/utils/create_mock_chat_service.ts b/x-pack/packages/kbn-ai-assistant/src/utils/create_mock_chat_service.ts index d7c332dc042d3..7913b3ce78957 100644 --- a/x-pack/packages/kbn-ai-assistant/src/utils/create_mock_chat_service.ts +++ b/x-pack/packages/kbn-ai-assistant/src/utils/create_mock_chat_service.ts @@ -32,7 +32,7 @@ export const createMockChatService = (): MockedChatService => { content: '', }, }), - getScope: jest.fn(), + getScopes: jest.fn(), }; return mockChatService; }; diff --git a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_dataset_info.ts b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_dataset_info.ts index a27bdcc3dc813..72fb4c8c7d200 100644 --- a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_dataset_info.ts +++ b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_dataset_info.ts @@ -164,7 +164,6 @@ export function registerGetApmDatasetInfoFunction({ `, }, }; - }, - ['observability'] + } ); } diff --git a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_downstream_dependencies.ts b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_downstream_dependencies.ts index 8a95fe9c89869..478c96e77e568 100644 --- a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_downstream_dependencies.ts +++ b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_downstream_dependencies.ts @@ -67,7 +67,6 @@ export function registerGetApmDownstreamDependenciesFunction({ randomSampler, }), }; - }, - ['observability'] + } ); } diff --git a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_services_list.ts b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_services_list.ts index f768c30d8af21..b24c24425b413 100644 --- a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_services_list.ts +++ b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_services_list.ts @@ -84,7 +84,6 @@ export function registerGetApmServicesListFunction({ arguments: args, }), }; - }, - ['observability'] + } ); } diff --git a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_timeseries.ts b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_timeseries.ts index dc9152d268adb..63bdbd422c658 100644 --- a/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_timeseries.ts +++ b/x-pack/plugins/observability_solution/apm/server/assistant_functions/get_apm_timeseries.ts @@ -138,8 +138,7 @@ export function registerGetApmTimeseriesFunction({ content: timeseries.map((series): Omit => omit(series, 'data')), data: timeseries, }; - }, - ['observability'] + } ); } diff --git a/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts b/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts index 816f1e17e0499..6a65e6126ff22 100644 --- a/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts +++ b/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts @@ -49,7 +49,10 @@ export function registerAssistantFunctions({ ruleDataClient: IRuleDataClient; plugins: APMRouteHandlerResources['plugins']; }): RegistrationCallback { - return async ({ resources, functions: { registerFunction } }) => { + return async ({ resources, functions: { registerFunction }, scopes }) => { + if (!scopes.includes('observability')) { + return; + } const apmRouteHandlerResources: MinimalAPMRouteHandlerResources = { context: resources.context, request: resources.request, diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/common/functions/types.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/common/functions/types.ts index 5b93005a7fc26..bd786e9ba3c75 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/common/functions/types.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/common/functions/types.ts @@ -6,7 +6,6 @@ */ import type { JSONSchema7TypeName } from 'json-schema'; import type { Observable } from 'rxjs'; -import type { AssistantScope } from '@kbn/ai-assistant-common'; import { ChatCompletionChunkEvent, MessageAddEvent } from '../conversation_complete'; import { FunctionVisibility } from './function_visibility'; export { FunctionVisibility }; @@ -42,7 +41,6 @@ export interface FunctionDefinition; diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight.tsx index 08bf1414b15b5..562749f24cc9d 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight.tsx @@ -56,7 +56,7 @@ function ChatContent({ }) { const service = useObservabilityAIAssistant(); const chatService = useObservabilityAIAssistantChatService(); - const scope = chatService.getScope(); + const scopes = chatService.getScopes(); const initialMessagesRef = useRef(initialMessages); @@ -69,7 +69,7 @@ function ChatContent({ initialMessages, persist: false, disableFunctions: true, - scope, + scopes, }); const lastAssistantResponse = getLastMessageOfType( diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.test.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.test.ts index 28e2a3709a355..e21eda9e09c66 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.test.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.test.ts @@ -39,7 +39,7 @@ const mockChatService: MockedChatService = { role: MessageRole.System, }, }), - getScope: jest.fn(), + getScopes: jest.fn(), }; const addErrorMock = jest.fn(); @@ -83,7 +83,7 @@ describe('useChat', () => { service: { getScreenContexts: () => [], } as unknown as ObservabilityAIAssistantService, - scope: 'observability', + scopes: ['observability'], } as UseChatProps, }); }); @@ -113,7 +113,7 @@ describe('useChat', () => { service: { getScreenContexts: () => [], } as unknown as ObservabilityAIAssistantService, - scope: 'observability', + scopes: ['observability'], } as UseChatProps, }); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.ts index 48884664ec646..86aeb8f519e87 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/hooks/use_chat.ts @@ -56,7 +56,7 @@ interface UseChatPropsWithoutContext { disableFunctions?: boolean; onConversationUpdate?: (event: ConversationCreateEvent | ConversationUpdateEvent) => void; onChatComplete?: (messages: Message[]) => void; - scope: AssistantScope; + scopes: AssistantScope[]; } export type UseChatProps = Omit; @@ -72,7 +72,7 @@ function useChatWithoutContext({ onChatComplete, persist, disableFunctions, - scope, + scopes, }: UseChatPropsWithoutContext): UseChatResult { const [chatState, setChatState] = useState(ChatState.Ready); const systemMessage = useMemo(() => { @@ -165,7 +165,7 @@ function useChatWithoutContext({ disableFunctions: disableFunctions ?? false, signal: abortControllerRef.current.signal, conversationId, - scope, + scopes, }); function getPendingMessages() { @@ -264,7 +264,7 @@ function useChatWithoutContext({ disableFunctions, service, systemMessage, - scope, + scopes, ] ); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/mock.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant/public/mock.tsx index 0731f26476da3..7be61a65e263d 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/mock.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/mock.tsx @@ -47,7 +47,7 @@ export const mockChatService: ObservabilityAIAssistantChatService = { content: 'System', }, }), - getScope: jest.fn(), + getScopes: jest.fn(), }; export const mockService: ObservabilityAIAssistantService = { @@ -64,9 +64,9 @@ export const mockService: ObservabilityAIAssistantService = { predefinedConversation$: new Observable(), }, navigate: async () => of(), - setScope: jest.fn(), - getScope: jest.fn(), - scope$: new BehaviorSubject('all'), + setScopes: jest.fn(), + getScopes: jest.fn(), + scope$: new BehaviorSubject(['all']), }; function createSetupContract(): ObservabilityAIAssistantPublicSetup { diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/plugin.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant/public/plugin.tsx index cb9cc7d941147..2753b750dc288 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/plugin.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/plugin.tsx @@ -67,7 +67,7 @@ export class ObservabilityAIAssistantPlugin coreStart.application.capabilities.observabilityAIAssistant[ aiAssistantCapabilities.show ] === true, - scope: this.scopeFromConfig || 'observability', + scopes: this.scopeFromConfig ? [this.scopeFromConfig] : ['all'], scopeIsMutable: !!this.scopeFromConfig, })); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.test.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.test.ts index 9d8338f2d3892..dd69c8e309989 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.test.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.test.ts @@ -102,7 +102,7 @@ describe('complete', () => { disableFunctions: false, signal: new AbortController().signal, ...params, - scope: 'all', + scopes: ['all'], }, requestCallback ); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.ts index 6e03683b44064..6cc08054e67a3 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/complete.ts @@ -43,7 +43,7 @@ export function complete( disableFunctions, signal, instructions, - scope, + scopes, }: { client: Pick; getScreenContexts: () => ObservabilityAIAssistantScreenContext[]; @@ -66,7 +66,7 @@ export function complete( screenContexts, conversationId, instructions, - scope, + scopes, }, }, }).pipe(shareReplay()); @@ -133,7 +133,7 @@ export function complete( persist, disableFunctions, instructions, - scope, + scopes, }, requestCallback ).subscribe(subscriber); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.test.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.test.ts index 05e0a89c4b7ad..f059196f2e681 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.test.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.test.ts @@ -56,7 +56,7 @@ describe('createChatService', () => { } beforeEach(async () => { - clientSpy.mockImplementationOnce(async () => { + clientSpy.mockImplementation(async () => { return { functionDefinitions: [], contextDefinitions: [], @@ -71,7 +71,7 @@ describe('createChatService', () => { apiClient: clientSpy, registrations: [], signal: new AbortController().signal, - scope$: new BehaviorSubject('observability'), + scope$: new BehaviorSubject(['observability']), }); }); @@ -85,7 +85,7 @@ describe('createChatService', () => { signal, messages: [], connectorId: '', - scope: 'observability', + scopes: ['observability'], }); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.ts index 04520cb70a588..e3ccb38319896 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.ts @@ -144,7 +144,7 @@ class ChatService { private renderFunctionRegistry: Map>; private abortSignal: AbortSignal; private apiClient: ObservabilityAIAssistantAPIClient; - public scope$: BehaviorSubject; + public scope$: BehaviorSubject; private analytics: AnalyticsServiceStart; private registrations: ChatRegistrationRenderFunction[]; private systemMessage: string; @@ -159,7 +159,7 @@ class ChatService { }: { abortSignal: AbortSignal; apiClient: ObservabilityAIAssistantAPIClient; - scope$: BehaviorSubject; + scope$: BehaviorSubject; analytics: AnalyticsServiceStart; registrations: ChatRegistrationRenderFunction[]; }) { @@ -186,15 +186,21 @@ class ChatService { async initialize() { this.functionRegistry = new Map(); - const [{ functionDefinitions, systemMessage }] = await Promise.all([ - this.apiClient('GET /internal/observability_ai_assistant/{scope}/functions', { - signal: this.abortSignal, - params: { - path: { - scope: this.getScope(), - }, + const systemMessages: string[] = []; + const scopePromise = this.apiClient('GET /internal/observability_ai_assistant/functions', { + signal: this.abortSignal, + params: { + query: { + scopes: this.getScopes(), }, - }), + }, + }).then(({ functionDefinitions, systemMessage }) => { + functionDefinitions.forEach((fn) => this.functionRegistry.set(fn.name, fn)); + systemMessages.push(systemMessage); + }); + + await Promise.all([ + scopePromise, ...this.registrations.map((registration) => { return registration({ registerRenderFunction: (name, renderFn) => { @@ -204,10 +210,7 @@ class ChatService { }), ]); - functionDefinitions.forEach((fn) => { - this.functionRegistry.set(fn.name, fn); - }); - this.systemMessage = systemMessage; + this.systemMessage = systemMessages.join('\n'); this.functions$.next(this.getFunctions()); } @@ -249,10 +252,6 @@ class ChatService { return filterFunctionDefinitions({ ...options, definitions: Array.from(this.functionRegistry.values()), - }).filter((value) => { - return value.scopes - ? value.scopes?.includes(this.getScope()) || value.scopes?.includes('all') - : true; }); }; @@ -301,7 +300,7 @@ class ChatService { connectorId, functionCall, functions: functions ?? [], - scope: this.getScope(), + scopes: this.getScopes(), }, }, signal, @@ -334,7 +333,7 @@ class ChatService { signal, client: this.getClient(), instructions, - scope: this.getScope(), + scopes: this.getScopes(), }, ({ params }) => { return this.callStreamingApi('POST /internal/observability_ai_assistant/chat/complete', { @@ -345,7 +344,7 @@ class ChatService { ); }; - public getScope() { + public getScopes() { return this.scope$.value; } } @@ -361,7 +360,7 @@ export async function createChatService({ signal: AbortSignal; registrations: ChatRegistrationRenderFunction[]; apiClient: ObservabilityAIAssistantAPIClient; - scope$: BehaviorSubject; + scope$: BehaviorSubject; }): Promise { return new ChatService({ analytics, diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_mock_chat_service.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_mock_chat_service.ts index 9af669242e436..0559d65a14a81 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_mock_chat_service.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_mock_chat_service.ts @@ -29,7 +29,7 @@ export const createMockChatService = (): MockedChatService => { content: 'system', }, }), - getScope: jest.fn(), + getScopes: jest.fn(), }; return mockChatService; }; diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_service.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_service.ts index 22d1b9c792f7f..07f967a4028d9 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_service.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_service.ts @@ -20,13 +20,13 @@ export function createService({ analytics, coreStart, enabled, - scope, + scopes, scopeIsMutable, }: { analytics: AnalyticsServiceStart; coreStart: CoreStart; enabled: boolean; - scope: AssistantScope; + scopes: [AssistantScope]; scopeIsMutable: boolean; }): ObservabilityAIAssistantService { const apiClient = createCallObservabilityAIAssistantAPI(coreStart); @@ -38,13 +38,13 @@ export function createService({ ]); const predefinedConversation$ = new Subject<{ messages: Message[]; title?: string }>(); - const scope$ = new BehaviorSubject(scope); + const scope$ = new BehaviorSubject(scopes); const getScreenContexts = () => { - const currentScope = scope$.value; + const currentScopes = scope$.value; const screenContexts = screenContexts$.value.map(({ starterPrompts, ...rest }) => ({ ...rest, - starterPrompts: starterPrompts?.filter(filterScopes(currentScope)), + starterPrompts: starterPrompts?.filter(filterScopes(currentScopes)), })); return screenContexts; }; @@ -58,7 +58,13 @@ export function createService({ }, start: async ({ signal }) => { const mod = await import('./create_chat_service'); - return await mod.createChatService({ analytics, apiClient, signal, registrations, scope$ }); + return await mod.createChatService({ + analytics, + apiClient, + signal, + registrations, + scope$, + }); }, callApi: apiClient, getScreenContexts, @@ -103,12 +109,12 @@ export function createService({ }, predefinedConversation$: predefinedConversation$.asObservable(), }, - setScope: (newScope: AssistantScope) => { + setScopes: (newScopes: AssistantScope[]) => { if (!scopeIsMutable) { - scope$.next(newScope); + scope$.next(newScopes); } }, - getScope: () => scope$.value, + getScopes: () => scope$.value, scope$, }; } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/storybook_mock.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant/public/storybook_mock.tsx index 19d51bf4c66d1..004ad25aa4a86 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/storybook_mock.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/storybook_mock.tsx @@ -40,7 +40,7 @@ export const createStorybookChatService = (): ObservabilityAIAssistantChatServic functions$: new BehaviorSubject( [] ) as ObservabilityAIAssistantChatService['functions$'], - getScope: () => 'all', + getScopes: () => ['all'], }); export const createStorybookService = (): ObservabilityAIAssistantService => ({ @@ -57,7 +57,9 @@ export const createStorybookService = (): ObservabilityAIAssistantService => ({ predefinedConversation$: new Observable(), }, navigate: async () => of(), - scope$: new BehaviorSubject('all') as ObservabilityAIAssistantService['scope$'], - getScope: () => 'all', - setScope: () => {}, + scope$: new BehaviorSubject([ + 'all', + ]) as ObservabilityAIAssistantService['scope$'], + getScopes: () => ['all'], + setScopes: () => {}, }); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/types.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/public/types.ts index b13d81faa3a3b..becc21f59c5f4 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/types.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/types.ts @@ -54,7 +54,7 @@ export interface ObservabilityAIAssistantChatService { functions?: Array>; functionCall?: string; signal: AbortSignal; - scope: AssistantScope; + scopes: AssistantScope[]; } ) => Observable; complete: (options: { @@ -70,12 +70,12 @@ export interface ObservabilityAIAssistantChatService { }; signal: AbortSignal; instructions?: AdHocInstruction[]; - scope: AssistantScope; + scopes: AssistantScope[]; }) => Observable; getFunctions: (options?: { contexts?: string[]; filter?: string; - scope: AssistantScope; + scopes: AssistantScope[]; }) => FunctionDefinition[]; functions$: BehaviorSubject; hasFunction: (name: string) => boolean; @@ -87,7 +87,7 @@ export interface ObservabilityAIAssistantChatService { response: { data?: string; content?: string }, onActionClick: ChatActionClickHandler ) => React.ReactNode; - getScope: () => AssistantScope; + getScopes: () => AssistantScope[]; } export interface ObservabilityAIAssistantConversationService { @@ -104,9 +104,9 @@ export interface ObservabilityAIAssistantService { getScreenContexts: () => ObservabilityAIAssistantScreenContext[]; conversations: ObservabilityAIAssistantConversationService; navigate: (callback: () => void) => Promise>; - scope$: BehaviorSubject; - setScope: (scope: AssistantScope) => void; - getScope: () => AssistantScope; + scope$: BehaviorSubject; + setScopes: (scope: AssistantScope[]) => void; + getScopes: () => AssistantScope[]; } export type RenderFunction = (options: { diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/context.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/context.ts index 61448d297e4d3..fd57968617187 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/context.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/context.ts @@ -115,7 +115,6 @@ export function registerContextFunction({ subscriber.complete(); }); }); - }, - ['all'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts index 71a0cfa4bbde0..6008b53dd42c5 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts @@ -48,7 +48,6 @@ export function registerElasticsearchFunction({ }); return { content: { response } }; - }, - ['all'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts index bfe04cb56e8cf..0088e35a6f6af 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts @@ -38,7 +38,6 @@ export function registerExecuteConnectorFunction({ ).getActionsClientWithRequest(resources.request); const content = await actionsClient.execute({ actionId: id, params }); return { content }; - }, - ['all'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts index 9b20d364ef7d9..57cac3a4e0c0f 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts @@ -94,7 +94,6 @@ export function registerGetDatasetInfoFunction({ stats: relevantFieldNames.stats, }, }; - }, - ['all'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/index.ts index a5333ee1a7ffc..0313d29d3b209 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/index.ts @@ -28,20 +28,47 @@ export const registerFunctions: RegistrationCallback = async ({ functions, resources, signal, + scopes, }) => { const registrationParameters: FunctionRegistrationParameters = { client, functions, resources, signal, + scopes, }; const isServerless = !!resources.plugins.serverless; + if (scopes.includes('observability')) { + functions.registerInstruction(`You are a helpful assistant for Elastic Observability. Your goal is to help the Elastic Observability users to quickly assess what is happening in their observed systems. You can help them visualise and analyze data, investigate their systems, perform root cause analysis or identify optimisation opportunities. - functions.registerInstruction({ - instruction: `You are a helpful assistant for Elastic Observability. Your goal is to help the Elastic Observability users to quickly assess what is happening in their observed systems. You can help them visualise and analyze data, investigate their systems, perform root cause analysis or identify optimisation opportunities. + It's very important to not assume what the user is meaning. Ask them for clarification if needed. - It's very important to not assume what the user is meaning. Ask them for clarification if needed. + If you are unsure about which function should be used and with what arguments, ask the user for clarification or confirmation. + + In KQL ("kqlFilter")) escaping happens with double quotes, not single quotes. Some characters that need escaping are: ':()\\\ + /\". Always put a field value in double quotes. Best: service.name:\"opbeans-go\". Wrong: service.name:opbeans-go. This is very important! + + You can use Github-flavored Markdown in your responses. If a function returns an array, consider using a Markdown table to format the response. + + Note that ES|QL (the Elasticsearch Query Language which is a new piped language) is the preferred query language. + + If you want to call a function or tool, only call it a single time per message. Wait until the function has been executed and its results + returned to you, before executing the same tool or another tool again if needed. + + DO NOT UNDER ANY CIRCUMSTANCES USE ES|QL syntax (\`service.name == "foo"\`) with "kqlFilter" (\`service.name:"foo"\`). + + The user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability and Search, which can be found in the ${ + isServerless ? `Project settings.` : `Stack Management app under the option AI Assistants` + }. + If the user asks how to change the language, reply in the same language the user asked in.`); + } + + if (scopes.length === 0 || (scopes.length === 1 && scopes[0] === 'all')) { + functions.registerInstruction( + `You are a helpful assistant for Elasticsearch. Your goal is to help Elasticsearch users accomplish tasks using Kibana and Elasticsearch. You can help them construct queries, index data, search data, use Elasticsearch APIs, generate sample data, visualise and analyze data. + + It's very important to not assume what the user means. Ask them for clarification if needed. If you are unsure about which function should be used and with what arguments, ask the user for clarification or confirmation. @@ -50,63 +77,56 @@ export const registerFunctions: RegistrationCallback = async ({ You can use Github-flavored Markdown in your responses. If a function returns an array, consider using a Markdown table to format the response. - Note that ES|QL (the Elasticsearch Query Language which is a new piped language) is the preferred query language. - If you want to call a function or tool, only call it a single time per message. Wait until the function has been executed and its results returned to you, before executing the same tool or another tool again if needed. - DO NOT UNDER ANY CIRCUMSTANCES USE ES|QL syntax (\`service.name == "foo"\`) with "kqlFilter" (\`service.name:"foo"\`). - - The user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability, which can be found in the ${ + The user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability and Search, which can be found in the ${ isServerless ? `Project settings.` : `Stack Management app under the option AI Assistants` }. - If the user asks how to change the language, reply in the same language the user asked in.`, - scopes: ['observability'], - }); + If the user asks how to change the language, reply in the same language the user asked in.` + ); + } const { ready: isReady } = await client.getKnowledgeBaseStatus(); - functions.registerInstruction({ - instruction: ({ availableFunctionNames }) => { - const instructions: string[] = []; + functions.registerInstruction(({ availableFunctionNames }) => { + const instructions: string[] = []; - if ( - availableFunctionNames.includes(QUERY_FUNCTION_NAME) && - availableFunctionNames.includes(GET_DATASET_INFO_FUNCTION_NAME) - ) { - instructions.push(`You MUST use the "${GET_DATASET_INFO_FUNCTION_NAME}" ${ - functions.hasFunction('get_apm_dataset_info') ? 'or the get_apm_dataset_info' : '' - } function before calling the "${QUERY_FUNCTION_NAME}" or the "changes" functions. + if ( + availableFunctionNames.includes(QUERY_FUNCTION_NAME) && + availableFunctionNames.includes(GET_DATASET_INFO_FUNCTION_NAME) + ) { + instructions.push(`You MUST use the "${GET_DATASET_INFO_FUNCTION_NAME}" ${ + functions.hasFunction('get_apm_dataset_info') ? 'or the get_apm_dataset_info' : '' + } function before calling the "${QUERY_FUNCTION_NAME}" or the "changes" functions. If a function requires an index, you MUST use the results from the dataset info functions.`); - } + } - if (availableFunctionNames.includes(GET_DATA_ON_SCREEN_FUNCTION_NAME)) { - instructions.push(`You have access to data on the screen by calling the "${GET_DATA_ON_SCREEN_FUNCTION_NAME}" function. + if (availableFunctionNames.includes(GET_DATA_ON_SCREEN_FUNCTION_NAME)) { + instructions.push(`You have access to data on the screen by calling the "${GET_DATA_ON_SCREEN_FUNCTION_NAME}" function. Use it to help the user understand what they are looking at. A short summary of what they are looking at is available in the return of the "${CONTEXT_FUNCTION_NAME}" function. Data that is compact enough automatically gets included in the response for the "${CONTEXT_FUNCTION_NAME}" function.`); - } + } - if (isReady) { - if (availableFunctionNames.includes(SUMMARIZE_FUNCTION_NAME)) { - instructions.push(`You can use the "${SUMMARIZE_FUNCTION_NAME}" function to store new information you have learned in a knowledge database. + if (isReady) { + if (availableFunctionNames.includes(SUMMARIZE_FUNCTION_NAME)) { + instructions.push(`You can use the "${SUMMARIZE_FUNCTION_NAME}" function to store new information you have learned in a knowledge database. Only use this function when the user asks for it. All summaries MUST be created in English, even if the conversation was carried out in a different language.`); - } - - if (availableFunctionNames.includes(CONTEXT_FUNCTION_NAME)) { - instructions.push( - `Additionally, you can use the "${CONTEXT_FUNCTION_NAME}" function to retrieve relevant information from the knowledge database.` - ); - } - } else { + } + + if (availableFunctionNames.includes(CONTEXT_FUNCTION_NAME)) { instructions.push( - `You do not have a working memory. If the user expects you to remember the previous conversations, tell them they can set up the knowledge base.` + `Additionally, you can use the "${CONTEXT_FUNCTION_NAME}" function to retrieve relevant information from the knowledge database.` ); } - return instructions.map((instruction) => dedent(instruction)); - }, - scopes: ['all'], + } else { + instructions.push( + `You do not have a working memory. If the user expects you to remember the previous conversations, tell them they can set up the knowledge base.` + ); + } + return instructions.map((instruction) => dedent(instruction)); }); if (isReady) { diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/kibana.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/kibana.ts index f55a8ba432922..f939e3a79799b 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/kibana.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/kibana.ts @@ -95,7 +95,6 @@ export function registerKibanaFunction({ }).then((response) => { return { content: response.data }; }); - }, - ['all'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/summarize.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/summarize.ts index a4c34c5caa5a3..8865861d81f45 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/summarize.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/summarize.ts @@ -86,7 +86,6 @@ export function registerSummarizationFunction({ message: `The document has been stored`, }, })); - }, - ['observability'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/chat/route.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/chat/route.ts index 136cc68497563..8bc88cca10b01 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/chat/route.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/chat/route.ts @@ -61,7 +61,7 @@ const chatCompleteInternalRt = t.intersection([ t.type({ body: t.type({ screenContexts: t.array(screenContextRt), - scope: assistantScopeType, + scopes: t.array(assistantScopeType), }), }), ]); @@ -83,11 +83,11 @@ async function initializeChatRequest({ request, plugins: { cloud, actions }, params: { - body: { connectorId, scope }, + body: { connectorId, scopes }, }, service, }: ObservabilityAIAssistantRouteHandlerResources & { - params: { body: { connectorId: string; scope: AssistantScope } }; + params: { body: { connectorId: string; scopes: AssistantScope[] } }; }) { await withAssistantSpan('guard_against_invalid_connector', async () => { const actionsClient = await (await actions.start()).getActionsClientWithRequest(request); @@ -101,7 +101,7 @@ async function initializeChatRequest({ }); const [client, cloudStart, simulateFunctionCalling] = await Promise.all([ - service.getClient({ request, scope }), + service.getClient({ request, scopes }), cloud?.start(), (await context.core).uiSettings.client.get(aiAssistantSimulatedFunctionCalling), ]); @@ -136,7 +136,7 @@ const chatRoute = createObservabilityAIAssistantServerRoute({ messages: t.array(messageRt), connectorId: t.string, functions: t.array(functionRt), - scope: assistantScopeType, + scopes: t.array(assistantScopeType), }), t.partial({ functionCall: t.string, @@ -182,7 +182,7 @@ const chatRecallRoute = createObservabilityAIAssistantServerRoute({ prompt: t.string, context: t.string, connectorId: t.string, - scope: assistantScopeType, + scopes: t.array(assistantScopeType), }), }), handler: async (resources): Promise => { @@ -248,6 +248,7 @@ async function chatComplete( screenContexts, instructions, disableFunctions, + scopes, }, } = params; @@ -260,6 +261,7 @@ async function chatComplete( resources, client, screenContexts, + scopes, }); const response$ = client.complete({ @@ -310,7 +312,7 @@ const publicChatCompleteRoute = createObservabilityAIAssistantServerRoute({ params: { body: { ...restOfBody, - scope: 'observability', + scopes: ['observability'], screenContexts: [ { actions, diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/functions/route.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/functions/route.ts index b31e33148454c..8a61248d4e70e 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/functions/route.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/routes/functions/route.ts @@ -15,10 +15,10 @@ import { createObservabilityAIAssistantServerRoute } from '../create_observabili import { assistantScopeType } from '../runtime_types'; const getFunctionsRoute = createObservabilityAIAssistantServerRoute({ - endpoint: 'GET /internal/observability_ai_assistant/{scope}/functions', + endpoint: 'GET /internal/observability_ai_assistant/functions', params: t.type({ - path: t.type({ - scope: assistantScopeType, + query: t.partial({ + scopes: t.union([t.array(assistantScopeType), assistantScopeType]), }), }), options: { @@ -34,10 +34,12 @@ const getFunctionsRoute = createObservabilityAIAssistantServerRoute({ service, request, params: { - path: { scope }, + query: { scopes: inputScopes }, }, } = resources; + const scopes = inputScopes ? (Array.isArray(inputScopes) ? inputScopes : [inputScopes]) : []; + const controller = new AbortController(); request.events.aborted$.subscribe(() => { controller.abort(); @@ -51,19 +53,20 @@ const getFunctionsRoute = createObservabilityAIAssistantServerRoute({ resources, client, screenContexts: [], + scopes, }), // error is caught in client client.getKnowledgeBaseUserInstructions(), ]); - const functionDefinitions = functionClient.getFunctions({ scope }).map((fn) => fn.definition); + const functionDefinitions = functionClient.getFunctions().map((fn) => fn.definition); const availableFunctionNames = functionDefinitions.map((def) => def.name); return { functionDefinitions, systemMessage: getSystemMessageFromInstructions({ - applicationInstructions: functionClient.getInstructions(scope), + applicationInstructions: functionClient.getInstructions(), userInstructions, adHocInstructions: [], availableFunctionNames, diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.test.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.test.ts index ea265c580b50f..3d83c470de0c5 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.test.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.test.ts @@ -34,8 +34,7 @@ describe('chatFunctionClient', () => { required: ['foo'], }, }, - respondFn, - ['all'] + respondFn ); }); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.ts index 4413e4fa8b634..97def121e8593 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/chat_function_client/index.ts @@ -9,7 +9,6 @@ import Ajv, { type ErrorObject, type ValidateFunction } from 'ajv'; import dedent from 'dedent'; import { compact, keyBy } from 'lodash'; -import { type AssistantScope, filterScopes } from '@kbn/ai-assistant-common'; import { FunctionVisibility, type FunctionResponse } from '../../../common/functions/types'; import type { Message, ObservabilityAIAssistantScreenContextRequest } from '../../../common/types'; import { filterFunctionDefinitions } from '../../../common/utils/filter_function_definitions'; @@ -18,7 +17,6 @@ import type { FunctionHandler, FunctionHandlerRegistry, InstructionOrCallback, - InstructionOrCallbackWithScopes, RegisterFunction, RegisterInstruction, } from '../types'; @@ -36,7 +34,7 @@ const ajv = new Ajv({ export const GET_DATA_ON_SCREEN_FUNCTION_NAME = 'get_data_on_screen'; export class ChatFunctionClient { - private readonly instructions: InstructionOrCallbackWithScopes[] = []; + private readonly instructions: InstructionOrCallback[] = []; private readonly functionRegistry: FunctionHandlerRegistry = new Map(); private readonly validators: Map = new Map(); @@ -75,8 +73,7 @@ export class ChatFunctionClient { return { content: allData.filter((data) => dataNames.includes(data.name)), }; - }, - ['all'] + } ); } @@ -87,11 +84,11 @@ export class ChatFunctionClient { }); } - registerFunction: RegisterFunction = (definition, respond, scopes) => { + registerFunction: RegisterFunction = (definition, respond) => { if (definition.parameters) { this.validators.set(definition.name, ajv.compile(definition.parameters)); } - this.functionRegistry.set(definition.name, { handler: { definition, respond }, scopes }); + this.functionRegistry.set(definition.name, { handler: { definition, respond } }); }; registerInstruction: RegisterInstruction = (instruction) => { @@ -110,8 +107,8 @@ export class ChatFunctionClient { } } - getInstructions(scope: AssistantScope): InstructionOrCallback[] { - return this.instructions.filter(filterScopes(scope)).map((i) => i.instruction); + getInstructions(): InstructionOrCallback[] { + return this.instructions; } hasAction(name: string) { @@ -120,14 +117,10 @@ export class ChatFunctionClient { getFunctions({ filter, - scope, }: { filter?: string; - scope?: AssistantScope; } = {}): FunctionHandler[] { - const allFunctions = Array.from(this.functionRegistry.values()) - .filter(filterScopes(scope)) - .map(({ handler }) => handler); + const allFunctions = Array.from(this.functionRegistry.values()).map(({ handler }) => handler); const functionsByName = keyBy(allFunctions, (definition) => definition.definition.name); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.test.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.test.ts index 5a7cf81a40122..0476bda1af8a2 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.test.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.test.ts @@ -187,7 +187,7 @@ describe('Observability AI Assistant client', () => { user: { name: 'johndoe', }, - scope: 'all', + scopes: ['all'], }); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts index 4eb0e54f9febe..19a3dd827107b 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts @@ -101,7 +101,7 @@ export class ObservabilityAIAssistantClient { name: string; }; knowledgeBaseService: KnowledgeBaseService; - scope: AssistantScope; + scopes: AssistantScope[]; } ) {} @@ -217,11 +217,11 @@ export class ObservabilityAIAssistantClient { // this is what we eventually store in the conversation const messagesWithUpdatedSystemMessage = replaceSystemMessage( getSystemMessageFromInstructions({ - applicationInstructions: functionClient.getInstructions(this.dependencies.scope), + applicationInstructions: functionClient.getInstructions(), userInstructions, adHocInstructions, availableFunctionNames: functionClient - .getFunctions({ scope: this.dependencies.scope }) + .getFunctions() .map((fn) => fn.definition.name), }), initialMessages @@ -301,7 +301,6 @@ export class ObservabilityAIAssistantClient { disableFunctions, tracer: completeTracer, connectorId, - scope: this.dependencies.scope, useSimulatedFunctionCalling: simulateFunctionCalling === true, }) ); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/operators/continue_conversation.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/operators/continue_conversation.ts index 7ebd9d66bf30f..66204c96f31cb 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/operators/continue_conversation.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/operators/continue_conversation.ts @@ -21,7 +21,6 @@ import { switchMap, throwError, } from 'rxjs'; -import type { AssistantScope } from '@kbn/ai-assistant-common'; import { CONTEXT_FUNCTION_NAME } from '../../../functions/context'; import { createFunctionNotFoundError, Message, MessageRole } from '../../../../common'; import { @@ -138,7 +137,6 @@ function getFunctionDefinitions({ functionClient, functionLimitExceeded, disableFunctions, - scope, }: { functionClient: ChatFunctionClient; functionLimitExceeded: boolean; @@ -147,14 +145,13 @@ function getFunctionDefinitions({ | { except: string[]; }; - scope: AssistantScope; }) { if (functionLimitExceeded || disableFunctions === true) { return []; } let systemFunctions = functionClient - .getFunctions({ scope }) + .getFunctions() .map((fn) => fn.definition) .filter( (def) => @@ -187,7 +184,6 @@ export function continueConversation({ disableFunctions, tracer, connectorId, - scope, useSimulatedFunctionCalling, }: { messages: Message[]; @@ -205,7 +201,6 @@ export function continueConversation({ }; tracer: LangTracer; connectorId: string; - scope: AssistantScope; useSimulatedFunctionCalling: boolean; }): Observable { let nextFunctionCallsLeft = functionCallsLeft; @@ -216,12 +211,11 @@ export function continueConversation({ functionLimitExceeded, functionClient, disableFunctions, - scope, }); const messagesWithUpdatedSystemMessage = replaceSystemMessage( getSystemMessageFromInstructions({ - applicationInstructions: functionClient.getInstructions(scope), + applicationInstructions: functionClient.getInstructions(), userInstructions, adHocInstructions, availableFunctionNames: definitions.map((def) => def.name), @@ -350,7 +344,6 @@ export function continueConversation({ disableFunctions, tracer, connectorId, - scope, useSimulatedFunctionCalling, }); }) diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts index f203dcc350bfd..63e2ee240927c 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts @@ -249,10 +249,10 @@ export class ObservabilityAIAssistantService { async getClient({ request, - scope, + scopes, }: { request: KibanaRequest; - scope?: AssistantScope; + scopes?: AssistantScope[]; }): Promise { const controller = new AbortController(); @@ -291,7 +291,7 @@ export class ObservabilityAIAssistantService { } : undefined, knowledgeBaseService: this.kbService!, - scope: scope || 'all', + scopes: scopes || ['all'], }); } @@ -300,11 +300,13 @@ export class ObservabilityAIAssistantService { signal, resources, client, + scopes, }: { screenContexts: ObservabilityAIAssistantScreenContextRequest[]; signal: AbortSignal; resources: RespondFunctionResources; client: ObservabilityAIAssistantClient; + scopes: AssistantScope[]; }): Promise { const fnClient = new ChatFunctionClient(screenContexts); @@ -313,6 +315,7 @@ export class ObservabilityAIAssistantService { functions: fnClient, resources, client, + scopes, }; await Promise.all( diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/types.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/types.ts index 4857189f2d156..b00da8d6518fa 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/types.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/types.ts @@ -68,18 +68,13 @@ export interface FunctionHandler { export type InstructionOrCallback = InstructionOrPlainText | RegisterInstructionCallback; -export interface InstructionOrCallbackWithScopes { - instruction: InstructionOrCallback; - scopes: AssistantScope[]; -} - export type RegisterInstructionCallback = ({ availableFunctionNames, }: { availableFunctionNames: string[]; }) => InstructionOrPlainText | InstructionOrPlainText[] | undefined; -export type RegisterInstruction = (...instruction: InstructionOrCallbackWithScopes[]) => void; +export type RegisterInstruction = (...instruction: InstructionOrCallback[]) => void; export type RegisterFunction = < TParameters extends CompatibleJSONSchema = any, @@ -87,17 +82,14 @@ export type RegisterFunction = < TArguments = FromSchema >( definition: FunctionDefinition, - respond: RespondFunction, - scopes: AssistantScope[] + respond: RespondFunction ) => void; -export type FunctionHandlerRegistry = Map< - string, - { handler: FunctionHandler; scopes: AssistantScope[] } ->; +export type FunctionHandlerRegistry = Map; export type RegistrationCallback = ({}: { signal: AbortSignal; resources: RespondFunctionResources; client: ObservabilityAIAssistantClient; functions: ChatFunctionClient; + scopes: AssistantScope[]; }) => Promise; diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json b/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json index 63105b2a86c59..7c2f2212ee946 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json @@ -46,7 +46,7 @@ "@kbn/core-ui-settings-server", "@kbn/inference-plugin", "@kbn/management-settings-ids", - "@kbn/ai-assistant-common" + "@kbn/ai-assistant-common", ], "exclude": ["target/**/*"] } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/hooks/use_nav_control_scope.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/hooks/use_nav_control_scope.ts index 39080adc47d48..157fccfb8a1f2 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/hooks/use_nav_control_scope.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/hooks/use_nav_control_scope.ts @@ -10,11 +10,12 @@ import { useAIAssistantAppService } from '@kbn/ai-assistant'; import { AssistantScope } from '@kbn/ai-assistant-common'; import { useObservable } from 'react-use/lib'; import { DEFAULT_APP_CATEGORIES } from '@kbn/core/public'; +import { isEqual } from 'lodash'; import { useKibana } from './use_kibana'; -const scopeUrlLookup: Record = { - [DEFAULT_APP_CATEGORIES.observability.id]: 'observability', - [DEFAULT_APP_CATEGORIES.enterpriseSearch.id]: 'search', +const scopeUrlLookup: Record = { + [DEFAULT_APP_CATEGORIES.observability.id]: ['observability'], + [DEFAULT_APP_CATEGORIES.enterpriseSearch.id]: ['search'], }; export function useNavControlScope() { @@ -31,11 +32,9 @@ export function useNavControlScope() { const currentCategoryId = (currentApplication && applications?.get(currentApplication)?.category?.id) || DEFAULT_APP_CATEGORIES.kibana.id; - const newScope = Object.entries(scopeUrlLookup).find( - ([categoryId]) => categoryId === currentCategoryId - )?.[1]; - if (newScope && newScope !== service.getScope()) { - service.setScope(newScope); + const newScopes = scopeUrlLookup[currentCategoryId]; + if (newScopes?.length && !isEqual(service.getScopes(), newScopes)) { + service.setScopes(newScopes); } }, [applications, currentApplication, service]); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/routes/conversations/conversation_view_with_props.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/routes/conversations/conversation_view_with_props.tsx index c57b8e2c66c71..2d28ee0adbaa6 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/routes/conversations/conversation_view_with_props.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/public/routes/conversations/conversation_view_with_props.tsx @@ -38,6 +38,7 @@ export function ConversationViewWithProps() { }, }) } + scopes={['observability']} /> ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/evaluation.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/evaluation.ts index 030994fa44acf..a01b276c37bdf 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/evaluation.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/evaluation.ts @@ -100,7 +100,7 @@ function runEvaluations() { evaluationConnectorId: evaluationConnector.id!, persist: argv.persist, suite: mocha.suite, - scope: 'all', + scopes: ['all'], }); const header: string[][] = [ diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts index cc1500168e368..f3b5ca357231b 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts @@ -239,13 +239,13 @@ export class KibanaClient { evaluationConnectorId, persist, suite, - scope, + scopes, }: { connectorId: string; evaluationConnectorId: string; persist: boolean; suite?: Mocha.Suite; - scope: AssistantScope; + scopes: AssistantScope[]; }): ChatClient { function getMessages(message: string | Array): Array { if (typeof message === 'string') { @@ -373,7 +373,7 @@ export class KibanaClient { connectorId: connectorIdOverride || connectorId, functions: functions.map((fn) => pick(fn, 'name', 'description', 'parameters')), functionCall, - scope, + scopes, }; return that.axios.post( @@ -463,7 +463,7 @@ export class KibanaClient { connectorId, persist, title: currentTitle, - scope, + scopes, }, { responseType: 'stream', timeout: NaN } ) diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/alerts.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/alerts.ts index 1d0056fa2f66c..682f2e2a4b19b 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/alerts.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/alerts.ts @@ -74,154 +74,155 @@ export function registerAlertsFunction({ functions, resources, pluginsStart, + scopes, }: FunctionRegistrationParameters) { - functions.registerFunction( - { - name: 'get_alerts_dataset_info', - visibility: FunctionVisibility.AssistantOnly, - description: `Use this function to get information about alerts data.`, - parameters: { - type: 'object', - properties: { - start: { - type: 'string', - description: - 'The start of the current time range, in datemath, like now-24h or an ISO timestamp', + if (scopes.includes('observability')) { + functions.registerFunction( + { + name: 'get_alerts_dataset_info', + visibility: FunctionVisibility.AssistantOnly, + description: `Use this function to get information about alerts data.`, + parameters: { + type: 'object', + properties: { + start: { + type: 'string', + description: + 'The start of the current time range, in datemath, like now-24h or an ISO timestamp', + }, + end: { + type: 'string', + description: + 'The end of the current time range, in datemath, like now-24h or an ISO timestamp', + }, }, - end: { - type: 'string', - description: - 'The end of the current time range, in datemath, like now-24h or an ISO timestamp', - }, - }, - } as const, - }, - async ( - { arguments: { start, end }, chat, messages }, - signal - ): Promise<{ - content: { - fields: string[]; - }; - }> => { - const core = await resources.context.core; + } as const, + }, + async ( + { arguments: { start, end }, chat, messages }, + signal + ): Promise<{ + content: { + fields: string[]; + }; + }> => { + const core = await resources.context.core; - const { fields } = await getRelevantFieldNames({ - index: `.alerts-observability*`, - messages, - esClient: core.elasticsearch.client.asInternalUser, - dataViews: await resources.plugins.dataViews.start(), - savedObjectsClient: core.savedObjects.client, - signal, - chat: ( - operationName, - { messages: nextMessages, functionCall, functions: nextFunctions } - ) => { - return chat(operationName, { - messages: nextMessages, - functionCall, - functions: nextFunctions, - signal, - }); - }, - }); + const { fields } = await getRelevantFieldNames({ + index: `.alerts-observability*`, + messages, + esClient: core.elasticsearch.client.asInternalUser, + dataViews: await resources.plugins.dataViews.start(), + savedObjectsClient: core.savedObjects.client, + signal, + chat: ( + operationName, + { messages: nextMessages, functionCall, functions: nextFunctions } + ) => { + return chat(operationName, { + messages: nextMessages, + functionCall, + functions: nextFunctions, + signal, + }); + }, + }); - return { - content: { - fields: fields.length === 0 ? defaultFields : fields, - }, - }; - }, - ['observability'] - ); + return { + content: { + fields: fields.length === 0 ? defaultFields : fields, + }, + }; + } + ); - functions.registerFunction( - { - name: 'alerts', - description: `Get alerts for Observability. Make sure get_alerts_dataset_info was called before. + functions.registerFunction( + { + name: 'alerts', + description: `Get alerts for Observability. Make sure get_alerts_dataset_info was called before. Use this to get open (and optionally recovered) alerts for Observability assets, like services, hosts or containers. Display the response in tabular format if appropriate. `, - descriptionForUser: 'Get alerts for Observability', - parameters: { - type: 'object', - properties: { - start: { - type: 'string', - description: 'The start of the time range, in Elasticsearch date math, like `now`.', - }, - end: { - type: 'string', - description: 'The end of the time range, in Elasticsearch date math, like `now-24h`.', + descriptionForUser: 'Get alerts for Observability', + parameters: { + type: 'object', + properties: { + start: { + type: 'string', + description: 'The start of the time range, in Elasticsearch date math, like `now`.', + }, + end: { + type: 'string', + description: 'The end of the time range, in Elasticsearch date math, like `now-24h`.', + }, + kqlFilter: { + type: 'string', + description: `Filter alerts by field:value pairs`, + }, + includeRecovered: { + type: 'boolean', + description: + 'Whether to include recovered/closed alerts. Defaults to false, which means only active alerts will be returned', + }, }, - kqlFilter: { - type: 'string', - description: `Filter alerts by field:value pairs`, - }, - includeRecovered: { - type: 'boolean', - description: - 'Whether to include recovered/closed alerts. Defaults to false, which means only active alerts will be returned', - }, - }, - required: ['start', 'end'], - } as const, - }, - async ( - { arguments: { start: startAsDatemath, end: endAsDatemath, filter, includeRecovered } }, - signal - ) => { - const alertsClient = await pluginsStart.ruleRegistry.getRacClientWithRequest( - resources.request as KibanaRequest - ); + required: ['start', 'end'], + } as const, + }, + async ( + { arguments: { start: startAsDatemath, end: endAsDatemath, filter, includeRecovered } }, + signal + ) => { + const alertsClient = await pluginsStart.ruleRegistry.getRacClientWithRequest( + resources.request as KibanaRequest + ); - const start = datemath.parse(startAsDatemath)!.valueOf(); - const end = datemath.parse(endAsDatemath)!.valueOf(); + const start = datemath.parse(startAsDatemath)!.valueOf(); + const end = datemath.parse(endAsDatemath)!.valueOf(); - const kqlQuery = !filter ? [] : [toElasticsearchQuery(fromKueryExpression(filter))]; + const kqlQuery = !filter ? [] : [toElasticsearchQuery(fromKueryExpression(filter))]; - const response = await alertsClient.find({ - featureIds: DEFAULT_FEATURE_IDS as unknown as string[], - query: { - bool: { - filter: [ - { - range: { - '@timestamp': { - gte: start, - lte: end, + const response = await alertsClient.find({ + featureIds: DEFAULT_FEATURE_IDS as unknown as string[], + query: { + bool: { + filter: [ + { + range: { + '@timestamp': { + gte: start, + lte: end, + }, }, }, - }, - ...kqlQuery, - ...(!includeRecovered - ? [ - { - term: { - [ALERT_STATUS]: ALERT_STATUS_ACTIVE, + ...kqlQuery, + ...(!includeRecovered + ? [ + { + term: { + [ALERT_STATUS]: ALERT_STATUS_ACTIVE, + }, }, - }, - ] - : []), - ], + ] + : []), + ], + }, }, - }, - size: 10, - }); + size: 10, + }); - // trim some fields - const alerts = response.hits.hits.map((hit) => - omit(hit._source, ...OMITTED_ALERT_FIELDS) - ) as unknown as ParsedTechnicalFields[]; + // trim some fields + const alerts = response.hits.hits.map((hit) => + omit(hit._source, ...OMITTED_ALERT_FIELDS) + ) as unknown as ParsedTechnicalFields[]; - return { - content: { - total: (response.hits as { total: { value: number } }).total.value, - alerts, - }, - }; - }, - ['observability'] - ); + return { + content: { + total: (response.hits as { total: { value: number } }).total.value, + alerts, + }, + }; + } + ); + } } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/changes/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/changes/index.ts index 71872782e27b0..cc712b7bb9b4f 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/changes/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/changes/index.ts @@ -25,131 +25,133 @@ export function registerChangesFunction({ context: { core: corePromise }, }, pluginsStart, + scopes, }: FunctionRegistrationParameters) { - functions.registerFunction( - { - name: CHANGES_FUNCTION_NAME, - description: 'Returns change points like spikes and dips for logs and metrics.', - parameters: changesFunctionParameters, - }, - async ({ - arguments: { start, end, logs = [], metrics = [] }, - }): Promise => { - if (logs.length === 0 && metrics.length === 0) { - throw new Error('No metrics or logs were defined'); - } + if (scopes.includes('observability')) { + functions.registerFunction( + { + name: CHANGES_FUNCTION_NAME, + description: 'Returns change points like spikes and dips for logs and metrics.', + parameters: changesFunctionParameters, + }, + async ({ + arguments: { start, end, logs = [], metrics = [] }, + }): Promise => { + if (logs.length === 0 && metrics.length === 0) { + throw new Error('No metrics or logs were defined'); + } - const core = await corePromise; + const core = await corePromise; - const logSourcesService = - await pluginsStart.logsDataAccess.services.logSourcesServiceFactory.getLogSourcesService( - core.savedObjects.client - ); - const logsIndexPattern = await logSourcesService.getFlattenedLogSources(); + const logSourcesService = + await pluginsStart.logsDataAccess.services.logSourcesServiceFactory.getLogSourcesService( + core.savedObjects.client + ); + const logsIndexPattern = await logSourcesService.getFlattenedLogSources(); - const client = createElasticsearchClient({ - client: core.elasticsearch.client.asCurrentUser, - logger, - inspect: logger.isLevelEnabled('debug'), - }); + const client = createElasticsearchClient({ + client: core.elasticsearch.client.asCurrentUser, + logger, + inspect: logger.isLevelEnabled('debug'), + }); - const commonFilters = [ - { - range: { - '@timestamp': { - gte: start, - lt: end, + const commonFilters = [ + { + range: { + '@timestamp': { + gte: start, + lt: end, + }, }, }, - }, - ]; + ]; - const dateHistogram: AggregationsAutoDateHistogramAggregation = { - field: '@timestamp', - buckets: 100, - }; + const dateHistogram: AggregationsAutoDateHistogramAggregation = { + field: '@timestamp', + buckets: 100, + }; - const [metricChanges, logChanges] = await Promise.all([ - Promise.all([ - ...metrics.map(async (metric) => { - const changes = await getMetricChanges({ - index: metric.index, - client, - filters: [ - ...commonFilters, - ...(metric.kqlFilter - ? [toElasticsearchQuery(fromKueryExpression(metric.kqlFilter))] - : []), - ], - groupBy: metric.groupBy ?? [], - type: metric.type || 'count', - field: metric.field, - dateHistogram, - }); + const [metricChanges, logChanges] = await Promise.all([ + Promise.all([ + ...metrics.map(async (metric) => { + const changes = await getMetricChanges({ + index: metric.index, + client, + filters: [ + ...commonFilters, + ...(metric.kqlFilter + ? [toElasticsearchQuery(fromKueryExpression(metric.kqlFilter))] + : []), + ], + groupBy: metric.groupBy ?? [], + type: metric.type || 'count', + field: metric.field, + dateHistogram, + }); - return changes.map((change) => ({ - name: metric.name, - ...change, - })); - }), - ]), - Promise.all([ - ...logs.map(async (log) => { - const changes = await getLogChanges({ - index: log.index || logsIndexPattern, - client, - filters: [ - ...commonFilters, - ...(log.kqlFilter - ? [toElasticsearchQuery(fromKueryExpression(log.kqlFilter))] - : []), - ], - field: log.field ?? 'message', - dateHistogram, - }); - return changes.map((change) => ({ - name: log.name, - ...change, - })); - }), - ]), - ]); + return changes.map((change) => ({ + name: metric.name, + ...change, + })); + }), + ]), + Promise.all([ + ...logs.map(async (log) => { + const changes = await getLogChanges({ + index: log.index || logsIndexPattern, + client, + filters: [ + ...commonFilters, + ...(log.kqlFilter + ? [toElasticsearchQuery(fromKueryExpression(log.kqlFilter))] + : []), + ], + field: log.field ?? 'message', + dateHistogram, + }); + return changes.map((change) => ({ + name: log.name, + ...change, + })); + }), + ]), + ]); - const allMetricChanges = orderBy(metricChanges.flat(), [ - (item) => ('p_value' in item.changes ? item.changes.p_value : Number.POSITIVE_INFINITY), - ]).slice(0, 25); + const allMetricChanges = orderBy(metricChanges.flat(), [ + (item) => ('p_value' in item.changes ? item.changes.p_value : Number.POSITIVE_INFINITY), + ]).slice(0, 25); - const allMetricChangesWithoutTimeseries = allMetricChanges.flat().map((metricChange) => { - return omit(metricChange, 'over_time'); - }); + const allMetricChangesWithoutTimeseries = allMetricChanges.flat().map((metricChange) => { + return omit(metricChange, 'over_time'); + }); - const allLogChanges = orderBy(logChanges.flat(), [ - (item) => ('p_value' in item.changes ? item.changes.p_value : Number.POSITIVE_INFINITY), - ]).slice(0, 25); + const allLogChanges = orderBy(logChanges.flat(), [ + (item) => ('p_value' in item.changes ? item.changes.p_value : Number.POSITIVE_INFINITY), + ]).slice(0, 25); - const allLogChangesWithoutTimeseries = allLogChanges.flat().map((logChange) => { - return omit(logChange, 'over_time'); - }); + const allLogChangesWithoutTimeseries = allLogChanges.flat().map((logChange) => { + return omit(logChange, 'over_time'); + }); - return { - content: { - description: `For each item, the user can see the type of change, the impact, the timestamp, the trend, and the label. + return { + content: { + description: `For each item, the user can see the type of change, the impact, the timestamp, the trend, and the label. Do not regurgitate these results back to the user. Instead, focus on the interesting changes, mention possible correlations or root causes, and suggest next steps to the user. "indeterminate" means that the system could not detect any changes.`, - changes: { - metrics: allMetricChangesWithoutTimeseries, - logs: allLogChangesWithoutTimeseries, + changes: { + metrics: allMetricChangesWithoutTimeseries, + logs: allLogChangesWithoutTimeseries, + }, }, - }, - data: { - changes: { - metrics: allMetricChanges, - logs: allLogChanges, + data: { + changes: { + metrics: allMetricChanges, + logs: allLogChanges, + }, }, - }, - }; - }, - ['observability'] - ); + }; + } + ); + } } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/lens.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/lens.ts index bb07d701f1708..dbae57c08c9e2 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/lens.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/lens.ts @@ -8,13 +8,9 @@ import type { ChatFunctionClient } from '@kbn/observability-ai-assistant-plugin/ import { lensFunctionDefinition } from '../../common/functions/lens'; export function registerLensFunction({ functions }: { functions: ChatFunctionClient }) { - functions.registerFunction( - lensFunctionDefinition, - async () => { - return { - content: {}, - }; - }, - ['all'] - ); + functions.registerFunction(lensFunctionDefinition, async () => { + return { + content: {}, + }; + }); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/index.ts index 8f7eb7b6b4e1f..3643c54365248 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/index.ts @@ -53,7 +53,7 @@ export function registerQueryFunction({ When the "visualize_query" function has been called, a visualization has been displayed to the user. DO NOT UNDER ANY CIRCUMSTANCES follow up a "visualize_query" function call with your own visualization attempt. If the "${EXECUTE_QUERY_NAME}" function has been called, summarize these results for the user. The user does not see a visualization in this case.` : undefined; - functions.registerInstruction({ instruction, scopes: ['all'] }); + functions.registerInstruction(instruction); functions.registerFunction( { @@ -103,8 +103,7 @@ export function registerQueryFunction({ rows, }, }; - }, - ['all'] + } ); functions.registerFunction( { @@ -188,7 +187,6 @@ export function registerQueryFunction({ return messageAddEvent; }) ); - }, - ['all'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/visualize_esql.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/visualize_esql.ts index bda75eafc9ade..4eeba0450e6e4 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/visualize_esql.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/visualize_esql.ts @@ -61,7 +61,6 @@ export function registerVisualizeESQLFunction({ ], }, }; - }, - ['all'] + } ); } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts index d99e822484b67..19f1408275e1f 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts @@ -154,12 +154,13 @@ async function executor( } const resources = await initResources(request); - const client = await resources.service.getClient({ request, scope: 'observability' }); + const client = await resources.service.getClient({ request, scopes: ['observability'] }); const functionClient = await resources.service.getFunctionClient({ signal: new AbortController().signal, resources, client, screenContexts: [], + scopes: ['observability'], }); const actionsClient = await ( await resources.plugins.actions.start() @@ -227,7 +228,7 @@ If available, include the link of the conversation at the end of your answer.` role: MessageRole.System, content: getSystemMessageFromInstructions({ availableFunctionNames: functionClient.getFunctions().map((fn) => fn.definition.name), - applicationInstructions: functionClient.getInstructions('observability'), + applicationInstructions: functionClient.getInstructions(), userInstructions: [], adHocInstructions: [], }), diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/README.md b/x-pack/plugins/observability_solution/observability_ai_assistant_management/README.md index 43e09378c7288..39d0973b1a1f0 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/README.md +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/README.md @@ -1,3 +1,3 @@ # `observabilityAiAssistantManagement` plugin -The `observabilityAiAssistantManagement` plugin manages the `Ai Assistant for Observability` management section. +The `observabilityAiAssistantManagement` plugin manages the `Ai Assistant for Observability and Search` management section. diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/app.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/app.tsx index af8d41223e1d8..4522e00fb37d2 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/app.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/app.tsx @@ -35,7 +35,7 @@ export const mountManagementSection = async ({ core, mountParams }: MountParams) coreStart.chrome.docTitle.change( i18n.translate('xpack.observabilityAiAssistantManagement.app.titleBar', { - defaultMessage: 'AI Assistant for Observability Settings', + defaultMessage: 'AI Assistant for Observability and Search Settings', }) ); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts index 53da619c7ad1c..e2e69ef5600cf 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts @@ -49,7 +49,7 @@ export class AiAssistantManagementObservabilityPlugin { home, management, observabilityAIAssistant }: SetupDependencies ): AiAssistantManagementObservabilityPluginSetup { const title = i18n.translate('xpack.observabilityAiAssistantManagement.app.title', { - defaultMessage: 'AI Assistant for Observability', + defaultMessage: 'AI Assistant for Observability and Search', }); if (home) { @@ -57,7 +57,7 @@ export class AiAssistantManagementObservabilityPlugin id: 'ai_assistant_observability', title, description: i18n.translate('xpack.observabilityAiAssistantManagement.app.description', { - defaultMessage: 'Manage your AI Assistant for Observability.', + defaultMessage: 'Manage your AI Assistant for Observability and Search.', }), icon: 'sparkles', path: '/app/management/kibana/ai-assistant/observability', diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_page.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_page.tsx index c329e6de8e673..075aaeb0aeb75 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_page.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_page.tsx @@ -40,7 +40,7 @@ export function SettingsPage() { text: i18n.translate( 'xpack.observabilityAiAssistantManagement.breadcrumb.serverless.observability', { - defaultMessage: 'AI Assistant for Observability Settings', + defaultMessage: 'AI Assistant for Observability and Search Settings', } ), }, diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx index 4ec17f34610e2..71b758f27f580 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx @@ -85,7 +85,7 @@ export function SettingsTab() { 'xpack.observabilityAiAssistantManagement.settingsPage.euiDescribedFormGroup.inOrderToUseLabel', { defaultMessage: - 'In order to use the Observability AI Assistant you must set up a Generative AI connector.', + 'In order to use the AI Assistant you must set up a Generative AI connector.', } )} > diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json b/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json index d8a03acbae61b..12148ec014725 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json @@ -21,7 +21,7 @@ "@kbn/observability-shared-plugin", "@kbn/config-schema", "@kbn/core-ui-settings-common", - "@kbn/logs-data-access-plugin" + "@kbn/logs-data-access-plugin", ], "exclude": ["target/**/*"] } diff --git a/x-pack/plugins/search_assistant/public/components/routes/conversations/conversation_view_with_props.tsx b/x-pack/plugins/search_assistant/public/components/routes/conversations/conversation_view_with_props.tsx index f0e4a61895f39..28ed6d00863f3 100644 --- a/x-pack/plugins/search_assistant/public/components/routes/conversations/conversation_view_with_props.tsx +++ b/x-pack/plugins/search_assistant/public/components/routes/conversations/conversation_view_with_props.tsx @@ -30,7 +30,7 @@ export function ConversationViewWithProps() { getConversationHref={(id: string) => http?.basePath.prepend(`/app/searchAssistant/conversations/${id || ''}`) || '' } - scope="search" + scopes={['search']} /> ); } diff --git a/x-pack/plugins/search_assistant/server/functions/index.ts b/x-pack/plugins/search_assistant/server/functions/index.ts index d1eef69615a61..46da6767f359d 100644 --- a/x-pack/plugins/search_assistant/server/functions/index.ts +++ b/x-pack/plugins/search_assistant/server/functions/index.ts @@ -9,9 +9,10 @@ import { RegistrationCallback } from '@kbn/observability-ai-assistant-plugin/ser export const registerFunctions: (isServerless: boolean) => RegistrationCallback = (isServerless: boolean) => - async ({ client, functions, resources, signal }) => { - functions.registerInstruction({ - instruction: `You are a helpful assistant for Elasticsearch. Your goal is to help Elasticsearch users accomplish tasks using Kibana and Elasticsearch. You can help them construct queries, index data, search data, use Elasticsearch APIs, generate sample data, visualise and analyze data. + async ({ client, functions, resources, signal, scopes }) => { + if (scopes.includes('search')) { + functions.registerInstruction( + `You are a helpful assistant for Elasticsearch. Your goal is to help Elasticsearch users accomplish tasks using Kibana and Elasticsearch. You can help them construct queries, index data, search data, use Elasticsearch APIs, generate sample data, visualise and analyze data. It's very important to not assume what the user means. Ask them for clarification if needed. @@ -27,10 +28,10 @@ export const registerFunctions: (isServerless: boolean) => RegistrationCallback If you want to call a function or tool, only call it a single time per message. Wait until the function has been executed and its results returned to you, before executing the same tool or another tool again if needed. - The user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability, which can be found in the ${ + The user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability and Search, which can be found in the ${ isServerless ? `Project settings.` : `Stack Management app under the option AI Assistants` }. - If the user asks how to change the language, reply in the same language the user asked in.`, - scopes: ['search'], - }); + If the user asks how to change the language, reply in the same language the user asked in.` + ); + } }; diff --git a/x-pack/plugins/serverless_observability/public/plugin.ts b/x-pack/plugins/serverless_observability/public/plugin.ts index 25cb2dae38192..05d598b2b3a7e 100644 --- a/x-pack/plugins/serverless_observability/public/plugin.ts +++ b/x-pack/plugins/serverless_observability/public/plugin.ts @@ -59,7 +59,7 @@ export class ServerlessObservabilityPlugin observabilityAiAssistantManagement: { category: appCategories.OTHER, title: i18n.translate('xpack.serverlessObservability.aiAssistantManagementTitle', { - defaultMessage: 'AI Assistant for Observability Settings', + defaultMessage: 'AI Assistant for Observability and Search Settings', }), description: i18n.translate( 'xpack.serverlessObservability.aiAssistantManagementDescription', diff --git a/x-pack/test/observability_ai_assistant_api_integration/tests/chat/chat.spec.ts b/x-pack/test/observability_ai_assistant_api_integration/tests/chat/chat.spec.ts index e0e67066b4777..d514d6ddb7025 100644 --- a/x-pack/test/observability_ai_assistant_api_integration/tests/chat/chat.spec.ts +++ b/x-pack/test/observability_ai_assistant_api_integration/tests/chat/chat.spec.ts @@ -59,7 +59,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { messages, connectorId: 'does not exist', functions: [], - scope: 'all', + scopes: ['all'], }) .expect(404); }); @@ -88,7 +88,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { messages, connectorId, functions: [], - scope: 'all', + scopes: ['all'], }) .pipe(passThrough); @@ -146,7 +146,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { messages, connectorId, functions: [], - scope: 'all', + scopes: ['all'], }) .expect(200) .pipe(passThrough); diff --git a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts index aaba5fbc7ba99..a7606d21408c5 100644 --- a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts +++ b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts @@ -84,7 +84,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: true, screenContexts: params.screenContexts || [], - scope: 'all', + scopes: ['all'], }) .then((response) => resolve(response)) .catch((err) => reject(err)); @@ -137,7 +137,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: false, screenContexts: [], - scope: 'all', + scopes: ['all'], }) .pipe(passThrough); @@ -404,7 +404,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: true, screenContexts: [], - scope: 'observability', + scopes: ['observability'], }, }, }) @@ -447,7 +447,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { persist: true, screenContexts: [], conversationId, - scope: 'observability', + scopes: ['observability'], }, }, }) diff --git a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/functions/helpers.ts b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/functions/helpers.ts index dadf270f0df41..b83221869baec 100644 --- a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/functions/helpers.ts +++ b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/functions/helpers.ts @@ -33,14 +33,14 @@ export async function invokeChatCompleteWithFunctionRequest({ connectorId, observabilityAIAssistantAPIClient, functionCall, - scope, + scopes, }: { connectorId: string; observabilityAIAssistantAPIClient: Awaited< ReturnType >; functionCall: Message['message']['function_call']; - scope?: AssistantScope; + scopes?: AssistantScope[]; }) { const { body } = await observabilityAIAssistantAPIClient .editorUser({ @@ -60,7 +60,7 @@ export async function invokeChatCompleteWithFunctionRequest({ connectorId, persist: false, screenContexts: [], - scope: scope || 'observability', + scopes: scopes || ['observability' as AssistantScope], }, }, }) diff --git a/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base_user_instructions.spec.ts b/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base_user_instructions.spec.ts index 04e05fc9ad31b..dc0f991c66ee2 100644 --- a/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base_user_instructions.spec.ts +++ b/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base_user_instructions.spec.ts @@ -250,7 +250,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: true, screenContexts: [], - scope: 'observability', + scopes: ['observability'], }, }, }).expect(200); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts index d30839b60b0f1..582f544c7dbfa 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts @@ -84,7 +84,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { messages, connectorId: 'does not exist', functions: [], - scope: 'all', + scopes: ['all'], }) .expect(404); }); @@ -114,7 +114,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { messages, connectorId, functions: [], - scope: 'all', + scopes: ['all'], }) .pipe(passThrough); @@ -174,7 +174,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { messages, connectorId, functions: [], - scope: 'all', + scopes: ['all'], }) .expect(200) .pipe(passThrough); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts index 970b99ab35613..a95c07bce0eb9 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts @@ -91,7 +91,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: true, screenContexts: params.screenContexts || [], - scope: 'all', + scopes: ['all'], }) .then((response: Response) => resolve(response)) .catch((err: Error) => reject(err)); @@ -164,7 +164,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: false, screenContexts: [], - scope: 'all', + scopes: ['all'], }) .pipe(passThrough); @@ -436,7 +436,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: true, screenContexts: [], - scope: 'all', + scopes: ['all'], }, }, }) @@ -483,7 +483,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { persist: true, screenContexts: [], conversationId, - scope: 'all', + scopes: ['all'], }, }, }) diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/functions/helpers.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/functions/helpers.ts index 857fa71aac9e6..758046de72f2b 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/functions/helpers.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/functions/helpers.ts @@ -36,12 +36,12 @@ export async function invokeChatCompleteWithFunctionRequest({ functionCall, roleAuthc, internalReqHeader, - scope, + scopes, }: { connectorId: string; observabilityAIAssistantAPIClient: ObservabilityAIAssistantApiClient; functionCall: Message['message']['function_call']; - scope?: AssistantScope; + scopes?: AssistantScope[]; roleAuthc: RoleCredentials; internalReqHeader: InternalRequestHeader; }) { @@ -65,7 +65,7 @@ export async function invokeChatCompleteWithFunctionRequest({ connectorId, persist: false, screenContexts: [], - scope: 'observability', + scopes: scopes || (['observability'] as AssistantScope[]), }, }, }) diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts index 86232035d0c58..4181b6a14ffde 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts @@ -266,7 +266,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { connectorId, persist: true, screenContexts: [], - scope: 'observability', + scopes: ['observability'], }, }, roleAuthc, From 7164a343e5f101e1790ffa484d649e700cdc05b2 Mon Sep 17 00:00:00 2001 From: "Eyo O. Eyo" <7893459+eokoneyo@users.noreply.github.com> Date: Thu, 24 Oct 2024 13:20:30 +0200 Subject: [PATCH 25/99] [CodeQL] resolve issue with prototype pollution (#196685) ## Summary Relates to https://github.com/elastic/kibana-team/issues/1102 Particularly addresses issues with prototype pollution Co-authored-by: Elastic Machine --- .../src/ui_settings_client_common.ts | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/packages/core/ui-settings/core-ui-settings-browser-internal/src/ui_settings_client_common.ts b/packages/core/ui-settings/core-ui-settings-browser-internal/src/ui_settings_client_common.ts index 32740c6a6fbe7..6ece79b0a675c 100644 --- a/packages/core/ui-settings/core-ui-settings-browser-internal/src/ui_settings_client_common.ts +++ b/packages/core/ui-settings/core-ui-settings-browser-internal/src/ui_settings_client_common.ts @@ -38,7 +38,11 @@ export abstract class UiSettingsClientCommon implements IUiSettingsClient { constructor(params: UiSettingsClientParams) { this.api = params.api; this.defaults = cloneDeep(params.defaults); - this.cache = defaultsDeep({}, this.defaults, cloneDeep(params.initialSettings)); + this.cache = defaultsDeep( + Object.create(null), + this.defaults, + cloneDeep(params.initialSettings) + ); params.done$.subscribe({ complete: () => { @@ -102,7 +106,10 @@ You can use \`IUiSettingsClient.get("${key}", defaultValue)\`, which will just r } isDeclared(key: string) { - return key in this.cache; + return ( + // @ts-ignore + (key !== '__proto__' || key !== 'constructor' || key !== 'prototype') && key in this.cache + ); } isDefault(key: string) { From 0a825ef7841673beea4a23c6ab38f18676a6f7b8 Mon Sep 17 00:00:00 2001 From: Pablo Machado Date: Thu, 24 Oct 2024 13:22:10 +0200 Subject: [PATCH 26/99] [SecuritySolution] Add text intro to Asset Criticality on upload page (#197436) ## Summary Add text intro to Asset Criticality on the upload page. Described here: https://github.com/elastic/kibana/issues/196633#issuecomment-2420541914 ![Screenshot 2024-10-23 at 15 21 06](https://github.com/user-attachments/assets/fa984960-6cec-4efa-b009-0044520bb6e6) --- .../entity_analytics/pages/entity_store_management_page.tsx | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_store_management_page.tsx b/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_store_management_page.tsx index 53abf222d39e4..8b2292448b13d 100644 --- a/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_store_management_page.tsx +++ b/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_store_management_page.tsx @@ -317,6 +317,11 @@ const WhatIsAssetCriticalityPanel: React.FC = () => { return ( + + From a194211fff9195c1c03c0679dc3aa806e3676515 Mon Sep 17 00:00:00 2001 From: Pablo Machado Date: Thu, 24 Oct 2024 13:25:29 +0200 Subject: [PATCH 27/99] [Security Solution] Give entity store permissions to built-in and cloud roles (#197383) ## Summary Give entity store permissions to built-in and cloud roles. The entity store should be available where the RiskEngine is. ES controller PR https://github.com/elastic/elasticsearch-controller/pull/753 --- .../project_roles/security/roles.yml | 12 ++++++++++++ .../src/serverless_resources/security_roles.json | 7 ++++++- .../serverless/es_serverless_resources/roles.yml | 13 +++++++++++++ .../project_controller_security_roles.yml | 13 +++++++++++++ 4 files changed, 44 insertions(+), 1 deletion(-) diff --git a/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml b/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml index e9223cd5d73ef..5c8446123a4fb 100644 --- a/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml +++ b/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml @@ -35,6 +35,7 @@ viewer: - '.fleet-actions*' - 'risk-score.risk-score-*' - '.asset-criticality.asset-criticality-*' + - '.entities.v1.latest.security_*' - '.ml-anomalies-*' privileges: - read @@ -99,6 +100,7 @@ editor: - 'maintenance' - names: - '.asset-criticality.asset-criticality-*' + - '.entities.v1.latest.security_*' privileges: - 'read' - 'write' @@ -162,6 +164,7 @@ t1_analyst: - '.fleet-actions*' - risk-score.risk-score-* - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* - '.ml-anomalies-*' privileges: - read @@ -211,6 +214,7 @@ t2_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - '.ml-anomalies-*' privileges: - read @@ -274,6 +278,7 @@ t3_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - '.ml-anomalies-*' privileges: - read @@ -346,6 +351,7 @@ threat_intelligence_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - '.ml-anomalies-*' privileges: - read @@ -406,6 +412,7 @@ rule_author: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - '.ml-anomalies-*' privileges: - read @@ -472,6 +479,7 @@ soc_manager: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - '.ml-anomalies-*' privileges: - read @@ -543,6 +551,7 @@ detections_admin: - all - names: - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -590,6 +599,7 @@ platform_engineer: - all - names: - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -648,6 +658,7 @@ endpoint_operations_analyst: - .lists* - .items* - risk-score.risk-score-* + - .entities.v1.latest.security_* - '.ml-anomalies-*' privileges: - read @@ -717,6 +728,7 @@ endpoint_policy_manager: - winlogbeat-* - logstash-* - risk-score.risk-score-* + - .entities.v1.latest.security_* privileges: - read - names: diff --git a/packages/kbn-es/src/serverless_resources/security_roles.json b/packages/kbn-es/src/serverless_resources/security_roles.json index 0554853b82df9..75106ba041d60 100644 --- a/packages/kbn-es/src/serverless_resources/security_roles.json +++ b/packages/kbn-es/src/serverless_resources/security_roles.json @@ -120,7 +120,12 @@ "privileges": ["read", "write"] }, { - "names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*", "risk-score.risk-score-*"], + "names": [ + "metrics-endpoint.metadata_current_*", + ".fleet-agents*", ".fleet-actions*", + "risk-score.risk-score-*", + ".entities.v1.latest.security_*" + ], "privileges": ["read"] } ], diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml index 3fd3bd2e3233e..4c17bfa922d2e 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml @@ -53,6 +53,7 @@ viewer: - ".fleet-actions*" - "risk-score.risk-score-*" - ".asset-criticality.asset-criticality-*" + - ".entities.v1.latest.security_*" - ".ml-anomalies-*" privileges: - read @@ -117,6 +118,7 @@ editor: - "maintenance" - names: - ".asset-criticality.asset-criticality-*" + - .entities.v1.latest.security_* privileges: - "read" - "write" @@ -181,6 +183,7 @@ t1_analyst: - ".fleet-actions*" - risk-score.risk-score-* - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -231,6 +234,7 @@ t2_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -295,6 +299,7 @@ t3_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -363,6 +368,7 @@ threat_intelligence_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -424,6 +430,7 @@ rule_author: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -468,6 +475,7 @@ soc_manager: - packetbeat-* - winlogbeat-* - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -491,6 +499,7 @@ soc_manager: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .asset-criticality.asset-criticality-* - ".ml-anomalies-*" privileges: - read @@ -563,6 +572,7 @@ detections_admin: - all - names: - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -611,6 +621,7 @@ platform_engineer: - all - names: - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -670,6 +681,7 @@ endpoint_operations_analyst: - .lists* - .items* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -740,6 +752,7 @@ endpoint_policy_manager: - packetbeat-* - winlogbeat-* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read diff --git a/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml b/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml index 0c60ac2aa0427..2d80c9d398210 100644 --- a/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml +++ b/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml @@ -34,6 +34,7 @@ viewer: - ".fleet-actions*" - "risk-score.risk-score-*" - ".asset-criticality.asset-criticality-*" + - ".entities.v1.latest.security_*" - ".ml-anomalies-*" privileges: - read @@ -98,6 +99,7 @@ editor: - "maintenance" - names: - ".asset-criticality.asset-criticality-*" + - ".entities.v1.latest.security_*" privileges: - "read" - "write" @@ -162,6 +164,7 @@ t1_analyst: - ".fleet-actions*" - risk-score.risk-score-* - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -212,6 +215,7 @@ t2_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -276,6 +280,7 @@ t3_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -344,6 +349,7 @@ threat_intelligence_analyst: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -405,6 +411,7 @@ rule_author: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -449,6 +456,7 @@ soc_manager: - packetbeat-* - winlogbeat-* - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -472,6 +480,7 @@ soc_manager: - .fleet-agents* - .fleet-actions* - risk-score.risk-score-* + - .asset-criticality.asset-criticality-* - ".ml-anomalies-*" privileges: - read @@ -544,6 +553,7 @@ detections_admin: - all - names: - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -592,6 +602,7 @@ platform_engineer: - all - names: - .asset-criticality.asset-criticality-* + - .entities.v1.latest.security_* privileges: - read - write @@ -651,6 +662,7 @@ endpoint_operations_analyst: - .lists* - .items* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read @@ -721,6 +733,7 @@ endpoint_policy_manager: - packetbeat-* - winlogbeat-* - risk-score.risk-score-* + - .entities.v1.latest.security_* - ".ml-anomalies-*" privileges: - read From f67bc3287b7b9a3c4bde49151cc4fec035fb7faf Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Thu, 24 Oct 2024 06:38:26 -0500 Subject: [PATCH 28/99] [console] Reenable functional tests aside from font size (#197362) ## Summary This is really just a more focused `skip` application so we can get as many tests running as quickly as possible. Part of: https://github.com/elastic/kibana/issues/193868 --- test/functional/apps/console/_misc_console_behavior.ts | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/test/functional/apps/console/_misc_console_behavior.ts b/test/functional/apps/console/_misc_console_behavior.ts index 9da5ea362fde3..fc53b6b37fb51 100644 --- a/test/functional/apps/console/_misc_console_behavior.ts +++ b/test/functional/apps/console/_misc_console_behavior.ts @@ -18,9 +18,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const browser = getService('browser'); const PageObjects = getPageObjects(['common', 'console', 'header']); - // Failing: See https://github.com/elastic/kibana/issues/193868 - // Failing: See https://github.com/elastic/kibana/issues/193868 - describe.skip('misc console behavior', function testMiscConsoleBehavior() { + describe('misc console behavior', function testMiscConsoleBehavior() { before(async () => { await browser.setWindowSize(1200, 800); await PageObjects.common.navigateToApp('console'); @@ -156,7 +154,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { await PageObjects.console.openConsole(); }); - describe('customizable font size', () => { + // Failing: See https://github.com/elastic/kibana/issues/193868 + describe.skip('customizable font size', () => { it('should allow the font size to be customized', async () => { await PageObjects.console.openConfig(); await PageObjects.console.setFontSizeSetting(20); From d74b70f7f5c64b5fa4166d761b48c211c2d5abac Mon Sep 17 00:00:00 2001 From: Jan Monschke Date: Thu, 24 Oct 2024 14:14:29 +0200 Subject: [PATCH 29/99] [SecuritySolution] Fix issue of disappearing columns in the alerts table (#197043) ## Summary Fixes: https://github.com/elastic/kibana/issues/196877 The issue above describes a situation in which columns can disappear when toggling them in a certain order in the "Columns" and "Fields". Steps to reproduce the original issue: - Make sure the`file.name` column us visible in the alerts table, the `Fields` popup and in the `Columns` selector - Hide the `file.name` column from the `Columns` selector - Go to `Fields` and enable the `file.name` field - Observe that the column isn't showing up in the table - The `file.name` column is also not showing up in the `Columns` selector anymore. The issue has a video demonstration attached to it as well. With this fix applied, the column does not "disappear" anymore: https://github.com/user-attachments/assets/4056f297-584a-4713-8936-b4e3ac3339a0 ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the common scenarios @elastic/response-ops Got any ideas on how to best add unit tests for this? --------- Co-authored-by: Elastic Machine --- .../alerts_table/alerts_table.test.tsx | 36 +++++++++++++++++++ .../sections/alerts_table/alerts_table.tsx | 4 +-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx index d410e8ee9d43e..bcd9026992d15 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.test.tsx @@ -694,6 +694,42 @@ describe('AlertsTable', () => { expect(await screen.findByTestId(TEST_ID.FIELD_BROWSER_CUSTOM_CREATE_BTN)).toBeVisible(); }); + + it('The column state is synced correctly between the column selector and the field selector', async () => { + const columnToHide = tableProps.columns[0]; + render( + + ); + + const fieldBrowserBtn = await screen.findByTestId(TEST_ID.FIELD_BROWSER_BTN); + const columnSelectorBtn = await screen.findByTestId('dataGridColumnSelectorButton'); + + // Open the column visibility selector and hide the column + fireEvent.click(columnSelectorBtn); + const columnVisibilityToggle = await screen.findByTestId( + `dataGridColumnSelectorToggleColumnVisibility-${columnToHide.id}` + ); + fireEvent.click(columnVisibilityToggle); + + // Open the field browser + fireEvent.click(fieldBrowserBtn); + expect(await screen.findByTestId(TEST_ID.FIELD_BROWSER)).toBeVisible(); + + // The column should be checked in the field browser, independent of its visibility status + const columnCheckbox: HTMLInputElement = await screen.findByTestId( + `field-${columnToHide.id}-checkbox` + ); + expect(columnCheckbox).toBeChecked(); + }); }); describe('cases column', () => { diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx index 617b0f9c70a0a..61c65eded27b5 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx @@ -413,7 +413,7 @@ const AlertsTable: React.FunctionComponent = memo((props: Aler rowSelection: bulkActionsState.rowSelection, alerts, isLoading, - columnIds: visibleColumns, + columnIds: columns.map((column) => column.id), onToggleColumn, onResetColumns, browserFields, @@ -431,7 +431,7 @@ const AlertsTable: React.FunctionComponent = memo((props: Aler alertsCount, bulkActionsState, isLoading, - visibleColumns, + columns, onToggleColumn, onResetColumns, browserFields, From bd43cf58ddac6df88acba280794dd6ee2a63b644 Mon Sep 17 00:00:00 2001 From: Joe Reuter Date: Thu, 24 Oct 2024 14:21:52 +0200 Subject: [PATCH 30/99] [Observability Onboarding] Improve wording in auto-detect description (#197460) Metrics are not stored in files, slightly adjusting the wording --- .../onboarding_flow_form/use_custom_cards_for_category.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx index 0ef775d4e3f6c..eb359f6158030 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/onboarding_flow_form/use_custom_cards_for_category.tsx @@ -57,7 +57,7 @@ export function useCustomCardsForCategory( description: i18n.translate( 'xpack.observability_onboarding.useCustomCardsForCategory.autoDetectDescription', { - defaultMessage: 'Scan your host for log and metric files, auto-install integrations', + defaultMessage: 'Scan your host for log files, metrics, auto-install integrations', } ), extraLabelsBadges: [ From 894d1f2190cf35eead4ffe69b7a06f420d44bf55 Mon Sep 17 00:00:00 2001 From: Tre Date: Thu, 24 Oct 2024 13:50:02 +0100 Subject: [PATCH 31/99] [FTR][Ownership] Upgrade Assistant, Watcher, etc (#197253) ## Summary Assigning ownership to as many files as possible, with as few reviewers as possible. ### Assignment Reasons Assigned upgrade_assistant due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/upgrade_assistant/kibana.jsonc#L4 Assigned watcher due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/watcher/kibana.jsonc#L4 Assigned ingest_pipelines due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/ingest_pipelines/kibana.jsonc#L4 Assigned security solutions services only due to the name Assigned detections_response due to the name Assigned dashboard due to the name Assigned index management due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/index_management/kibana.jsonc#L4 Assigned ilm due to https://github.com/elastic/kibana/blob/main/x-pack/plugins/index_lifecycle_management/kibana.jsonc#L4 Contributes to: https://github.com/elastic/kibana/issues/194817 --- .github/CODEOWNERS | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 08f31b4e1fcf0..3e0a5ea38a3db 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1280,6 +1280,7 @@ x-pack/test_serverless/**/test_suites/observability/ai_assistant @elastic/obs-ai ### END Observability Plugins # Presentation +/x-pack/test/functional/apps/dashboard @elastic/kibana-presentation /x-pack/test/accessibility/apps/group3/maps.ts @elastic/kibana-presentation /x-pack/test/accessibility/apps/group1/dashboard_panel_options.ts @elastic/kibana-presentation /x-pack/test/accessibility/apps/group1/dashboard_links.ts @elastic/kibana-presentation @@ -1357,6 +1358,8 @@ x-pack/test_serverless/**/test_suites/observability/ai_assistant @elastic/obs-ai /.eslintignore @elastic/kibana-operations # Appex QA +/x-pack/test/functional/config.*.* @elastic/appex-qa +/x-pack/test/api_integration/ftr_provider_context.d.ts @elastic/appex-qa # Maybe this should be a glob? /x-pack/test/accessibility/services.ts @elastic/appex-qa /x-pack/test/accessibility/page_objects.ts @elastic/appex-qa /x-pack/test/accessibility/ftr_provider_context.d.ts @elastic/appex-qa @@ -1536,6 +1539,15 @@ x-pack/test/api_integration/apis/management/index_management/inference_endpoints /x-pack/test/functional_search/ @elastic/search-kibana # Management Experience - Deployment Management +/x-pack/test/api_integration/services/index_management.ts @elastic/kibana-management +/x-pack/test/functional/services/grok_debugger.js @elastic/kibana-management +/x-pack/test/functional/apps/grok_debugger @elastic/kibana-management +/x-pack/test/functional/apps/index_lifecycle_management @elastic/kibana-management +/x-pack/test/functional/apps/index_management @elastic/kibana-management +/x-pack/test/api_integration/services/ingest_pipelines @elastic/kibana-management +/x-pack/test/functional/apps/watcher @elastic/kibana-management +/x-pack/test/api_integration/apis/watcher @elastic/kibana-management +/x-pack/test/api_integration/apis/upgrade_assistant @elastic/kibana-management /x-pack/test/api_integration/apis/searchprofiler @elastic/kibana-management /x-pack/test/api_integration/apis/console @elastic/kibana-management /x-pack/test_serverless/**/test_suites/common/index_management/ @elastic/kibana-management @@ -1572,6 +1584,8 @@ x-pack/test/api_integration/apis/management/index_management/inference_endpoints #CC# /x-pack/plugins/cross_cluster_replication/ @elastic/kibana-management # Security Solution +/x-pack/test/common/services/security_solution @elastic/security-solution +/x-pack/test/api_integration/services/security_solution_*.gen.ts @elastic/security-solution /x-pack/test/accessibility/apps/group3/security_solution.ts @elastic/security-solution /x-pack/test_serverless/functional/test_suites/security/config.ts @elastic/security-solution @elastic/appex-qa /x-pack/test_serverless/functional/test_suites/security/config.feature_flags.ts @elastic/security-solution @@ -1635,6 +1649,7 @@ x-pack/test/security_solution_api_integration/test_suites/detections_response/us x-pack/test/security_solution_api_integration/test_suites/explore @elastic/security-threat-hunting-explore x-pack/test/security_solution_api_integration/test_suites/investigations @elastic/security-threat-hunting-investigations x-pack/test/security_solution_api_integration/test_suites/sources @elastic/security-detections-response +/x-pack/test/common/utils/security_solution/detections_response @elastic/security-detections-response # Security Solution sub teams From f25ef61d52ded8e3cdbc00704f0425cb0536a92d Mon Sep 17 00:00:00 2001 From: Saarika Bhasi <55930906+saarikabhasi@users.noreply.github.com> Date: Thu, 24 Oct 2024 09:02:54 -0400 Subject: [PATCH 32/99] [Onboarding]Update manage indices button in index management to navigate to search_indices details page (#196787) In this PR, updating manage indices button to navigate to search_indices details page. https://github.com/user-attachments/assets/29868c2d-7c6f-4895-b5e7-b5dea161c09a ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .../src/services/extensions_service.ts | 4 +- .../home/indices_tab.test.tsx | 21 ++++++-- .../index_actions_context_menu.js | 31 ++++++++--- .../index_list/index_table/index_table.js | 15 +++--- .../application/services/routing.test.ts | 35 +++++++++++- .../public/application/services/routing.ts | 28 +++++++++- .../plugins/search_indices/public/plugin.ts | 10 ++-- .../plugins/search_indices/public/routes.ts | 1 + .../page_objects/index_management_page.ts | 53 +++++++++++++------ .../svl_search_index_detail_page.ts | 4 -- .../management/index_management/indices.ts | 52 ++++++++++++++---- .../test_suites/search/search_index_detail.ts | 29 +++++++++- 12 files changed, 229 insertions(+), 54 deletions(-) diff --git a/x-pack/packages/index-management/index_management_shared_types/src/services/extensions_service.ts b/x-pack/packages/index-management/index_management_shared_types/src/services/extensions_service.ts index 98d981752e584..434f18f1fa1ef 100644 --- a/x-pack/packages/index-management/index_management_shared_types/src/services/extensions_service.ts +++ b/x-pack/packages/index-management/index_management_shared_types/src/services/extensions_service.ts @@ -31,7 +31,7 @@ export interface IndexBadge { color: EuiBadgeProps['color']; } export interface IndexDetailsPageRoute { - renderRoute: (indexName: string) => string; + renderRoute: (indexName: string, detailsTabId?: string) => string; } export interface EmptyListContent { @@ -72,5 +72,5 @@ export interface ExtensionsSetup { // sets content to render below the docs link on the mappings tab of the index page setIndexMappingsContent(content: IndexContent): void; // sets index details page route - setIndexDetailsPageRoute(route: IndexDetailsPageRoute): void; + setIndexDetailsPageRoute(route: IndexDetailsPageRoute, detailsTabId?: string): void; } diff --git a/x-pack/plugins/index_management/__jest__/client_integration/home/indices_tab.test.tsx b/x-pack/plugins/index_management/__jest__/client_integration/home/indices_tab.test.tsx index 351bc068f36a0..a8256a2e00b27 100644 --- a/x-pack/plugins/index_management/__jest__/client_integration/home/indices_tab.test.tsx +++ b/x-pack/plugins/index_management/__jest__/client_integration/home/indices_tab.test.tsx @@ -10,6 +10,7 @@ */ import { EuiSearchBoxProps } from '@elastic/eui/src/components/search_bar/search_box'; +import { applicationServiceMock } from '@kbn/core/public/mocks'; jest.mock('@elastic/eui/lib/components/search_bar/search_box', () => { return { EuiSearchBox: (props: EuiSearchBoxProps) => ( @@ -136,15 +137,21 @@ describe('', () => { createNonDataStreamIndex(indexName) ); + const application = applicationServiceMock.createStartContract(); testBed = await setup(httpSetup, { history: createMemoryHistory(), + core: { + application, + }, }); const { component, actions } = testBed; component.update(); await actions.clickIndexNameAt(0); - expect(testBed.actions.findIndexDetailsPageTitle()).toContain('testIndex'); + expect(application.navigateToUrl).toHaveBeenCalledWith( + '/app/management/data/index_management/indices/index_details?indexName=testIndex&includeHiddenIndices=true' + ); }); it('index page works with % character in index name', async () => { @@ -155,13 +162,21 @@ describe('', () => { createNonDataStreamIndex(indexName) ); - testBed = await setup(httpSetup); + const application = applicationServiceMock.createStartContract(); + testBed = await setup(httpSetup, { + history: createMemoryHistory(), + core: { + application, + }, + }); const { component, actions } = testBed; component.update(); await actions.clickIndexNameAt(0); - expect(testBed.actions.findIndexDetailsPageTitle()).toContain(indexName); + expect(application.navigateToUrl).toHaveBeenCalledWith( + '/app/management/data/index_management/indices/index_details?indexName=test%25&includeHiddenIndices=true' + ); }); describe('empty list component', () => { diff --git a/x-pack/plugins/index_management/public/application/sections/home/index_list/index_actions_context_menu/index_actions_context_menu.js b/x-pack/plugins/index_management/public/application/sections/home/index_list/index_actions_context_menu/index_actions_context_menu.js index 2acce7f28b06f..d733fdfd2f6e6 100644 --- a/x-pack/plugins/index_management/public/application/sections/home/index_list/index_actions_context_menu/index_actions_context_menu.js +++ b/x-pack/plugins/index_management/public/application/sections/home/index_list/index_actions_context_menu/index_actions_context_menu.js @@ -23,7 +23,7 @@ import { import { flattenPanelTree } from '../../../../lib/flatten_panel_tree'; import { INDEX_OPEN, IndexDetailsSection } from '../../../../../../common/constants'; -import { getIndexDetailsLink } from '../../../../services/routing'; +import { getIndexDetailsLink, navigateToIndexDetailsPage } from '../../../../services/routing'; import { AppContext } from '../../../../app_context'; export class IndexActionsContextMenu extends Component { @@ -50,7 +50,7 @@ export class IndexActionsContextMenu extends Component { panels() { const { services: { extensionsService }, - core: { getUrlForApp }, + core: { getUrlForApp, application, http }, history, config: { enableIndexActions }, } = this.context; @@ -83,8 +83,13 @@ export class IndexActionsContextMenu extends Component { defaultMessage: 'Show index overview', }), onClick: () => { - history.push( - getIndexDetailsLink(indexNames[0], indicesListURLParams, IndexDetailsSection.Overview) + navigateToIndexDetailsPage( + indexNames[0], + indicesListURLParams, + extensionsService, + application, + http, + IndexDetailsSection.Overview ); }, }); @@ -94,8 +99,13 @@ export class IndexActionsContextMenu extends Component { defaultMessage: 'Show index settings', }), onClick: () => { - history.push( - getIndexDetailsLink(indexNames[0], indicesListURLParams, IndexDetailsSection.Settings) + navigateToIndexDetailsPage( + indexNames[0], + indicesListURLParams, + extensionsService, + application, + http, + IndexDetailsSection.Settings ); }, }); @@ -105,8 +115,13 @@ export class IndexActionsContextMenu extends Component { defaultMessage: 'Show index mapping', }), onClick: () => { - history.push( - getIndexDetailsLink(indexNames[0], indicesListURLParams, IndexDetailsSection.Mappings) + navigateToIndexDetailsPage( + indexNames[0], + indicesListURLParams, + extensionsService, + application, + http, + IndexDetailsSection.Mappings ); }, }); diff --git a/x-pack/plugins/index_management/public/application/sections/home/index_list/index_table/index_table.js b/x-pack/plugins/index_management/public/application/sections/home/index_list/index_table/index_table.js index 9567aee715c3b..b63c211f74dbf 100644 --- a/x-pack/plugins/index_management/public/application/sections/home/index_list/index_table/index_table.js +++ b/x-pack/plugins/index_management/public/application/sections/home/index_list/index_table/index_table.js @@ -41,7 +41,7 @@ import { reactRouterNavigate, attemptToURIDecode, } from '../../../../../shared_imports'; -import { getDataStreamDetailsLink, getIndexDetailsLink } from '../../../../services/routing'; +import { getDataStreamDetailsLink, navigateToIndexDetailsPage } from '../../../../services/routing'; import { documentationService } from '../../../../services/documentation'; import { AppContextConsumer } from '../../../../app_context'; import { renderBadges } from '../../../../lib/render_badges'; @@ -73,12 +73,13 @@ const getColumnConfigs = ({ { - if (!extensionsService.indexDetailsPageRoute) { - history.push(getIndexDetailsLink(index.name, location.search || '')); - } else { - const route = extensionsService.indexDetailsPageRoute.renderRoute(index.name); - application.navigateToUrl(http.basePath.prepend(route)); - } + navigateToIndexDetailsPage( + index.name, + location.search || '', + extensionsService, + application, + http + ); }} > {index.name} diff --git a/x-pack/plugins/index_management/public/application/services/routing.test.ts b/x-pack/plugins/index_management/public/application/services/routing.test.ts index 24500cb6059bf..0b1462deab58b 100644 --- a/x-pack/plugins/index_management/public/application/services/routing.test.ts +++ b/x-pack/plugins/index_management/public/application/services/routing.test.ts @@ -5,10 +5,16 @@ * 2.0. */ -import { getIndexDetailsLink, getIndexListUri } from './routing'; +import { getIndexDetailsLink, getIndexListUri, navigateToIndexDetailsPage } from './routing'; +import { applicationServiceMock, httpServiceMock } from '@kbn/core/public/mocks'; +import { ExtensionsService } from '../../services/extensions_service'; +import { IndexDetailsSection } from '../../../common/constants'; describe('routing', () => { describe('index details link', () => { + const application = applicationServiceMock.createStartContract(); + const http = httpServiceMock.createSetupContract(); + it('adds the index name to the url', () => { const indexName = 'testIndex'; const url = getIndexDetailsLink(indexName, ''); @@ -26,6 +32,33 @@ describe('routing', () => { const url = getIndexDetailsLink('testIndex', '', tab); expect(url).toContain(`tab=${tab}`); }); + it('renders default index details route without extensionService indexDetailsPageRoute ', () => { + const extensionService = { + indexDetailsPageRoute: null, + } as ExtensionsService; + navigateToIndexDetailsPage('testIndex', '', extensionService, application, http); + expect(application.navigateToUrl).toHaveBeenCalled(); + }); + + it('renders route from extensionService indexDetailsPageRoute with tab id', () => { + const extensionService = { + indexDetailsPageRoute: { + renderRoute: (indexName: string, detailsTabId?: string) => { + return `test_url/${detailsTabId}`; + }, + }, + } as ExtensionsService; + navigateToIndexDetailsPage( + 'testIndex', + '', + extensionService, + application, + http, + IndexDetailsSection.Settings + ); + expect(application.navigateToUrl).toHaveBeenCalled(); + expect(application.navigateToUrl).toHaveBeenCalledWith('test_url/settings'); + }); }); describe('indices list link', () => { diff --git a/x-pack/plugins/index_management/public/application/services/routing.ts b/x-pack/plugins/index_management/public/application/services/routing.ts index 07653d2591ffc..bce7a14f03e46 100644 --- a/x-pack/plugins/index_management/public/application/services/routing.ts +++ b/x-pack/plugins/index_management/public/application/services/routing.ts @@ -5,9 +5,12 @@ * 2.0. */ +import { ApplicationStart } from '@kbn/core/public'; +import { HttpSetup } from '@kbn/core/public'; import { Section } from '../../../common/constants'; import type { IndexDetailsTabId } from '../../../common/constants'; - +import { ExtensionsService } from '../../services/extensions_service'; +import { IndexDetailsSection } from '../../../common/constants'; export const getTemplateListLink = () => `/templates`; export const getTemplateDetailsLink = (name: string, isLegacy?: boolean) => { @@ -78,3 +81,26 @@ export const getComponentTemplatesLink = (usedByTemplateName?: string) => { } return url; }; +export const navigateToIndexDetailsPage = ( + indexName: string, + indicesListURLParams: string, + extensionsService: ExtensionsService, + application: ApplicationStart, + http: HttpSetup, + tabId?: IndexDetailsSection +) => { + if (!extensionsService.indexDetailsPageRoute) { + application.navigateToUrl( + http.basePath.prepend( + `/app/management/data/index_management${getIndexDetailsLink( + indexName, + indicesListURLParams, + tabId + )}` + ) + ); + } else { + const route = extensionsService.indexDetailsPageRoute.renderRoute(indexName, tabId); + application.navigateToUrl(http.basePath.prepend(route)); + } +}; diff --git a/x-pack/plugins/search_indices/public/plugin.ts b/x-pack/plugins/search_indices/public/plugin.ts index 2f9a8ca3cf950..c9b5c8f4c7659 100644 --- a/x-pack/plugins/search_indices/public/plugin.ts +++ b/x-pack/plugins/search_indices/public/plugin.ts @@ -17,7 +17,7 @@ import type { } from './types'; import { initQueryClient } from './services/query_client'; import { INDICES_APP_ID, START_APP_ID } from '../common'; -import { INDICES_APP_BASE, START_APP_BASE } from './routes'; +import { INDICES_APP_BASE, START_APP_BASE, SearchIndexDetailsTabValues } from './routes'; export class SearchIndicesPlugin implements Plugin @@ -81,8 +81,12 @@ export class SearchIndicesPlugin docLinks.setDocLinks(core.docLinks.links); if (this.pluginEnabled) { indexManagement?.extensionsService.setIndexDetailsPageRoute({ - renderRoute: (indexName) => { - return `/app/elasticsearch/indices/index_details/${indexName}`; + renderRoute: (indexName, detailsTabId) => { + const route = `/app/elasticsearch/indices/index_details/${indexName}`; + if (detailsTabId && SearchIndexDetailsTabValues.includes(detailsTabId)) { + return `${route}/${detailsTabId}`; + } + return route; }, }); } diff --git a/x-pack/plugins/search_indices/public/routes.ts b/x-pack/plugins/search_indices/public/routes.ts index c72e84c66a7d0..057891d63226d 100644 --- a/x-pack/plugins/search_indices/public/routes.ts +++ b/x-pack/plugins/search_indices/public/routes.ts @@ -14,5 +14,6 @@ export enum SearchIndexDetailsTabs { SETTINGS = 'settings', } +export const SearchIndexDetailsTabValues: string[] = Object.values(SearchIndexDetailsTabs); export const START_APP_BASE = '/app/elasticsearch/start'; export const INDICES_APP_BASE = '/app/elasticsearch/indices'; diff --git a/x-pack/test/functional/page_objects/index_management_page.ts b/x-pack/test/functional/page_objects/index_management_page.ts index 848c7c9e5b0e3..f257f76cbfc5b 100644 --- a/x-pack/test/functional/page_objects/index_management_page.ts +++ b/x-pack/test/functional/page_objects/index_management_page.ts @@ -12,6 +12,7 @@ export function IndexManagementPageProvider({ getService }: FtrProviderContext) const find = getService('find'); const testSubjects = getService('testSubjects'); + const browser = getService('browser'); return { async sectionHeadingText() { return await testSubjects.getVisibleText('appTitle'); @@ -154,6 +155,10 @@ export function IndexManagementPageProvider({ getService }: FtrProviderContext) await testSubjects.existOrFail('indexDetailsContent'); await testSubjects.existOrFail('indexDetailsBackToIndicesButton'); }, + async expectUrlShouldChangeTo(tabId: string) { + const url = await browser.getCurrentUrl(); + expect(url).to.contain(`tab=${tabId}`); + }, }, async clickCreateIndexButton() { await testSubjects.click('createIndexButton'); @@ -181,23 +186,9 @@ export function IndexManagementPageProvider({ getService }: FtrProviderContext) expect(indexNames.some((i) => i === indexName)).to.be(true); }, - async selectIndex(indexName: string) { - const id = `checkboxSelectIndex-${indexName}`; - const checkbox = await find.byCssSelector(`input[id="${id}"]`); - if (!(await checkbox.isSelected())) { - await find.clickByCssSelector(`input[id="${id}"]`); - } - }, - async clickManageButton() { - await testSubjects.existOrFail('indexActionsContextMenuButton'); - await testSubjects.click('indexActionsContextMenuButton'); - }, - async contextMenuIsVisible() { - await testSubjects.existOrFail('indexContextMenu'); + async confirmDeleteModalIsVisible() { await testSubjects.existOrFail('deleteIndexMenuButton'); await testSubjects.click('deleteIndexMenuButton'); - }, - async confirmDeleteModalIsVisible() { await testSubjects.existOrFail('confirmModalTitleText'); const modalText: string = await testSubjects.getVisibleText('confirmModalTitleText'); expect(modalText).to.be('Delete index'); @@ -217,5 +208,37 @@ export function IndexManagementPageProvider({ getService }: FtrProviderContext) ); expect(indexNames.includes(indexName)).to.be(false); }, + async manageIndex(indexName: string) { + const id = `checkboxSelectIndex-${indexName}`; + const checkbox = await find.byCssSelector(`input[id="${id}"]`); + if (!(await checkbox.isSelected())) { + await find.clickByCssSelector(`input[id="${id}"]`); + } + await retry.waitFor('manage index to show up ', async () => { + return (await testSubjects.isDisplayed('indexActionsContextMenuButton')) === true; + }); + const contextMenuButton = await testSubjects.find('indexActionsContextMenuButton'); + await contextMenuButton.click(); + await retry.waitFor('manage index context menu to show ', async () => { + return (await testSubjects.isDisplayed('indexContextMenu')) === true; + }); + }, + async manageIndexContextMenuExists() { + await testSubjects.existOrFail('showOverviewIndexMenuButton'); + await testSubjects.existOrFail('showSettingsIndexMenuButton'); + await testSubjects.existOrFail('showMappingsIndexMenuButton'); + await testSubjects.existOrFail('deleteIndexMenuButton'); + }, + async changeManageIndexTab( + manageIndexTab: + | 'showOverviewIndexMenuButton' + | 'showSettingsIndexMenuButton' + | 'showMappingsIndexMenuButton' + | 'deleteIndexMenuButton' + ) { + await testSubjects.existOrFail(manageIndexTab); + const manageIndexComponent = await testSubjects.find(manageIndexTab); + await manageIndexComponent.click(); + }, }; } diff --git a/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts b/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts index 1b355138173d6..277b4d2c7ada2 100644 --- a/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts +++ b/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts @@ -136,9 +136,6 @@ export function SvlSearchIndexDetailPageProvider({ getService }: FtrProviderCont await testSubjects.existOrFail('mappingsTab', { timeout: 2000 }); await testSubjects.existOrFail('dataTab', { timeout: 2000 }); }, - async expectShouldDefaultToDataTab() { - expect(await browser.getCurrentUrl()).contain('/data'); - }, async withDataChangeTabs(tab: 'dataTab' | 'mappingsTab' | 'settingsTab') { await testSubjects.click(tab); }, @@ -202,7 +199,6 @@ export function SvlSearchIndexDetailPageProvider({ getService }: FtrProviderCont return (await testSubjects.isDisplayed('searchIndexDetailsHeader')) === true; }); }, - async expectSearchIndexDetailsTabsExists() { await testSubjects.existOrFail('dataTab'); await testSubjects.existOrFail('mappingsTab'); diff --git a/x-pack/test_serverless/functional/test_suites/common/management/index_management/indices.ts b/x-pack/test_serverless/functional/test_suites/common/management/index_management/indices.ts index fe5938109d7b8..e98fcc09e97d1 100644 --- a/x-pack/test_serverless/functional/test_suites/common/management/index_management/indices.ts +++ b/x-pack/test_serverless/functional/test_suites/common/management/index_management/indices.ts @@ -12,6 +12,9 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { const pageObjects = getPageObjects(['svlCommonPage', 'common', 'indexManagement', 'header']); const browser = getService('browser'); const security = getService('security'); + const esDeleteAllIndices = getService('esDeleteAllIndices'); + const testIndexName = `index-ftr-test-${Math.random()}`; + const es = getService('es'); describe('Indices', function () { before(async () => { @@ -22,7 +25,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { await pageObjects.indexManagement.changeTabs('indicesTab'); await pageObjects.header.waitUntilLoadingHasFinished(); }); - const testIndexName = `index-ftr-test-${Math.random()}`; + it('renders the indices tab', async () => { const url = await browser.getCurrentUrl(); expect(url).to.contain(`/indices`); @@ -33,14 +36,45 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { await pageObjects.indexManagement.clickCreateIndexSaveButton(); await pageObjects.indexManagement.expectIndexToExist(testIndexName); }); - it('can manage index', async () => { - await pageObjects.indexManagement.selectIndex(testIndexName); - await pageObjects.indexManagement.clickManageButton(); - await pageObjects.indexManagement.contextMenuIsVisible(); - }); - it('can delete index', async () => { - await pageObjects.indexManagement.confirmDeleteModalIsVisible(); - await pageObjects.indexManagement.expectIndexIsDeleted(testIndexName); + + describe('manage index', function () { + beforeEach(async () => { + await pageObjects.common.navigateToApp('indexManagement'); + // Navigate to the indices tab + await pageObjects.indexManagement.changeTabs('indicesTab'); + await pageObjects.header.waitUntilLoadingHasFinished(); + await pageObjects.indexManagement.manageIndex(testIndexName); + await pageObjects.indexManagement.manageIndexContextMenuExists(); + }); + describe('navigate to index detail tabs', function () { + before(async () => { + await es.indices.create({ index: testIndexName }); + }); + after(async () => { + await esDeleteAllIndices(testIndexName); + }); + this.tags('skipSvlSearch'); + it('navigates to overview', async () => { + await pageObjects.indexManagement.changeManageIndexTab('showOverviewIndexMenuButton'); + await pageObjects.indexManagement.indexDetailsPage.expectIndexDetailsPageIsLoaded(); + await pageObjects.indexManagement.indexDetailsPage.expectUrlShouldChangeTo('overview'); + }); + + it('navigates to settings tab', async () => { + await pageObjects.indexManagement.changeManageIndexTab('showSettingsIndexMenuButton'); + await pageObjects.indexManagement.indexDetailsPage.expectIndexDetailsPageIsLoaded(); + await pageObjects.indexManagement.indexDetailsPage.expectUrlShouldChangeTo('settings'); + }); + it('navigates to mappings tab', async () => { + await pageObjects.indexManagement.changeManageIndexTab('showMappingsIndexMenuButton'); + await pageObjects.indexManagement.indexDetailsPage.expectIndexDetailsPageIsLoaded(); + await pageObjects.indexManagement.indexDetailsPage.expectUrlShouldChangeTo('mappings'); + }); + }); + it('can delete index', async () => { + await pageObjects.indexManagement.confirmDeleteModalIsVisible(); + await pageObjects.indexManagement.expectIndexIsDeleted(testIndexName); + }); }); }); }; diff --git a/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts b/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts index f6444bedc5bac..0070ce7e2cb43 100644 --- a/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts +++ b/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts @@ -133,7 +133,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }); it('should have with data tabs', async () => { await pageObjects.svlSearchIndexDetailPage.expectWithDataTabsExists(); - await pageObjects.svlSearchIndexDetailPage.expectShouldDefaultToDataTab(); + await pageObjects.svlSearchIndexDetailPage.expectUrlShouldChangeTo('data'); }); it('should be able to change tabs to mappings and mappings is shown', async () => { await pageObjects.svlSearchIndexDetailPage.withDataChangeTabs('mappingsTab'); @@ -188,11 +188,38 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { before(async () => { await es.indices.create({ index: indexName }); await security.testUser.setRoles(['index_management_user']); + }); + beforeEach(async () => { await pageObjects.common.navigateToApp('indexManagement'); // Navigate to the indices tab await pageObjects.indexManagement.changeTabs('indicesTab'); await pageObjects.header.waitUntilLoadingHasFinished(); }); + after(async () => { + await esDeleteAllIndices(indexName); + }); + describe('manage index action', () => { + beforeEach(async () => { + await pageObjects.indexManagement.manageIndex(indexName); + await pageObjects.indexManagement.manageIndexContextMenuExists(); + }); + it('navigates to overview tab', async () => { + await pageObjects.indexManagement.changeManageIndexTab('showOverviewIndexMenuButton'); + await pageObjects.svlSearchIndexDetailPage.expectIndexDetailPageHeader(); + await pageObjects.svlSearchIndexDetailPage.expectUrlShouldChangeTo('data'); + }); + + it('navigates to settings tab', async () => { + await pageObjects.indexManagement.changeManageIndexTab('showSettingsIndexMenuButton'); + await pageObjects.svlSearchIndexDetailPage.expectIndexDetailPageHeader(); + await pageObjects.svlSearchIndexDetailPage.expectUrlShouldChangeTo('settings'); + }); + it('navigates to mappings tab', async () => { + await pageObjects.indexManagement.changeManageIndexTab('showMappingsIndexMenuButton'); + await pageObjects.svlSearchIndexDetailPage.expectIndexDetailPageHeader(); + await pageObjects.svlSearchIndexDetailPage.expectUrlShouldChangeTo('mappings'); + }); + }); describe('can view search index details', function () { it('renders search index details with no documents', async () => { await pageObjects.svlSearchIndexDetailPage.openIndicesDetailFromIndexManagementIndicesListTable( From b3d5c4b46e2f9df7a28bcc3b5b61a132ffdcc0f1 Mon Sep 17 00:00:00 2001 From: Kevin Delemme Date: Thu, 24 Oct 2024 09:15:05 -0400 Subject: [PATCH 33/99] chore(o11y): add missing access options to routes (#197511) --- .../annotations/register_annotation_apis.ts | 18 ++++++++++++++++++ .../server/routes/assistant/route.ts | 1 + .../observability/server/routes/rules/route.ts | 1 + 3 files changed, 20 insertions(+) diff --git a/x-pack/plugins/observability_solution/observability/server/lib/annotations/register_annotation_apis.ts b/x-pack/plugins/observability_solution/observability/server/lib/annotations/register_annotation_apis.ts index 8af247721acb9..59ae964ce8831 100644 --- a/x-pack/plugins/observability_solution/observability/server/lib/annotations/register_annotation_apis.ts +++ b/x-pack/plugins/observability_solution/observability/server/lib/annotations/register_annotation_apis.ts @@ -98,6 +98,9 @@ export function registerAnnotationAPIs({ validate: { body: unknowns, }, + options: { + access: 'public', + }, }, wrapRouteHandler(t.type({ body: createAnnotationRt }), ({ data, client }) => { return client.create(data.body); @@ -110,6 +113,9 @@ export function registerAnnotationAPIs({ validate: { body: unknowns, }, + options: { + access: 'public', + }, }, wrapRouteHandler(t.type({ body: updateAnnotationRt }), ({ data, client }) => { return client.update(data.body); @@ -122,6 +128,9 @@ export function registerAnnotationAPIs({ validate: { params: unknowns, }, + options: { + access: 'public', + }, }, wrapRouteHandler(t.type({ params: deleteAnnotationRt }), ({ data, client }) => { return client.delete(data.params); @@ -134,6 +143,9 @@ export function registerAnnotationAPIs({ validate: { params: unknowns, }, + options: { + access: 'public', + }, }, wrapRouteHandler(t.type({ params: getAnnotationByIdRt }), ({ data, client }) => { return client.getById(data.params); @@ -146,6 +158,9 @@ export function registerAnnotationAPIs({ validate: { query: unknowns, }, + options: { + access: 'public', + }, }, wrapRouteHandler(t.type({ query: findAnnotationRt }), ({ data, client }) => { return client.find(data.query); @@ -158,6 +173,9 @@ export function registerAnnotationAPIs({ validate: { query: unknowns, }, + options: { + access: 'public', + }, }, wrapRouteHandler(t.type({}), ({ client }) => { return client.permissions(); diff --git a/x-pack/plugins/observability_solution/observability/server/routes/assistant/route.ts b/x-pack/plugins/observability_solution/observability/server/routes/assistant/route.ts index e6e04704971d2..f5c6c393371c5 100644 --- a/x-pack/plugins/observability_solution/observability/server/routes/assistant/route.ts +++ b/x-pack/plugins/observability_solution/observability/server/routes/assistant/route.ts @@ -13,6 +13,7 @@ const getObservabilityAlertDetailsContextRoute = createObservabilityServerRoute( endpoint: 'GET /internal/observability/assistant/alert_details_contextual_insights', options: { tags: [], + access: 'internal', }, params: t.type({ query: alertDetailsContextRt, diff --git a/x-pack/plugins/observability_solution/observability/server/routes/rules/route.ts b/x-pack/plugins/observability_solution/observability/server/routes/rules/route.ts index c33f58f6ea75f..909b11cb713a9 100644 --- a/x-pack/plugins/observability_solution/observability/server/routes/rules/route.ts +++ b/x-pack/plugins/observability_solution/observability/server/routes/rules/route.ts @@ -13,6 +13,7 @@ const alertsDynamicIndexPatternRoute = createObservabilityServerRoute({ endpoint: 'GET /api/observability/rules/alerts/dynamic_index_pattern 2023-10-31', options: { tags: [], + access: 'public', }, params: t.type({ query: t.type({ From 1820eafcdfc35d2a7e506d3960029e5abc7e34d7 Mon Sep 17 00:00:00 2001 From: seanrathier Date: Thu, 24 Oct 2024 09:18:45 -0400 Subject: [PATCH 34/99] [Cloud Security] Sending the Agentless API the deployment_mode information (#196955) --- .../use_setup_technology.test.ts | 11 +- .../use_setup_technology.ts | 4 +- .../fleet/common/constants/agentless.ts | 10 + .../plugins/fleet/common/constants/index.ts | 1 + .../plugins/fleet/common/types/models/epm.ts | 12 +- .../hooks/setup_technology.test.ts | 199 ++++++++++++++++++ .../hooks/setup_technology.ts | 53 ++++- .../plugins/fleet/server/constants/index.ts | 3 + .../services/agents/agentless_agent.test.ts | 115 ++++++++++ .../server/services/agents/agentless_agent.ts | 23 ++ 10 files changed, 420 insertions(+), 11 deletions(-) create mode 100644 x-pack/plugins/fleet/common/constants/agentless.ts diff --git a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.test.ts b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.test.ts index 9d1c0b9bae32e..8bf3984f62faa 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.test.ts +++ b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.test.ts @@ -64,10 +64,14 @@ describe('useSetupTechnology', () => { }); it('calls handleSetupTechnologyChange when setupTechnology changes', () => { + const inputPackage = { + type: 'someType', + policy_template: 'somePolicyTemplate', + } as NewPackagePolicyInput; const handleSetupTechnologyChangeMock = jest.fn(); const { result } = renderHook(() => useSetupTechnology({ - input: { type: 'someType' } as NewPackagePolicyInput, + input: inputPackage, handleSetupTechnologyChange: handleSetupTechnologyChangeMock, }) ); @@ -79,7 +83,10 @@ describe('useSetupTechnology', () => { }); expect(result.current.setupTechnology).toBe(SetupTechnology.AGENTLESS); - expect(handleSetupTechnologyChangeMock).toHaveBeenCalledWith(SetupTechnology.AGENTLESS); + expect(handleSetupTechnologyChangeMock).toHaveBeenCalledWith( + SetupTechnology.AGENTLESS, + inputPackage.policy_template + ); }); }); diff --git a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.ts b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.ts index e18119c3a39de..3f68fb87f2639 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.ts +++ b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/setup_technology_selector/use_setup_technology.ts @@ -18,7 +18,7 @@ export const useSetupTechnology = ({ }: { input: NewPackagePolicyInput; isAgentlessEnabled?: boolean; - handleSetupTechnologyChange?: (value: SetupTechnology) => void; + handleSetupTechnologyChange?: (value: SetupTechnology, policyTemplateName?: string) => void; isEditPage?: boolean; }) => { const isCspmAws = input.type === CLOUDBEAT_AWS; @@ -34,7 +34,7 @@ export const useSetupTechnology = ({ const updateSetupTechnology = (value: SetupTechnology) => { setSetupTechnology(value); if (handleSetupTechnologyChange) { - handleSetupTechnologyChange(value); + handleSetupTechnologyChange(value, input.policy_template); } }; diff --git a/x-pack/plugins/fleet/common/constants/agentless.ts b/x-pack/plugins/fleet/common/constants/agentless.ts new file mode 100644 index 0000000000000..cbc7e85e563c1 --- /dev/null +++ b/x-pack/plugins/fleet/common/constants/agentless.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const AGENTLESS_GLOBAL_TAG_NAME_ORGANIZATION = 'organization'; +export const AGENTLESS_GLOBAL_TAG_NAME_DIVISION = 'division'; +export const AGENTLESS_GLOBAL_TAG_NAME_TEAM = 'team'; diff --git a/x-pack/plugins/fleet/common/constants/index.ts b/x-pack/plugins/fleet/common/constants/index.ts index 31a7cd6b70686..8ebfe005960c4 100644 --- a/x-pack/plugins/fleet/common/constants/index.ts +++ b/x-pack/plugins/fleet/common/constants/index.ts @@ -10,6 +10,7 @@ export { INGEST_SAVED_OBJECT_INDEX, FLEET_SETUP_LOCK_TYPE } from './saved_object export * from './routes'; export * from './agent'; export * from './agent_policy'; +export * from './agentless'; export * from './package_policy'; export * from './epm'; export * from './output'; diff --git a/x-pack/plugins/fleet/common/types/models/epm.ts b/x-pack/plugins/fleet/common/types/models/epm.ts index b9e19fbc1947f..3aa65dc3adcd4 100644 --- a/x-pack/plugins/fleet/common/types/models/epm.ts +++ b/x-pack/plugins/fleet/common/types/models/epm.ts @@ -178,12 +178,18 @@ export interface RegistryImage extends PackageSpecIcon { path: string; } -export interface DeploymentsModesEnablement { +export interface DeploymentsModesDefault { enabled: boolean; } + +export interface DeploymentsModesAgentless extends DeploymentsModesDefault { + organization?: string; + division?: string; + team?: string; +} export interface DeploymentsModes { - agentless: DeploymentsModesEnablement; - default?: DeploymentsModesEnablement; + agentless: DeploymentsModesAgentless; + default?: DeploymentsModesDefault; } export enum RegistryPolicyTemplateKeys { diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts index 550a288dad371..38663d88e5b23 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts @@ -11,6 +11,7 @@ import { waitFor } from '@testing-library/react'; import { createPackagePolicyMock } from '../../../../../../../../common/mocks'; +import type { RegistryPolicyTemplate, PackageInfo } from '../../../../../../../../common/types'; import { SetupTechnology } from '../../../../../../../../common/types'; import { ExperimentalFeaturesService } from '../../../../../services'; import { sendGetOneAgentPolicy, useStartServices, useConfig } from '../../../../../hooks'; @@ -145,6 +146,38 @@ describe('useSetupTechnology', () => { supports_agentless: false, inactivity_timeout: 3600, }; + + const packageInfoMock = { + policy_templates: [ + { + name: 'cspm', + title: 'Template 1', + description: '', + deployment_modes: { + default: { + enabled: true, + }, + agentless: { + enabled: true, + organization: 'org', + division: 'div', + team: 'team', + }, + }, + }, + { + name: 'not-cspm', + title: 'Template 2', + description: '', + deployment_modes: { + default: { + enabled: true, + }, + }, + }, + ] as RegistryPolicyTemplate[], + } as PackageInfo; + const packagePolicyMock = createPackagePolicyMock(); const mockedExperimentalFeaturesService = jest.mocked(ExperimentalFeaturesService); @@ -522,4 +555,170 @@ describe('useSetupTechnology', () => { expect(result.current.selectedSetupTechnology).toBe(SetupTechnology.AGENT_BASED); expect(setNewAgentPolicy).toHaveBeenCalledWith(newAgentPolicyMock); }); + + it('should have global_data_tags with the integration team when updating the agentless policy', async () => { + (useConfig as MockFn).mockReturnValue({ + agentless: { + enabled: true, + api: { + url: 'https://agentless.api.url', + }, + }, + } as any); + (useStartServices as MockFn).mockReturnValue({ + cloud: { + isCloudEnabled: true, + }, + }); + + const { result } = renderHook(() => + useSetupTechnology({ + setNewAgentPolicy, + newAgentPolicy: newAgentPolicyMock, + updateAgentPolicies: updateAgentPoliciesMock, + setSelectedPolicyTab: setSelectedPolicyTabMock, + packagePolicy: packagePolicyMock, + packageInfo: packageInfoMock, + isEditPage: true, + agentPolicies: [{ id: 'agentless-policy-id', supports_agentless: true } as any], + }) + ); + + act(() => { + result.current.handleSetupTechnologyChange(SetupTechnology.AGENTLESS, 'cspm'); + }); + + waitFor(() => { + expect(setNewAgentPolicy).toHaveBeenCalledWith({ + ...newAgentPolicyMock, + supports_agentless: true, + global_data_tags: [ + { name: 'organization', value: 'org' }, + { name: 'division', value: 'div' }, + { name: 'team', value: 'team' }, + ], + }); + }); + }); + + it('should not fail and not have global_data_tags when updating the agentless policy when it cannot find the policy template', async () => { + (useConfig as MockFn).mockReturnValue({ + agentless: { + enabled: true, + api: { + url: 'https://agentless.api.url', + }, + }, + } as any); + (useStartServices as MockFn).mockReturnValue({ + cloud: { + isCloudEnabled: true, + }, + }); + + const { result } = renderHook(() => + useSetupTechnology({ + setNewAgentPolicy, + newAgentPolicy: newAgentPolicyMock, + updateAgentPolicies: updateAgentPoliciesMock, + setSelectedPolicyTab: setSelectedPolicyTabMock, + packagePolicy: packagePolicyMock, + isEditPage: true, + agentPolicies: [{ id: 'agentless-policy-id', supports_agentless: true } as any], + }) + ); + + act(() => { + result.current.handleSetupTechnologyChange( + SetupTechnology.AGENTLESS, + 'never-gonna-give-you-up' + ); + }); + + waitFor(() => { + expect(setNewAgentPolicy).toHaveBeenCalledWith({ + ...newAgentPolicyMock, + supports_agentless: true, + }); + }); + }); + + it('should not fail and not have global_data_tags when updating the agentless policy without the policy temaplte name', async () => { + (useConfig as MockFn).mockReturnValue({ + agentless: { + enabled: true, + api: { + url: 'https://agentless.api.url', + }, + }, + } as any); + (useStartServices as MockFn).mockReturnValue({ + cloud: { + isCloudEnabled: true, + }, + }); + + const { result } = renderHook(() => + useSetupTechnology({ + setNewAgentPolicy, + newAgentPolicy: newAgentPolicyMock, + updateAgentPolicies: updateAgentPoliciesMock, + setSelectedPolicyTab: setSelectedPolicyTabMock, + packagePolicy: packagePolicyMock, + packageInfo: packageInfoMock, + isEditPage: true, + agentPolicies: [{ id: 'agentless-policy-id', supports_agentless: true } as any], + }) + ); + + act(() => { + result.current.handleSetupTechnologyChange(SetupTechnology.AGENTLESS); + }); + + waitFor(() => { + expect(setNewAgentPolicy).toHaveBeenCalledWith({ + ...newAgentPolicyMock, + supports_agentless: true, + }); + }); + }); + + it('should not fail and not have global_data_tags when updating the agentless policy without the packageInfo', async () => { + (useConfig as MockFn).mockReturnValue({ + agentless: { + enabled: true, + api: { + url: 'https://agentless.api.url', + }, + }, + } as any); + (useStartServices as MockFn).mockReturnValue({ + cloud: { + isCloudEnabled: true, + }, + }); + + const { result } = renderHook(() => + useSetupTechnology({ + setNewAgentPolicy, + newAgentPolicy: newAgentPolicyMock, + updateAgentPolicies: updateAgentPoliciesMock, + setSelectedPolicyTab: setSelectedPolicyTabMock, + packagePolicy: packagePolicyMock, + isEditPage: true, + agentPolicies: [{ id: 'agentless-policy-id', supports_agentless: true } as any], + }) + ); + + act(() => { + result.current.handleSetupTechnologyChange(SetupTechnology.AGENTLESS, 'cspm'); + }); + + waitFor(() => { + expect(setNewAgentPolicy).toHaveBeenCalledWith({ + ...newAgentPolicyMock, + supports_agentless: true, + }); + }); + }); }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts index 241dcfbb93f4e..2a88fecc6b145 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts @@ -19,7 +19,12 @@ import type { import { SetupTechnology } from '../../../../../types'; import { sendGetOneAgentPolicy, useStartServices } from '../../../../../hooks'; import { SelectedPolicyTab } from '../../components'; -import { AGENTLESS_POLICY_ID } from '../../../../../../../../common/constants'; +import { + AGENTLESS_POLICY_ID, + AGENTLESS_GLOBAL_TAG_NAME_ORGANIZATION, + AGENTLESS_GLOBAL_TAG_NAME_DIVISION, + AGENTLESS_GLOBAL_TAG_NAME_TEAM, +} from '../../../../../../../../common/constants'; import { isAgentlessIntegration as isAgentlessIntegrationFn, getAgentlessAgentPolicyNameFromPackagePolicyName, @@ -150,16 +155,21 @@ export function useSetupTechnology({ }, [isDefaultAgentlessPolicyEnabled]); const handleSetupTechnologyChange = useCallback( - (setupTechnology: SetupTechnology) => { + (setupTechnology: SetupTechnology, policyTemplateName?: string) => { if (!isAgentlessEnabled || setupTechnology === selectedSetupTechnology) { return; } if (setupTechnology === SetupTechnology.AGENTLESS) { if (isAgentlessApiEnabled) { - setNewAgentPolicy(newAgentlessPolicy as NewAgentPolicy); + const agentlessPolicy = { + ...newAgentlessPolicy, + ...getAdditionalAgentlessPolicyInfo(policyTemplateName, packageInfo), + } as NewAgentPolicy; + + setNewAgentPolicy(agentlessPolicy); setSelectedPolicyTab(SelectedPolicyTab.NEW); - updateAgentPolicies([newAgentlessPolicy] as AgentPolicy[]); + updateAgentPolicies([agentlessPolicy] as AgentPolicy[]); } // tech debt: remove this when Serverless uses the Agentless API // https://github.com/elastic/security-team/issues/9781 @@ -187,6 +197,7 @@ export function useSetupTechnology({ newAgentlessPolicy, setSelectedPolicyTab, updateAgentPolicies, + packageInfo, ] ); @@ -195,3 +206,37 @@ export function useSetupTechnology({ selectedSetupTechnology, }; } + +const getAdditionalAgentlessPolicyInfo = ( + policyTemplateName?: string, + packageInfo?: PackageInfo +) => { + if (!policyTemplateName || !packageInfo) { + return {}; + } + const agentlessPolicyTemplate = policyTemplateName + ? packageInfo?.policy_templates?.find((policy) => policy.name === policyTemplateName) + : undefined; + + const agentlessInfo = agentlessPolicyTemplate?.deployment_modes?.agentless; + return !agentlessInfo + ? {} + : { + global_data_tags: agentlessInfo + ? [ + { + name: AGENTLESS_GLOBAL_TAG_NAME_ORGANIZATION, + value: agentlessInfo.organization, + }, + { + name: AGENTLESS_GLOBAL_TAG_NAME_DIVISION, + value: agentlessInfo.division, + }, + { + name: AGENTLESS_GLOBAL_TAG_NAME_TEAM, + value: agentlessInfo.team, + }, + ] + : [], + }; +}; diff --git a/x-pack/plugins/fleet/server/constants/index.ts b/x-pack/plugins/fleet/server/constants/index.ts index 73a62a3cbfb06..fb7e27c8b0ef8 100644 --- a/x-pack/plugins/fleet/server/constants/index.ts +++ b/x-pack/plugins/fleet/server/constants/index.ts @@ -16,6 +16,9 @@ export { AGENT_POLICY_ROLLOUT_RATE_LIMIT_REQUEST_PER_INTERVAL, AGENT_POLICY_ROLLOUT_RATE_LIMIT_INTERVAL_MS, AGENT_UPDATE_ACTIONS_INTERVAL_MS, + AGENTLESS_GLOBAL_TAG_NAME_DIVISION, + AGENTLESS_GLOBAL_TAG_NAME_ORGANIZATION, + AGENTLESS_GLOBAL_TAG_NAME_TEAM, UNPRIVILEGED_AGENT_KUERY, PRIVILEGED_AGENT_KUERY, MAX_TIME_COMPLETE_INSTALL, diff --git a/x-pack/plugins/fleet/server/services/agents/agentless_agent.test.ts b/x-pack/plugins/fleet/server/services/agents/agentless_agent.test.ts index 42f19d0de85bf..fe8b7a220470d 100644 --- a/x-pack/plugins/fleet/server/services/agents/agentless_agent.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/agentless_agent.test.ts @@ -787,6 +787,20 @@ describe('Agentless Agent service', () => { name: 'agentless agent policy', namespace: 'default', supports_agentless: true, + global_data_tags: [ + { + name: 'organization', + value: 'elastic', + }, + { + name: 'division', + value: 'cloud', + }, + { + name: 'team', + value: 'fleet', + }, + ], } as AgentPolicy ); @@ -799,6 +813,11 @@ describe('Agentless Agent service', () => { fleet_url: 'http://fleetserver:8220', policy_id: 'mocked-agentless-agent-policy-id', stack_version: 'mocked-kibana-version-infinite', + labels: { + organization: 'elastic', + division: 'cloud', + team: 'fleet', + }, }), headers: expect.anything(), httpsAgent: expect.anything(), @@ -866,6 +885,20 @@ describe('Agentless Agent service', () => { name: 'agentless agent policy', namespace: 'default', supports_agentless: true, + global_data_tags: [ + { + name: 'organization', + value: 'elastic', + }, + { + name: 'division', + value: 'cloud', + }, + { + name: 'team', + value: 'fleet', + }, + ], } as AgentPolicy ); @@ -877,6 +910,11 @@ describe('Agentless Agent service', () => { fleet_token: 'mocked-fleet-enrollment-api-key', fleet_url: 'http://fleetserver:8220', policy_id: 'mocked-agentless-agent-policy-id', + labels: { + organization: 'elastic', + division: 'cloud', + team: 'fleet', + }, }, headers: expect.anything(), httpsAgent: expect.anything(), @@ -886,6 +924,83 @@ describe('Agentless Agent service', () => { ); }); + it('should create agentless agent when no labels are given', async () => { + const returnValue = { + id: 'mocked', + regional_id: 'mocked', + }; + + (axios as jest.MockedFunction).mockResolvedValueOnce(returnValue); + const soClient = getAgentPolicyCreateMock(); + // ignore unrelated unique name constraint + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + jest.spyOn(appContextService, 'getConfig').mockReturnValue({ + agentless: { + enabled: true, + api: { + url: 'http://api.agentless.com', + tls: { + certificate: '/path/to/cert', + key: '/path/to/key', + ca: '/path/to/ca', + }, + }, + }, + } as any); + jest.spyOn(appContextService, 'getCloud').mockReturnValue({ isCloudEnabled: true } as any); + jest + .spyOn(appContextService, 'getKibanaVersion') + .mockReturnValue('mocked-kibana-version-infinite'); + mockedListFleetServerHosts.mockResolvedValue({ + items: [ + { + id: 'mocked-fleet-server-id', + host: 'http://fleetserver:8220', + active: true, + is_default: true, + host_urls: ['http://fleetserver:8220'], + }, + ], + } as any); + mockedListEnrollmentApiKeys.mockResolvedValue({ + items: [ + { + id: 'mocked-fleet-enrollment-token-id', + policy_id: 'mocked-fleet-enrollment-policy-id', + api_key: 'mocked-fleet-enrollment-api-key', + }, + ], + } as any); + + const createAgentlessAgentReturnValue = await agentlessAgentService.createAgentlessAgent( + esClient, + soClient, + { + id: 'mocked-agentless-agent-policy-id', + name: 'agentless agent policy', + namespace: 'default', + supports_agentless: true, + } as AgentPolicy + ); + + expect(axios).toHaveBeenCalledTimes(1); + expect(createAgentlessAgentReturnValue).toEqual(returnValue); + expect(axios).toHaveBeenCalledWith( + expect.objectContaining({ + data: expect.objectContaining({ + fleet_token: 'mocked-fleet-enrollment-api-key', + fleet_url: 'http://fleetserver:8220', + policy_id: 'mocked-agentless-agent-policy-id', + stack_version: 'mocked-kibana-version-infinite', + }), + headers: expect.anything(), + httpsAgent: expect.anything(), + method: 'POST', + url: 'http://api.agentless.com/api/v1/ess/deployments', + }) + ); + }); + it('should delete agentless agent for ESS', async () => { const returnValue = { id: 'mocked', diff --git a/x-pack/plugins/fleet/server/services/agents/agentless_agent.ts b/x-pack/plugins/fleet/server/services/agents/agentless_agent.ts index 9e6d74ddcf827..7400b5958eb65 100644 --- a/x-pack/plugins/fleet/server/services/agents/agentless_agent.ts +++ b/x-pack/plugins/fleet/server/services/agents/agentless_agent.ts @@ -24,6 +24,11 @@ import { AgentlessAgentCreateError, AgentlessAgentDeleteError, } from '../../errors'; +import { + AGENTLESS_GLOBAL_TAG_NAME_ORGANIZATION, + AGENTLESS_GLOBAL_TAG_NAME_DIVISION, + AGENTLESS_GLOBAL_TAG_NAME_TEAM, +} from '../../constants'; import { appContextService } from '../app_context'; @@ -88,12 +93,15 @@ class AgentlessAgentService { ); const tlsConfig = this.createTlsConfig(agentlessConfig); + const labels = this.getAgentlessTags(agentlessAgentPolicy); + const requestConfig: AxiosRequestConfig = { url: prependAgentlessApiBasePathToEndpoint(agentlessConfig, '/deployments'), data: { policy_id: policyId, fleet_url: fleetUrl, fleet_token: fleetToken, + labels, }, method: 'POST', headers: { @@ -203,6 +211,21 @@ class AgentlessAgentService { return response; } + private getAgentlessTags(agentlessAgentPolicy: AgentPolicy) { + if (!agentlessAgentPolicy.global_data_tags) { + return undefined; + } + + const getGlobalTagValueByName = (name: string) => + agentlessAgentPolicy.global_data_tags?.find((tag) => tag.name === name)?.value; + + return { + organization: getGlobalTagValueByName(AGENTLESS_GLOBAL_TAG_NAME_ORGANIZATION), + division: getGlobalTagValueByName(AGENTLESS_GLOBAL_TAG_NAME_DIVISION), + team: getGlobalTagValueByName(AGENTLESS_GLOBAL_TAG_NAME_TEAM), + }; + } + private withRequestIdMessage(message: string, traceId?: string) { return `${message} [Request Id: ${traceId}]`; } From 7fa1e18516c484609749aaec7f58a39c302cd34f Mon Sep 17 00:00:00 2001 From: Paulina Shakirova Date: Thu, 24 Oct 2024 15:21:12 +0200 Subject: [PATCH 35/99] fix: dynamically update timestamps based on the chosen timezone in the Advanced Settings (#196977) ## Summary This PR fixes the [#190562](https://github.com/elastic/kibana/issues/190562) where the created and updated timestamps for Dashboards do not respect the default timezone settings in advanced settings. Currently, if the user changes the timezone in the advanced settings, the timestamps for the activity monitor flyout still display timestamps from the default browser timezone. This PR ensures that the timestamps display in the desired timezone. ![Screenshot 2024-10-19 at 13 35 00](https://github.com/user-attachments/assets/399a3b0a-d16a-4010-8560-06f3a4bcbc96) ![Screenshot 2024-10-19 at 13 36 02](https://github.com/user-attachments/assets/62a5bf2f-c5c3-474d-b810-3b1f414d2b14) --- .../src/components/activity_view.tsx | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/packages/content-management/content_insights/content_insights_public/src/components/activity_view.tsx b/packages/content-management/content_insights/content_insights_public/src/components/activity_view.tsx index 60eadc9e50db9..360ccc1757581 100644 --- a/packages/content-management/content_insights/content_insights_public/src/components/activity_view.tsx +++ b/packages/content-management/content_insights/content_insights_public/src/components/activity_view.tsx @@ -9,6 +9,7 @@ import { EuiFlexGroup, EuiFlexItem, EuiPanel, EuiSpacer, EuiText } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; +import moment from 'moment-timezone'; import { FormattedMessage } from '@kbn/i18n-react'; import React from 'react'; import { @@ -97,10 +98,16 @@ export const ActivityView = ({ item }: ActivityViewProps) => { ); }; -const dateFormatter = new Intl.DateTimeFormat(i18n.getLocale(), { - dateStyle: 'long', - timeStyle: 'short', -}); +const formatDate = (time: string) => { + const locale = i18n.getLocale(); + const timeZone = moment().tz(); + + return new Intl.DateTimeFormat(locale, { + dateStyle: 'long', + timeStyle: 'short', + timeZone, + }).format(new Date(time)); +}; const ActivityCard = ({ what, @@ -130,7 +137,7 @@ const ActivityCard = ({ id="contentManagement.contentEditor.activity.lastUpdatedByDateTime" defaultMessage="on {dateTime}" values={{ - dateTime: dateFormatter.format(new Date(when)), + dateTime: formatDate(when), }} /> From 3684dedecb001291f857a1649e721c1e4e6b22e7 Mon Sep 17 00:00:00 2001 From: Anton Dosov Date: Thu, 24 Oct 2024 15:27:04 +0200 Subject: [PATCH 36/99] fix flaky test - counts dashboard views (#197381) ## Summary fix https://github.com/elastic/kibana/issues/192564 It might take a bit of time for the view count to update. So in the test we will try to open the flyout again --- .../apps/dashboard/group4/dashboard_listing.ts | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/test/functional/apps/dashboard/group4/dashboard_listing.ts b/test/functional/apps/dashboard/group4/dashboard_listing.ts index 14eb5e3ae1f45..9f11f181bf51e 100644 --- a/test/functional/apps/dashboard/group4/dashboard_listing.ts +++ b/test/functional/apps/dashboard/group4/dashboard_listing.ts @@ -17,6 +17,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const listingTable = getService('listingTable'); const dashboardAddPanel = getService('dashboardAddPanel'); const testSubjects = getService('testSubjects'); + const retry = getService('retry'); // Failing: See https://github.com/elastic/kibana/issues/192564 describe.skip('dashboard listing page', function describeIndexTests() { @@ -272,8 +273,12 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { await listingTable.clickItemLink('dashboard', DASHBOARD_NAME); await dashboard.waitForRenderComplete(); await dashboard.gotoDashboardLandingPage(); - const views2 = await getViewsCount(); - expect(views2).to.be(2); + + // it might take a bit for the view to be counted + await retry.try(async () => { + const views2 = await getViewsCount(); + expect(views2).to.be(2); + }); }); }); }); From c6f41783bf853f2828787cc4c48a96511fec2eec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:35:19 +0100 Subject: [PATCH 37/99] [Inventory] List k8s entities in the grid (#197292) closes https://github.com/elastic/kibana/issues/196155 Blocked by https://github.com/elastic/kibana/pull/196916 (K8s entities alias patterns don't exist yet.) ``` node scripts/synthtrace many_entities.ts --clean --live node scripts/synthtrace k8s_entities.ts --clean --live ``` https://github.com/user-attachments/assets/5861ebc7-8386-4a4b-a68b-50adc5244d43 --- .../src/scenarios/many_entities.ts | 185 ++++++++++++++++++ .../inventory/common/entities.ts | 58 +----- .../inventory/common/entitites.test.ts | 48 +---- ...parse_identity_field_values_to_kql.test.ts | 23 +-- .../inventory/e2e/cypress/e2e/home.cy.ts | 6 +- .../alerts_badge/alerts_badge.test.tsx | 8 +- .../entities_grid/entities_grid.stories.tsx | 5 +- .../entity_name/entity_name.test.tsx | 14 +- .../public/components/entities_grid/index.tsx | 7 +- .../entities_grid/mock/entities_mock.ts | 13 +- .../public/components/entity_icon/index.tsx | 62 +++--- .../components/search_bar/discover_button.tsx | 4 +- .../search_bar/entity_types_controls.tsx | 12 +- .../public/components/search_bar/index.tsx | 3 +- .../index.tsx | 3 +- .../public/pages/inventory_page/index.tsx | 4 +- .../utils/get_entity_type_label.test.ts | 31 --- .../public/utils/get_entity_type_label.ts | 30 --- .../routes/entities/get_entity_types.ts | 9 +- .../entities/get_identify_fields.test.ts | 13 +- .../get_identity_fields_per_entity_type.ts | 4 +- .../routes/entities/get_latest_entities.ts | 36 ++-- .../entities/get_latest_entities_alerts.ts | 8 +- .../server/routes/entities/query_helper.ts | 12 +- .../inventory/server/routes/entities/route.ts | 14 +- .../server/routes/has_data/get_has_data.ts | 8 +- 26 files changed, 329 insertions(+), 291 deletions(-) create mode 100644 packages/kbn-apm-synthtrace/src/scenarios/many_entities.ts delete mode 100644 x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.test.ts delete mode 100644 x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.ts diff --git a/packages/kbn-apm-synthtrace/src/scenarios/many_entities.ts b/packages/kbn-apm-synthtrace/src/scenarios/many_entities.ts new file mode 100644 index 0000000000000..8b0d2afa5a971 --- /dev/null +++ b/packages/kbn-apm-synthtrace/src/scenarios/many_entities.ts @@ -0,0 +1,185 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { EntityFields, entities, generateShortId } from '@kbn/apm-synthtrace-client'; +import { Schema } from '@kbn/apm-synthtrace-client/src/lib/entities'; +import { Scenario } from '../cli/scenario'; +import { withClient } from '../lib/utils/with_client'; + +const CLUSTER_NAME = 'cluster_foo'; + +const CLUSTER_ENTITY_ID = generateShortId(); +const POD_ENTITY_ID = generateShortId(); +const POD_UID = generateShortId(); +const REPLICA_SET_ENTITY_ID = generateShortId(); +const REPLICA_SET_UID = generateShortId(); +const DEPLOYMENT_ENTITY_ID = generateShortId(); +const DEPLOYMENT_UID = generateShortId(); +const STATEFUL_SET_ENTITY_ID = generateShortId(); +const STATEFUL_SET_UID = generateShortId(); +const DAEMON_SET_ENTITY_ID = generateShortId(); +const DAEMON_SET_UID = generateShortId(); +const JOB_SET_ENTITY_ID = generateShortId(); +const JOB_SET_UID = generateShortId(); +const CRON_JOB_ENTITY_ID = generateShortId(); +const CRON_JOB_UID = generateShortId(); +const NODE_ENTITY_ID = generateShortId(); +const NODE_UID = generateShortId(); +const SYNTH_JAVA_TRACE_ENTITY_ID = generateShortId(); +const SYNTH_HOST_FOO_LOGS_ENTITY_ID = generateShortId(); +const SYNTH_CONTAINER_FOO_LOGS_ENTITY_ID = generateShortId(); + +const scenario: Scenario> = async (runOptions) => { + const { logger } = runOptions; + + return { + bootstrap: async ({ entitiesKibanaClient }) => { + await entitiesKibanaClient.installEntityIndexPatterns(); + }, + generate: ({ range, clients: { entitiesEsClient } }) => { + const rangeInterval = range.interval('1m').rate(1); + const getK8sEntitiesEvents = (schema: Schema) => + rangeInterval.generator((timestamp) => { + return [ + entities.k8s + .k8sClusterJobEntity({ + schema, + name: CLUSTER_NAME, + entityId: CLUSTER_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sPodEntity({ + schema, + clusterName: CLUSTER_NAME, + name: 'pod_foo', + uid: POD_UID, + entityId: POD_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sReplicaSetEntity({ + clusterName: CLUSTER_NAME, + name: 'replica_set_foo', + schema, + uid: REPLICA_SET_UID, + entityId: REPLICA_SET_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sDeploymentEntity({ + clusterName: CLUSTER_NAME, + name: 'deployment_foo', + schema, + uid: DEPLOYMENT_UID, + entityId: DEPLOYMENT_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sStatefulSetEntity({ + clusterName: CLUSTER_NAME, + name: 'stateful_set_foo', + schema, + uid: STATEFUL_SET_UID, + entityId: STATEFUL_SET_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sDaemonSetEntity({ + clusterName: CLUSTER_NAME, + name: 'daemon_set_foo', + schema, + uid: DAEMON_SET_UID, + entityId: DAEMON_SET_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sJobSetEntity({ + clusterName: CLUSTER_NAME, + name: 'job_set_foo', + schema, + uid: JOB_SET_UID, + entityId: JOB_SET_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sCronJobEntity({ + clusterName: CLUSTER_NAME, + name: 'cron_job_foo', + schema, + uid: CRON_JOB_UID, + entityId: CRON_JOB_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sNodeEntity({ + clusterName: CLUSTER_NAME, + name: 'node_job_foo', + schema, + uid: NODE_UID, + entityId: NODE_ENTITY_ID, + }) + .timestamp(timestamp), + entities.k8s + .k8sContainerEntity({ + id: '123', + schema, + entityId: NODE_ENTITY_ID, + }) + .timestamp(timestamp), + ]; + }); + + const ecsEntities = getK8sEntitiesEvents('ecs'); + const otelEntities = getK8sEntitiesEvents('semconv'); + const synthJavaTraces = entities.serviceEntity({ + serviceName: 'synth_java', + agentName: ['java'], + dataStreamType: ['traces'], + environment: 'production', + entityId: SYNTH_JAVA_TRACE_ENTITY_ID, + }); + const synthHostFooLogs = entities.hostEntity({ + hostName: 'synth_host_foo', + agentName: ['macbook'], + dataStreamType: ['logs'], + entityId: SYNTH_HOST_FOO_LOGS_ENTITY_ID, + }); + const synthContainerFooLogs = entities.containerEntity({ + containerId: 'synth_container_foo', + agentName: ['macbook'], + dataStreamType: ['logs'], + entityId: SYNTH_CONTAINER_FOO_LOGS_ENTITY_ID, + }); + + const otherEvents = rangeInterval.generator((timestamp) => [ + synthJavaTraces.timestamp(timestamp), + synthHostFooLogs.timestamp(timestamp), + synthContainerFooLogs.timestamp(timestamp), + ]); + + return [ + withClient( + entitiesEsClient, + logger.perf('generating_entities_k8s_ecs_events', () => ecsEntities) + ), + withClient( + entitiesEsClient, + logger.perf('generating_entities_k8s_otel_events', () => otelEntities) + ), + withClient( + entitiesEsClient, + logger.perf('generating_entities_other_events', () => otherEvents) + ), + ]; + }, + }; +}; + +export default scenario; diff --git a/x-pack/plugins/observability_solution/inventory/common/entities.ts b/x-pack/plugins/observability_solution/inventory/common/entities.ts index 7df71559aa97a..d8a056074e339 100644 --- a/x-pack/plugins/observability_solution/inventory/common/entities.ts +++ b/x-pack/plugins/observability_solution/inventory/common/entities.ts @@ -6,12 +6,6 @@ */ import { ENTITY_LATEST, entitiesAliasPattern } from '@kbn/entities-schema'; import { - HOST_NAME, - SERVICE_ENVIRONMENT, - SERVICE_NAME, - AGENT_NAME, - CLOUD_PROVIDER, - CONTAINER_ID, ENTITY_DEFINITION_ID, ENTITY_DISPLAY_NAME, ENTITY_ID, @@ -22,12 +16,6 @@ import { import { isRight } from 'fp-ts/lib/Either'; import * as t from 'io-ts'; -export const entityTypeRt = t.union([ - t.literal('service'), - t.literal('host'), - t.literal('container'), -]); - export const entityColumnIdsRt = t.union([ t.literal(ENTITY_DISPLAY_NAME), t.literal(ENTITY_LAST_SEEN), @@ -37,8 +25,6 @@ export const entityColumnIdsRt = t.union([ export type EntityColumnIds = t.TypeOf; -export type EntityType = t.TypeOf; - export const defaultEntitySortField: EntityColumnIds = 'alertsCount'; export const MAX_NUMBER_OF_ENTITIES = 500; @@ -48,20 +34,8 @@ export const ENTITIES_LATEST_ALIAS = entitiesAliasPattern({ dataset: ENTITY_LATEST, }); -const BUILTIN_SERVICES_FROM_ECS_DATA = 'builtin_services_from_ecs_data'; -const BUILTIN_HOSTS_FROM_ECS_DATA = 'builtin_hosts_from_ecs_data'; -const BUILTIN_CONTAINERS_FROM_ECS_DATA = 'builtin_containers_from_ecs_data'; - -export const defaultEntityDefinitions = [ - BUILTIN_SERVICES_FROM_ECS_DATA, - BUILTIN_HOSTS_FROM_ECS_DATA, - BUILTIN_CONTAINERS_FROM_ECS_DATA, -]; - -export const defaultEntityTypes: EntityType[] = ['service', 'host', 'container']; - -const entityArrayRt = t.array(entityTypeRt); -export const entityTypesRt = new t.Type( +const entityArrayRt = t.array(t.string); +export const entityTypesRt = new t.Type( 'entityTypesRt', entityArrayRt.is, (input, context) => { @@ -83,37 +57,13 @@ export const entityTypesRt = new t.Type( (arr) => arr.join() ); -interface BaseEntity { +export interface Entity { [ENTITY_LAST_SEEN]: string; [ENTITY_ID]: string; - [ENTITY_TYPE]: EntityType; + [ENTITY_TYPE]: string; [ENTITY_DISPLAY_NAME]: string; [ENTITY_DEFINITION_ID]: string; [ENTITY_IDENTITY_FIELDS]: string | string[]; alertsCount?: number; [key: string]: any; } - -/** - * These types are based on service, host and container from the built in definition. - */ -export interface ServiceEntity extends BaseEntity { - [ENTITY_TYPE]: 'service'; - [SERVICE_NAME]: string; - [SERVICE_ENVIRONMENT]?: string | string[] | null; - [AGENT_NAME]: string | string[] | null; -} - -export interface HostEntity extends BaseEntity { - [ENTITY_TYPE]: 'host'; - [HOST_NAME]: string; - [CLOUD_PROVIDER]: string | string[] | null; -} - -export interface ContainerEntity extends BaseEntity { - [ENTITY_TYPE]: 'container'; - [CONTAINER_ID]: string; - [CLOUD_PROVIDER]: string | string[] | null; -} - -export type Entity = ServiceEntity | HostEntity | ContainerEntity; diff --git a/x-pack/plugins/observability_solution/inventory/common/entitites.test.ts b/x-pack/plugins/observability_solution/inventory/common/entitites.test.ts index 38da7beab8d4f..c923bda530746 100644 --- a/x-pack/plugins/observability_solution/inventory/common/entitites.test.ts +++ b/x-pack/plugins/observability_solution/inventory/common/entitites.test.ts @@ -5,7 +5,7 @@ * 2.0. */ import { isLeft, isRight } from 'fp-ts/lib/Either'; -import { type EntityType, entityTypesRt } from './entities'; +import { entityTypesRt } from './entities'; const validate = (input: unknown) => entityTypesRt.decode(input); @@ -28,36 +28,12 @@ describe('entityTypesRt codec', () => { } }); - it('should fail validation when the string contains invalid entity types', () => { - const input = 'service,invalidType,host'; - const result = validate(input); - expect(isLeft(result)).toBe(true); - }); - - it('should fail validation when the array contains invalid entity types', () => { - const input = ['service', 'invalidType', 'host']; - const result = validate(input); - expect(isLeft(result)).toBe(true); - }); - it('should fail validation when input is not a string or array', () => { const input = 123; const result = validate(input); expect(isLeft(result)).toBe(true); }); - it('should fail validation when the array contains non-string elements', () => { - const input = ['service', 123, 'host']; - const result = validate(input); - expect(isLeft(result)).toBe(true); - }); - - it('should fail validation an empty string', () => { - const input = ''; - const result = validate(input); - expect(isLeft(result)).toBe(true); - }); - it('should validate an empty array as valid', () => { const input: unknown[] = []; const result = validate(input); @@ -67,32 +43,14 @@ describe('entityTypesRt codec', () => { } }); - it('should fail validation when the string contains only commas', () => { - const input = ',,,'; - const result = validate(input); - expect(isLeft(result)).toBe(true); - }); - - it('should fail validation for partial valid entities in a string', () => { - const input = 'service,invalidType'; - const result = validate(input); - expect(isLeft(result)).toBe(true); - }); - - it('should fail validation for partial valid entities in an array', () => { - const input = ['service', 'invalidType']; - const result = validate(input); - expect(isLeft(result)).toBe(true); - }); - it('should serialize a valid array back to a string', () => { - const input: EntityType[] = ['service', 'host']; + const input = ['service', 'host']; const serialized = entityTypesRt.encode(input); expect(serialized).toBe('service,host'); }); it('should serialize an empty array back to an empty string', () => { - const input: EntityType[] = []; + const input: string[] = []; const serialized = entityTypesRt.encode(input); expect(serialized).toBe(''); }); diff --git a/x-pack/plugins/observability_solution/inventory/common/utils/parse_identity_field_values_to_kql.test.ts b/x-pack/plugins/observability_solution/inventory/common/utils/parse_identity_field_values_to_kql.test.ts index b8d6219e6cd46..8703e995b4446 100644 --- a/x-pack/plugins/observability_solution/inventory/common/utils/parse_identity_field_values_to_kql.test.ts +++ b/x-pack/plugins/observability_solution/inventory/common/utils/parse_identity_field_values_to_kql.test.ts @@ -9,9 +9,10 @@ import { ENTITY_DEFINITION_ID, ENTITY_DISPLAY_NAME, ENTITY_ID, + ENTITY_IDENTITY_FIELDS, ENTITY_LAST_SEEN, } from '@kbn/observability-shared-plugin/common'; -import { HostEntity, ServiceEntity } from '../entities'; +import type { Entity } from '../entities'; import { parseIdentityFieldValuesToKql } from './parse_identity_field_values_to_kql'; const commonEntityFields = { @@ -24,9 +25,9 @@ const commonEntityFields = { describe('parseIdentityFieldValuesToKql', () => { it('should return the value when identityFields is a single string', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'agent.name': 'node', - 'entity.identity_fields': 'service.name', + [ENTITY_IDENTITY_FIELDS]: 'service.name', 'service.name': 'my-service', 'entity.type': 'service', ...commonEntityFields, @@ -37,9 +38,9 @@ describe('parseIdentityFieldValuesToKql', () => { }); it('should return values when identityFields is an array of strings', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'agent.name': 'node', - 'entity.identity_fields': ['service.name', 'service.environment'], + [ENTITY_IDENTITY_FIELDS]: ['service.name', 'service.environment'], 'service.name': 'my-service', 'entity.type': 'service', 'service.environment': 'staging', @@ -51,9 +52,9 @@ describe('parseIdentityFieldValuesToKql', () => { }); it('should return an empty string if identityFields is empty string', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'agent.name': 'node', - 'entity.identity_fields': '', + [ENTITY_IDENTITY_FIELDS]: '', 'service.name': 'my-service', 'entity.type': 'service', ...commonEntityFields, @@ -63,9 +64,9 @@ describe('parseIdentityFieldValuesToKql', () => { expect(result).toEqual(''); }); it('should return an empty array if identityFields is empty array', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'agent.name': 'node', - 'entity.identity_fields': [], + [ENTITY_IDENTITY_FIELDS]: [], 'service.name': 'my-service', 'entity.type': 'service', ...commonEntityFields, @@ -76,8 +77,8 @@ describe('parseIdentityFieldValuesToKql', () => { }); it('should ignore fields that are not present in the entity', () => { - const entity: HostEntity = { - 'entity.identity_fields': ['host.name', 'foo.bar'], + const entity: Entity = { + [ENTITY_IDENTITY_FIELDS]: ['host.name', 'foo.bar'], 'host.name': 'my-host', 'entity.type': 'host', 'cloud.provider': null, diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts index 16d14446ef240..c18f8866475ab 100644 --- a/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts +++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts @@ -66,11 +66,11 @@ describe('Home page', () => { cy.visitKibana('/app/inventory'); cy.wait('@getEEMStatus'); cy.contains('server1'); - cy.contains('Host'); + cy.contains('host'); cy.contains('synth-node-trace-logs'); - cy.contains('Service'); + cy.contains('service'); cy.contains('foo'); - cy.contains('Container'); + cy.contains('container'); }); it('Navigates to apm when clicking on a service type entity', () => { diff --git a/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx b/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx index fc73e490d4d05..60124e7813bc4 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx @@ -9,7 +9,7 @@ import { type KibanaReactContextValue } from '@kbn/kibana-react-plugin/public'; import { render, screen } from '@testing-library/react'; import { AlertsBadge } from './alerts_badge'; import * as useKibana from '../../hooks/use_kibana'; -import { HostEntity, ServiceEntity } from '../../../common/entities'; +import type { Entity } from '../../../common/entities'; describe('AlertsBadge', () => { jest.spyOn(useKibana, 'useKibana').mockReturnValue({ @@ -27,7 +27,7 @@ describe('AlertsBadge', () => { }); it('render alerts badge for a host entity', () => { - const entity: HostEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'entity.id': '1', 'entity.type': 'host', @@ -45,7 +45,7 @@ describe('AlertsBadge', () => { expect(screen.queryByTestId('inventoryAlertsBadgeLink')?.textContent).toEqual('1'); }); it('render alerts badge for a service entity', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'agent.name': 'node', 'entity.id': '1', @@ -64,7 +64,7 @@ describe('AlertsBadge', () => { expect(screen.queryByTestId('inventoryAlertsBadgeLink')?.textContent).toEqual('5'); }); it('render alerts badge for a service entity with multiple identity fields', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'agent.name': 'node', 'entity.id': '1', diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx index a89781ad2742a..047c2e73d0d3e 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx @@ -12,14 +12,13 @@ import React, { useMemo, useState } from 'react'; import { ENTITY_LAST_SEEN, ENTITY_TYPE } from '@kbn/observability-shared-plugin/common'; import { useArgs } from '@storybook/addons'; import { EntitiesGrid } from '.'; -import { EntityType } from '../../../common/entities'; import { entitiesMock } from './mock/entities_mock'; interface EntityGridStoriesArgs { - entityType?: EntityType; + entityType?: string; } -const entityTypeOptions: EntityType[] = ['host', 'container', 'service']; +const entityTypeOptions = ['host', 'container', 'service']; const stories: Meta = { title: 'app/inventory/entities_grid', diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx index 865e185eaa945..2e4f0c319edfc 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx @@ -8,7 +8,7 @@ import { type KibanaReactContextValue } from '@kbn/kibana-react-plugin/public'; import * as useKibana from '../../../hooks/use_kibana'; import { EntityName } from '.'; -import { ContainerEntity, HostEntity, ServiceEntity } from '../../../../common/entities'; +import type { Entity } from '../../../../common/entities'; import { render, screen } from '@testing-library/react'; import React from 'react'; import { ASSET_DETAILS_LOCATOR_ID } from '@kbn/observability-shared-plugin/common/locators/infra/asset_details_locator'; @@ -40,7 +40,7 @@ describe('EntityName', () => { }); it('returns host link', () => { - const entity: HostEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'entity.id': '1', 'entity.type': 'host', @@ -58,7 +58,7 @@ describe('EntityName', () => { }); it('returns container link', () => { - const entity: ContainerEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'entity.id': '1', 'entity.type': 'container', @@ -76,7 +76,7 @@ describe('EntityName', () => { }); it('returns service link without environment', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'entity.id': '1', 'entity.type': 'service', @@ -94,7 +94,7 @@ describe('EntityName', () => { }); it('returns service link with environment', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'entity.id': '1', 'entity.type': 'service', @@ -113,7 +113,7 @@ describe('EntityName', () => { }); it('returns service link with first environment when it is an array', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'entity.id': '1', 'entity.type': 'service', @@ -132,7 +132,7 @@ describe('EntityName', () => { }); it('returns service link identity fields is an array', () => { - const entity: ServiceEntity = { + const entity: Entity = { 'entity.last_seen_timestamp': 'foo', 'entity.id': '1', 'entity.type': 'service', diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx index 697bc3304753e..6d65669c61651 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx @@ -20,13 +20,12 @@ import { ENTITY_LAST_SEEN, ENTITY_TYPE, } from '@kbn/observability-shared-plugin/common'; -import { EntityColumnIds, EntityType } from '../../../common/entities'; +import { EntityColumnIds } from '../../../common/entities'; import { APIReturnType } from '../../api'; import { BadgeFilterWithPopover } from '../badge_filter_with_popover'; import { getColumns } from './grid_columns'; import { AlertsBadge } from '../alerts_badge/alerts_badge'; import { EntityName } from './entity_name'; -import { getEntityTypeLabel } from '../../utils/get_entity_type_label'; type InventoryEntitiesAPIReturnType = APIReturnType<'GET /internal/inventory/entities'>; type LatestEntities = InventoryEntitiesAPIReturnType['entities']; @@ -39,7 +38,7 @@ interface Props { pageIndex: number; onChangeSort: (sorting: EuiDataGridSorting['columns'][0]) => void; onChangePage: (nextPage: number) => void; - onFilterByType: (entityType: EntityType) => void; + onFilterByType: (entityType: string) => void; } const PAGE_SIZE = 20; @@ -95,7 +94,7 @@ export function EntitiesGrid({ onFilterByType(entityType)} /> ); diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts index 8a34a9f68c7b6..3b7e7afcadb99 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts +++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts @@ -11,8 +11,10 @@ import { ENTITY_TYPE, ENTITY_ID, ENTITY_LAST_SEEN, + AGENT_NAME, + CLOUD_PROVIDER, } from '@kbn/observability-shared-plugin/common'; -import { Entity, EntityType } from '../../../../common/entities'; +import { Entity } from '../../../../common/entities'; const idGenerator = () => { let id = 0; @@ -31,11 +33,12 @@ function generateRandomTimestamp() { return randomDate.toISOString(); } -const getEntity = (entityType: EntityType) => ({ +const getEntity = (entityType: string, customFields: Record = {}) => ({ [ENTITY_LAST_SEEN]: generateRandomTimestamp(), [ENTITY_TYPE]: entityType, [ENTITY_DISPLAY_NAME]: faker.person.fullName(), [ENTITY_ID]: generateId(), + ...customFields, }); const alertsMock = [ @@ -58,9 +61,11 @@ const alertsMock = [ }, ]; -const hostsMock = Array.from({ length: 20 }, () => getEntity('host')); +const hostsMock = Array.from({ length: 20 }, () => getEntity('host', { [CLOUD_PROVIDER]: 'gcp' })); const containersMock = Array.from({ length: 20 }, () => getEntity('container')); -const servicesMock = Array.from({ length: 20 }, () => getEntity('service')); +const servicesMock = Array.from({ length: 20 }, () => + getEntity('service', { [AGENT_NAME]: 'java' }) +); export const entitiesMock = [ ...alertsMock, diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx index c88358405bf12..a62f0026ddfa0 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx @@ -27,35 +27,37 @@ export function EntityIcon({ entity }: EntityIconProps) { const entityType = entity[ENTITY_TYPE]; const defaultIconSize = euiThemeVars.euiSizeL; - switch (entityType) { - case 'host': - case 'container': { - const cloudProvider = getSingleValue( - entity[CLOUD_PROVIDER] as NotNullableCloudProvider | NotNullableCloudProvider[] - ); - return ( - - - - - - ); - } - case 'service': { - const agentName = getSingleValue(entity[AGENT_NAME] as AgentName | AgentName[]); - return ; - } - default: - // Return an empty EuiIcon instead of null to maintain UI alignment across all EntityIcon usages - return ; + if (entityType === 'host' || entityType === 'container') { + const cloudProvider = getSingleValue( + entity[CLOUD_PROVIDER] as NotNullableCloudProvider | NotNullableCloudProvider[] + ); + return ( + + + + + + ); } + + if (entityType === 'service') { + const agentName = getSingleValue(entity[AGENT_NAME] as AgentName | AgentName[]); + return ; + } + + if (entityType.startsWith('kubernetes')) { + return ; + } + + // Return an empty EuiIcon instead of null to maintain UI alignment across all EntityIcon usages + return ; } diff --git a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/discover_button.tsx b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/discover_button.tsx index ee3014e990b0b..dee05d6f7cdd0 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/discover_button.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/discover_button.tsx @@ -17,7 +17,7 @@ import { ENTITY_LAST_SEEN, ENTITY_TYPE, } from '@kbn/observability-shared-plugin/common'; -import { defaultEntityDefinitions, EntityColumnIds } from '../../../common/entities'; +import { ENTITIES_LATEST_ALIAS, EntityColumnIds } from '../../../common/entities'; import { useInventoryParams } from '../../hooks/use_inventory_params'; import { useKibana } from '../../hooks/use_kibana'; @@ -43,7 +43,7 @@ export function DiscoverButton({ dataView }: { dataView: DataView }) { if (entityDefinitionField) { const entityDefinitionFilter = buildPhrasesFilter( entityDefinitionField!, - defaultEntityDefinitions, + [ENTITIES_LATEST_ALIAS], dataView ); filters.push(entityDefinitionFilter); diff --git a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx index 6e55408d28e8c..e2d9dba2709f1 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/entity_types_controls.tsx @@ -8,19 +8,17 @@ import { EuiComboBox, EuiComboBoxOptionOption } from '@elastic/eui'; import { css } from '@emotion/react'; import { i18n } from '@kbn/i18n'; import React from 'react'; -import { EntityType } from '../../../common/entities'; import { useInventoryAbortableAsync } from '../../hooks/use_inventory_abortable_async'; import { useInventoryParams } from '../../hooks/use_inventory_params'; import { useKibana } from '../../hooks/use_kibana'; -import { getEntityTypeLabel } from '../../utils/get_entity_type_label'; interface Props { - onChange: (entityTypes: EntityType[]) => void; + onChange: (entityTypes: string[]) => void; } -const toComboBoxOption = (entityType: EntityType): EuiComboBoxOptionOption => ({ +const toComboBoxOption = (entityType: string): EuiComboBoxOptionOption => ({ key: entityType, - label: getEntityTypeLabel(entityType), + label: entityType, 'data-test-subj': `entityTypesFilter${entityType}Option`, }); @@ -44,7 +42,7 @@ export function EntityTypesControls({ onChange }: Props) { const selectedOptions = entityTypes.map(toComboBoxOption); return ( - + { - onChange(newOptions.map((option) => option.key as EntityType)); + onChange(newOptions.map((option) => option.key).filter((key): key is string => !!key)); }} isClearable /> diff --git a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/index.tsx b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/index.tsx index 46ef45cfc195d..40a2164be7031 100644 --- a/x-pack/plugins/observability_solution/inventory/public/components/search_bar/index.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/components/search_bar/index.tsx @@ -9,7 +9,6 @@ import { SearchBarOwnProps } from '@kbn/unified-search-plugin/public/search_bar' import deepEqual from 'fast-deep-equal'; import React, { useCallback, useEffect } from 'react'; import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; -import { EntityType } from '../../../common/entities'; import { useInventorySearchBarContext } from '../../context/inventory_search_bar_context_provider'; import { useAdHocInventoryDataView } from '../../hooks/use_adhoc_inventory_data_view'; import { useInventoryParams } from '../../hooks/use_inventory_params'; @@ -52,7 +51,7 @@ export function SearchBar() { }, [syncSearchBarWithUrl]); const handleEntityTypesChange = useCallback( - (nextEntityTypes: EntityType[]) => { + (nextEntityTypes: string[]) => { searchBarContentSubject$.next({ kuery, entityTypes: nextEntityTypes, refresh: false }); }, [kuery, searchBarContentSubject$] diff --git a/x-pack/plugins/observability_solution/inventory/public/context/inventory_search_bar_context_provider/index.tsx b/x-pack/plugins/observability_solution/inventory/public/context/inventory_search_bar_context_provider/index.tsx index fc494651d6f3f..fbb51c4f0d7e7 100644 --- a/x-pack/plugins/observability_solution/inventory/public/context/inventory_search_bar_context_provider/index.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/context/inventory_search_bar_context_provider/index.tsx @@ -6,12 +6,11 @@ */ import React, { createContext, useContext, type ReactChild } from 'react'; import { Subject } from 'rxjs'; -import { EntityType } from '../../../common/entities'; interface InventorySearchBarContextType { searchBarContentSubject$: Subject<{ kuery?: string; - entityTypes?: EntityType[]; + entityTypes?: string[]; refresh: boolean; }>; } diff --git a/x-pack/plugins/observability_solution/inventory/public/pages/inventory_page/index.tsx b/x-pack/plugins/observability_solution/inventory/public/pages/inventory_page/index.tsx index 965434eeac6d1..00dfb9e24d2dd 100644 --- a/x-pack/plugins/observability_solution/inventory/public/pages/inventory_page/index.tsx +++ b/x-pack/plugins/observability_solution/inventory/public/pages/inventory_page/index.tsx @@ -7,7 +7,7 @@ import { EuiDataGridSorting } from '@elastic/eui'; import React from 'react'; import useEffectOnce from 'react-use/lib/useEffectOnce'; -import { EntityColumnIds, EntityType } from '../../../common/entities'; +import { EntityColumnIds } from '../../../common/entities'; import { EntitiesGrid } from '../../components/entities_grid'; import { useInventorySearchBarContext } from '../../context/inventory_search_bar_context_provider'; import { useInventoryAbortableAsync } from '../../hooks/use_inventory_abortable_async'; @@ -82,7 +82,7 @@ export function InventoryPage() { }); } - function handleTypeFilter(entityType: EntityType) { + function handleTypeFilter(entityType: string) { inventoryRoute.push('/', { path: {}, query: { diff --git a/x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.test.ts b/x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.test.ts deleted file mode 100644 index e31a169d5d9fa..0000000000000 --- a/x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.test.ts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { EntityType } from '../../common/entities'; -import { getEntityTypeLabel } from './get_entity_type_label'; - -describe('getEntityTypeLabel', () => { - it('should return "Service" for the "service" entityType', () => { - const label = getEntityTypeLabel('service'); - expect(label).toBe('Service'); - }); - - it('should return "Container" for the "container" entityType', () => { - const label = getEntityTypeLabel('container'); - expect(label).toBe('Container'); - }); - - it('should return "Host" for the "host" entityType', () => { - const label = getEntityTypeLabel('host'); - expect(label).toBe('Host'); - }); - - it('should return "N/A" for an unknown entityType', () => { - const label = getEntityTypeLabel('foo' as EntityType); - expect(label).toBe('N/A'); - }); -}); diff --git a/x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.ts b/x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.ts deleted file mode 100644 index 907ea70f0f0c6..0000000000000 --- a/x-pack/plugins/observability_solution/inventory/public/utils/get_entity_type_label.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { i18n } from '@kbn/i18n'; -import { EntityType } from '../../common/entities'; - -export function getEntityTypeLabel(entityType: EntityType) { - switch (entityType) { - case 'service': - return i18n.translate('xpack.inventory.entityType.serviceLabel', { - defaultMessage: 'Service', - }); - case 'container': - return i18n.translate('xpack.inventory.entityType.containerLabel', { - defaultMessage: 'Container', - }); - case 'host': - return i18n.translate('xpack.inventory.entityType.hostLabel', { - defaultMessage: 'Host', - }); - default: - return i18n.translate('xpack.inventory.entityType.naLabel', { - defaultMessage: 'N/A', - }); - } -} diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts index 8db185f7b619f..2dfc9b8ccfdf3 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts @@ -7,8 +7,8 @@ import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client'; import { ENTITY_TYPE } from '@kbn/observability-shared-plugin/common'; -import { ENTITIES_LATEST_ALIAS, EntityType } from '../../../common/entities'; -import { getEntityDefinitionIdWhereClause, getEntityTypesWhereClause } from './query_helper'; +import { ENTITIES_LATEST_ALIAS } from '../../../common/entities'; +import { getBuiltinEntityDefinitionIdESQLWhereClause } from './query_helper'; export async function getEntityTypes({ inventoryEsClient, @@ -17,11 +17,10 @@ export async function getEntityTypes({ }) { const entityTypesEsqlResponse = await inventoryEsClient.esql('get_entity_types', { query: `FROM ${ENTITIES_LATEST_ALIAS} - | ${getEntityTypesWhereClause()} - | ${getEntityDefinitionIdWhereClause()} + | ${getBuiltinEntityDefinitionIdESQLWhereClause()} | STATS count = COUNT(${ENTITY_TYPE}) BY ${ENTITY_TYPE} `, }); - return entityTypesEsqlResponse.values.map(([_, val]) => val as EntityType); + return entityTypesEsqlResponse.values.map(([_, val]) => val as string); } diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts index 0e6c663a00890..ffd5ba9c6f855 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts @@ -5,11 +5,12 @@ * 2.0. */ -import { ContainerEntity, HostEntity, ServiceEntity } from '../../../common/entities'; +import type { Entity } from '../../../common/entities'; import { ENTITY_DEFINITION_ID, ENTITY_DISPLAY_NAME, ENTITY_ID, + ENTITY_IDENTITY_FIELDS, ENTITY_LAST_SEEN, } from '@kbn/observability-shared-plugin/common'; import { getIdentityFieldsPerEntityType } from './get_identity_fields_per_entity_type'; @@ -27,7 +28,7 @@ describe('getIdentityFields', () => { expect(result.size).toBe(0); }); it('should return a Map with unique entity types and their respective identity fields', () => { - const serviceEntity: ServiceEntity = { + const serviceEntity: Entity = { 'agent.name': 'node', 'entity.identity_fields': ['service.name', 'service.environment'], 'service.name': 'my-service', @@ -35,16 +36,16 @@ describe('getIdentityFields', () => { ...commonEntityFields, }; - const hostEntity: HostEntity = { - 'entity.identity_fields': ['host.name'], + const hostEntity: Entity = { + [ENTITY_IDENTITY_FIELDS]: ['host.name'], 'host.name': 'my-host', 'entity.type': 'host', 'cloud.provider': null, ...commonEntityFields, }; - const containerEntity: ContainerEntity = { - 'entity.identity_fields': 'container.id', + const containerEntity: Entity = { + [ENTITY_IDENTITY_FIELDS]: 'container.id', 'host.name': 'my-host', 'entity.type': 'container', 'cloud.provider': null, diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts index 0ca4eb9d21239..f54dc8a7f121f 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts @@ -6,9 +6,9 @@ */ import { ENTITY_IDENTITY_FIELDS, ENTITY_TYPE } from '@kbn/observability-shared-plugin/common'; -import { Entity, EntityType } from '../../../common/entities'; +import { Entity } from '../../../common/entities'; -export type IdentityFieldsPerEntityType = Map; +export type IdentityFieldsPerEntityType = Map; export const getIdentityFieldsPerEntityType = (entities: Entity[]) => { const identityFieldsPerEntityType: IdentityFieldsPerEntityType = new Map(); diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts index e500ce32c3cef..4fb3b930beace 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts @@ -8,15 +8,15 @@ import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client'; import { kqlQuery } from '@kbn/observability-utils/es/queries/kql_query'; import { esqlResultToPlainObjects } from '@kbn/observability-utils/es/utils/esql_result_to_plain_objects'; -import { ENTITY_LAST_SEEN } from '@kbn/observability-shared-plugin/common'; +import { ENTITY_LAST_SEEN, ENTITY_TYPE } from '@kbn/observability-shared-plugin/common'; +import type { ScalarValue } from '@elastic/elasticsearch/lib/api/types'; import { ENTITIES_LATEST_ALIAS, MAX_NUMBER_OF_ENTITIES, - type EntityType, type Entity, type EntityColumnIds, } from '../../../common/entities'; -import { getEntityDefinitionIdWhereClause, getEntityTypesWhereClause } from './query_helper'; +import { getBuiltinEntityDefinitionIdESQLWhereClause } from './query_helper'; export async function getLatestEntities({ inventoryEsClient, @@ -28,27 +28,35 @@ export async function getLatestEntities({ inventoryEsClient: ObservabilityElasticsearchClient; sortDirection: 'asc' | 'desc'; sortField: EntityColumnIds; - entityTypes?: EntityType[]; + entityTypes?: string[]; kuery?: string; }) { // alertsCount doesn't exist in entities index. Ignore it and sort by entity.lastSeenTimestamp by default. const entitiesSortField = sortField === 'alertsCount' ? ENTITY_LAST_SEEN : sortField; - const request = { - query: `FROM ${ENTITIES_LATEST_ALIAS} - | ${getEntityTypesWhereClause(entityTypes)} - | ${getEntityDefinitionIdWhereClause()} - | SORT ${entitiesSortField} ${sortDirection} - | LIMIT ${MAX_NUMBER_OF_ENTITIES} - `, + const from = `FROM ${ENTITIES_LATEST_ALIAS}`; + const where: string[] = [getBuiltinEntityDefinitionIdESQLWhereClause()]; + const params: ScalarValue[] = []; + + if (entityTypes) { + where.push(`WHERE ${ENTITY_TYPE} IN (${entityTypes.map(() => '?').join()})`); + params.push(...entityTypes.map((entityType) => entityType)); + } + + const sort = `SORT ${entitiesSortField} ${sortDirection}`; + const limit = `LIMIT ${MAX_NUMBER_OF_ENTITIES}`; + + const query = [from, ...where, sort, limit].join(' | '); + + const latestEntitiesEsqlResponse = await inventoryEsClient.esql('get_latest_entities', { + query, filter: { bool: { filter: [...kqlQuery(kuery)], }, }, - }; - - const latestEntitiesEsqlResponse = await inventoryEsClient.esql('get_latest_entities', request); + params, + }); return esqlResultToPlainObjects(latestEntitiesEsqlResponse); } diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts index 4e6ce545a079e..e969f1d537e99 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts @@ -7,17 +7,17 @@ import { kqlQuery, termQuery } from '@kbn/observability-plugin/server'; import { ALERT_STATUS, ALERT_STATUS_ACTIVE } from '@kbn/rule-data-utils'; +import { ENTITY_TYPE } from '@kbn/observability-shared-plugin/common'; import { AlertsClient } from '../../lib/create_alerts_client.ts/create_alerts_client'; import { getGroupByTermsAgg } from './get_group_by_terms_agg'; import { IdentityFieldsPerEntityType } from './get_identity_fields_per_entity_type'; -import { EntityType } from '../../../common/entities'; interface Bucket { key: Record; doc_count: number; } -type EntityTypeBucketsAggregation = Record; +type EntityTypeBucketsAggregation = Record; export async function getLatestEntitiesAlerts({ alertsClient, @@ -27,7 +27,7 @@ export async function getLatestEntitiesAlerts({ alertsClient: AlertsClient; kuery?: string; identityFieldsPerEntityType: IdentityFieldsPerEntityType; -}): Promise> { +}): Promise> { if (identityFieldsPerEntityType.size === 0) { return []; } @@ -56,7 +56,7 @@ export async function getLatestEntitiesAlerts({ return buckets.map((bucket: Bucket) => ({ alertsCount: bucket.doc_count, - type: entityType, + [ENTITY_TYPE]: entityType, ...bucket.key, })); }); diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/query_helper.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/query_helper.ts index 0a3e97418da92..5a8cd08eaa0d8 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/query_helper.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/query_helper.ts @@ -5,13 +5,7 @@ * 2.0. */ -import { ENTITY_DEFINITION_ID, ENTITY_TYPE } from '@kbn/observability-shared-plugin/common'; -import { EntityType, defaultEntityTypes, defaultEntityDefinitions } from '../../../common/entities'; +import { ENTITY_DEFINITION_ID } from '@kbn/observability-shared-plugin/common'; -export const getEntityTypesWhereClause = (entityTypes: EntityType[] = defaultEntityTypes) => - `WHERE ${ENTITY_TYPE} IN (${entityTypes.map((entityType) => `"${entityType}"`).join()})`; - -export const getEntityDefinitionIdWhereClause = () => - `WHERE ${ENTITY_DEFINITION_ID} IN (${[...defaultEntityDefinitions] - .map((buildin) => `"${buildin}"`) - .join()})`; +export const getBuiltinEntityDefinitionIdESQLWhereClause = () => + `WHERE ${ENTITY_DEFINITION_ID} LIKE "builtin_*"`; diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts index eb80f80d02730..67b3803dd98de 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts @@ -10,7 +10,7 @@ import { createObservabilityEsClient } from '@kbn/observability-utils/es/client/ import * as t from 'io-ts'; import { orderBy } from 'lodash'; import { joinByKey } from '@kbn/observability-utils/array/join_by_key'; -import { entityTypeRt, entityColumnIdsRt, Entity } from '../../../common/entities'; +import { entityColumnIdsRt, Entity } from '../../../common/entities'; import { createInventoryServerRoute } from '../create_inventory_server_route'; import { getEntityTypes } from './get_entity_types'; import { getLatestEntities } from './get_latest_entities'; @@ -45,7 +45,7 @@ export const listLatestEntitiesRoute = createInventoryServerRoute({ sortDirection: t.union([t.literal('asc'), t.literal('desc')]), }), t.partial({ - entityTypes: jsonRt.pipe(t.array(entityTypeRt)), + entityTypes: jsonRt.pipe(t.array(t.string)), kuery: t.string, }), ]), @@ -53,7 +53,13 @@ export const listLatestEntitiesRoute = createInventoryServerRoute({ options: { tags: ['access:inventory'], }, - handler: async ({ params, context, logger, plugins, request }) => { + handler: async ({ + params, + context, + logger, + plugins, + request, + }): Promise<{ entities: Entity[] }> => { const coreContext = await context.core; const inventoryEsClient = createObservabilityEsClient({ client: coreContext.elasticsearch.client.asCurrentUser, @@ -85,7 +91,7 @@ export const listLatestEntitiesRoute = createInventoryServerRoute({ const joined = joinByKey( [...latestEntities, ...alerts], [...identityFieldsPerEntityType.values()].flat() - ).filter((entity) => entity['entity.id']); + ).filter((entity) => entity['entity.id']) as Entity[]; return { entities: diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts b/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts index 465e720938b32..27ba8c0fe46c3 100644 --- a/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts +++ b/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts @@ -7,10 +7,7 @@ import type { Logger } from '@kbn/core/server'; import { esqlResultToPlainObjects } from '@kbn/observability-utils/es/utils/esql_result_to_plain_objects'; import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client'; -import { - getEntityDefinitionIdWhereClause, - getEntityTypesWhereClause, -} from '../entities/query_helper'; +import { getBuiltinEntityDefinitionIdESQLWhereClause } from '../entities/query_helper'; import { ENTITIES_LATEST_ALIAS } from '../../../common/entities'; export async function getHasData({ @@ -23,8 +20,7 @@ export async function getHasData({ try { const esqlResults = await inventoryEsClient.esql('get_has_data', { query: `FROM ${ENTITIES_LATEST_ALIAS} - | ${getEntityDefinitionIdWhereClause()} - | ${getEntityTypesWhereClause()} + | ${getBuiltinEntityDefinitionIdESQLWhereClause()} | STATS _count = COUNT(*) | LIMIT 1`, }); From 1267bd7129912690d469ae6d359c8242a679dfb8 Mon Sep 17 00:00:00 2001 From: Ash <1849116+ashokaditya@users.noreply.github.com> Date: Thu, 24 Oct 2024 15:48:33 +0200 Subject: [PATCH 38/99] [DataUsage][Serverless] Handle usage metrics errors (#197056) --- .../app/components/data_usage_metrics.tsx | 28 +++++++++++++-- .../public/hooks/use_get_data_streams.ts | 24 ++++--------- .../public/hooks/use_get_usage_metrics.ts | 36 ++++++++----------- .../data_usage/server/routes/error_handler.ts | 8 +++++ .../data_usage/server/services/autoops_api.ts | 26 +++++++------- .../data_usage/server/services/errors.ts | 10 ++++++ .../data_usage/server/services/index.ts | 24 +++++++++---- 7 files changed, 94 insertions(+), 62 deletions(-) create mode 100644 x-pack/plugins/data_usage/server/services/errors.ts diff --git a/x-pack/plugins/data_usage/public/app/components/data_usage_metrics.tsx b/x-pack/plugins/data_usage/public/app/components/data_usage_metrics.tsx index 48b6566df9e66..929ebf7a02490 100644 --- a/x-pack/plugins/data_usage/public/app/components/data_usage_metrics.tsx +++ b/x-pack/plugins/data_usage/public/app/components/data_usage_metrics.tsx @@ -8,6 +8,7 @@ import React, { useCallback, useEffect, useMemo, useState } from 'react'; import { css } from '@emotion/react'; import { EuiFlexGroup, EuiFlexItem, EuiLoadingElastic } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; import { Charts } from './charts'; import { useBreadcrumbs } from '../../utils/use_breadcrumbs'; import { useKibanaContextForPlugin } from '../../utils/use_kibana'; @@ -29,7 +30,7 @@ const FlexItemWithCss = ({ children }: { children: React.ReactNode }) => ( export const DataUsageMetrics = () => { const { - services: { chrome, appParams }, + services: { chrome, appParams, notifications }, } = useKibanaContextForPlugin(); useBreadcrumbs([{ text: PLUGIN_NAME }], appParams, chrome); @@ -43,10 +44,15 @@ export const DataUsageMetrics = () => { setUrlDateRangeFilter, } = useDataUsageMetricsUrlParams(); - const { data: dataStreams, isFetching: isFetchingDataStreams } = useGetDataUsageDataStreams({ + const { + error: errorFetchingDataStreams, + data: dataStreams, + isFetching: isFetchingDataStreams, + } = useGetDataUsageDataStreams({ selectedDataStreams: dataStreamsFromUrl, options: { enabled: true, + retry: false, }, }); @@ -93,6 +99,7 @@ export const DataUsageMetrics = () => { const { dateRangePickerState, onRefreshChange, onTimeChange } = useDateRangePicker(); const { + error: errorFetchingDataUsageMetrics, data, isFetching, isFetched, @@ -157,6 +164,23 @@ export const DataUsageMetrics = () => { onChangeMetricTypesFilter, ]); + if (errorFetchingDataUsageMetrics) { + notifications.toasts.addDanger({ + title: i18n.translate('xpack.dataUsage.getMetrics.addFailure.toast.title', { + defaultMessage: 'Error getting usage metrics', + }), + text: errorFetchingDataUsageMetrics.message, + }); + } + if (errorFetchingDataStreams) { + notifications.toasts.addDanger({ + title: i18n.translate('xpack.dataUsage.getDataStreams.addFailure.toast.title', { + defaultMessage: 'Error getting data streams', + }), + text: errorFetchingDataStreams.message, + }); + } + return ( diff --git a/x-pack/plugins/data_usage/public/hooks/use_get_data_streams.ts b/x-pack/plugins/data_usage/public/hooks/use_get_data_streams.ts index 35f53c49e2c28..598acca3c1faf 100644 --- a/x-pack/plugins/data_usage/public/hooks/use_get_data_streams.ts +++ b/x-pack/plugins/data_usage/public/hooks/use_get_data_streams.ts @@ -6,7 +6,6 @@ */ import type { UseQueryOptions, UseQueryResult } from '@tanstack/react-query'; -import { i18n } from '@kbn/i18n'; import { useQuery } from '@tanstack/react-query'; import type { IHttpFetchError } from '@kbn/core-http-browser'; import { DATA_USAGE_DATA_STREAMS_API_ROUTE } from '../../common'; @@ -33,22 +32,19 @@ export const useGetDataUsageDataStreams = ({ options?: UseQueryOptions; }): UseQueryResult => { const http = useKibanaContextForPlugin().services.http; - const { - services: { notifications }, - } = useKibanaContextForPlugin(); return useQuery({ queryKey: ['get-data-usage-data-streams'], ...options, keepPreviousData: true, queryFn: async () => { - const dataStreamsResponse = await http.get( - DATA_USAGE_DATA_STREAMS_API_ROUTE, - { + const dataStreamsResponse = await http + .get(DATA_USAGE_DATA_STREAMS_API_ROUTE, { version: '1', - // query: {}, - } - ); + }) + .catch((error) => { + throw error.body; + }); const augmentedDataStreamsBasedOnSelectedItems = dataStreamsResponse.reduce<{ selected: GetDataUsageDataStreamsResponse; @@ -87,13 +83,5 @@ export const useGetDataUsageDataStreams = ({ : PAGING_PARAMS.default ); }, - onError: (error: IHttpFetchError) => { - notifications.toasts.addDanger({ - title: i18n.translate('xpack.dataUsage.getDataStreams.addFailure.toast.title', { - defaultMessage: 'Error getting data streams', - }), - text: error.message, - }); - }, }); }; diff --git a/x-pack/plugins/data_usage/public/hooks/use_get_usage_metrics.ts b/x-pack/plugins/data_usage/public/hooks/use_get_usage_metrics.ts index bbd0f5d8aa02f..7e7406d72b9c0 100644 --- a/x-pack/plugins/data_usage/public/hooks/use_get_usage_metrics.ts +++ b/x-pack/plugins/data_usage/public/hooks/use_get_usage_metrics.ts @@ -6,7 +6,6 @@ */ import type { UseQueryOptions, UseQueryResult } from '@tanstack/react-query'; -import { i18n } from '@kbn/i18n'; import { useQuery } from '@tanstack/react-query'; import type { IHttpFetchError } from '@kbn/core-http-browser'; import { UsageMetricsRequestBody, UsageMetricsResponseSchemaBody } from '../../common/rest_types'; @@ -23,33 +22,26 @@ export const useGetDataUsageMetrics = ( options: UseQueryOptions> = {} ): UseQueryResult> => { const http = useKibanaContextForPlugin().services.http; - const { - services: { notifications }, - } = useKibanaContextForPlugin(); return useQuery>({ queryKey: ['get-data-usage-metrics', body], ...options, keepPreviousData: true, queryFn: async ({ signal }) => { - return http.post(DATA_USAGE_METRICS_API_ROUTE, { - signal, - version: '1', - body: JSON.stringify({ - from: body.from, - to: body.to, - metricTypes: body.metricTypes, - dataStreams: body.dataStreams, - }), - }); - }, - onError: (error: IHttpFetchError) => { - notifications.toasts.addDanger({ - title: i18n.translate('xpack.dataUsage.getMetrics.addFailure.toast.title', { - defaultMessage: 'Error getting usage metrics', - }), - text: error.message, - }); + return http + .post(DATA_USAGE_METRICS_API_ROUTE, { + signal, + version: '1', + body: JSON.stringify({ + from: body.from, + to: body.to, + metricTypes: body.metricTypes, + dataStreams: body.dataStreams, + }), + }) + .catch((error) => { + throw error.body; + }); }, }); }; diff --git a/x-pack/plugins/data_usage/server/routes/error_handler.ts b/x-pack/plugins/data_usage/server/routes/error_handler.ts index 122df5e72b130..b889d12674db5 100644 --- a/x-pack/plugins/data_usage/server/routes/error_handler.ts +++ b/x-pack/plugins/data_usage/server/routes/error_handler.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse, KibanaResponseFactory, Logger } from '@kbn/core/server'; import { CustomHttpRequestError } from '../utils/custom_http_request_error'; import { BaseError } from '../common/errors'; +import { AutoOpsError } from '../services/errors'; export class NotFoundError extends BaseError {} @@ -31,6 +32,13 @@ export const errorHandler = ( }); } + if (error instanceof AutoOpsError) { + return res.customError({ + statusCode: 503, + body: error, + }); + } + if (error instanceof NotFoundError) { return res.notFound({ body: error }); } diff --git a/x-pack/plugins/data_usage/server/services/autoops_api.ts b/x-pack/plugins/data_usage/server/services/autoops_api.ts index ece0ec86116f2..e5ffe24c6167a 100644 --- a/x-pack/plugins/data_usage/server/services/autoops_api.ts +++ b/x-pack/plugins/data_usage/server/services/autoops_api.ts @@ -18,7 +18,11 @@ import { } from '../../common/rest_types'; import { AppContextService } from './app_context'; import { AutoOpsConfig } from '../types'; +import { AutoOpsError } from './errors'; +const AGENT_CREATION_FAILED_ERROR = 'AutoOps API could not create the autoops agent'; +const AUTO_OPS_AGENT_CREATION_PREFIX = '[AutoOps API] Creating autoops agent failed'; +const AUTO_OPS_MISSING_CONFIG_ERROR = 'Missing autoops configuration'; export class AutoOpsAPIService { constructor(private appContextService: AppContextService) {} public async autoOpsUsageMetricsAPI(requestBody: UsageMetricsRequestBody) { @@ -34,8 +38,8 @@ export class AutoOpsAPIService { const autoopsConfig = this.appContextService.getConfig()?.autoops; if (!autoopsConfig) { - logger.error('[AutoOps API] Missing autoops configuration', errorMetadata); - throw new Error('missing autoops configuration'); + logger.error(`[AutoOps API] ${AUTO_OPS_MISSING_CONFIG_ERROR}`, errorMetadata); + throw new AutoOpsError(AUTO_OPS_MISSING_CONFIG_ERROR); } logger.debug( @@ -86,7 +90,7 @@ export class AutoOpsAPIService { (error: Error | AxiosError) => { if (!axios.isAxiosError(error)) { logger.error( - `[AutoOps API] Creating autoops failed with an error ${error} ${requestConfigDebugStatus}`, + `${AUTO_OPS_AGENT_CREATION_PREFIX} with an error ${error} ${requestConfigDebugStatus}`, errorMetadataWithRequestConfig ); throw new Error(withRequestIdMessage(error.message)); @@ -97,7 +101,7 @@ export class AutoOpsAPIService { if (error.response) { // The request was made and the server responded with a status code and error data logger.error( - `[AutoOps API] Creating autoops failed because the AutoOps API responding with a status code that falls out of the range of 2xx: ${JSON.stringify( + `${AUTO_OPS_AGENT_CREATION_PREFIX} because the AutoOps API responded with a status code that falls out of the range of 2xx: ${JSON.stringify( error.response.status )}} ${JSON.stringify(error.response.data)}} ${requestConfigDebugStatus}`, { @@ -111,30 +115,26 @@ export class AutoOpsAPIService { }, } ); - throw new Error( - withRequestIdMessage(`the AutoOps API could not create the autoops agent`) - ); + throw new AutoOpsError(withRequestIdMessage(AGENT_CREATION_FAILED_ERROR)); } else if (error.request) { // The request was made but no response was received logger.error( - `[AutoOps API] Creating autoops agent failed while sending the request to the AutoOps API: ${errorLogCodeCause} ${requestConfigDebugStatus}`, + `${AUTO_OPS_AGENT_CREATION_PREFIX} while sending the request to the AutoOps API: ${errorLogCodeCause} ${requestConfigDebugStatus}`, errorMetadataWithRequestConfig ); throw new Error(withRequestIdMessage(`no response received from the AutoOps API`)); } else { // Something happened in setting up the request that triggered an Error logger.error( - `[AutoOps API] Creating autoops agent failed to be created ${errorLogCodeCause} ${requestConfigDebugStatus}`, + `${AUTO_OPS_AGENT_CREATION_PREFIX} to be created ${errorLogCodeCause} ${requestConfigDebugStatus}`, errorMetadataWithRequestConfig ); - throw new Error( - withRequestIdMessage('the AutoOps API could not create the autoops agent') - ); + throw new AutoOpsError(withRequestIdMessage(AGENT_CREATION_FAILED_ERROR)); } } ); - logger.debug(`[AutoOps API] Created an autoops agent ${response}`); + logger.debug(`[AutoOps API] Successfully created an autoops agent ${response}`); return response; } diff --git a/x-pack/plugins/data_usage/server/services/errors.ts b/x-pack/plugins/data_usage/server/services/errors.ts new file mode 100644 index 0000000000000..0574e2a3c75fb --- /dev/null +++ b/x-pack/plugins/data_usage/server/services/errors.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { BaseError } from '../common/errors'; + +export class AutoOpsError extends BaseError {} diff --git a/x-pack/plugins/data_usage/server/services/index.ts b/x-pack/plugins/data_usage/server/services/index.ts index 4026891180a78..9ccd08861a26c 100644 --- a/x-pack/plugins/data_usage/server/services/index.ts +++ b/x-pack/plugins/data_usage/server/services/index.ts @@ -4,10 +4,12 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ +import { ValidationError } from '@kbn/config-schema'; import { AppContextService } from './app_context'; import { AutoOpsAPIService } from './autoops_api'; import type { DataUsageContext } from '../types'; import { MetricTypes } from '../../common/rest_types'; +import { AutoOpsError } from './errors'; export class DataUsageService { private appContextService: AppContextService; @@ -32,12 +34,20 @@ export class DataUsageService { metricTypes: MetricTypes[]; dataStreams: string[]; }) { - const response = await this.autoOpsAPIService.autoOpsUsageMetricsAPI({ - from, - to, - metricTypes, - dataStreams, - }); - return response.data; + try { + const response = await this.autoOpsAPIService.autoOpsUsageMetricsAPI({ + from, + to, + metricTypes, + dataStreams, + }); + return response.data; + } catch (error) { + if (error instanceof ValidationError) { + throw new AutoOpsError(error.message); + } + + throw error; + } } } From 8f36175adcf49c0fe57b9e8f11bc1089a7a7b45b Mon Sep 17 00:00:00 2001 From: "Joey F. Poon" Date: Thu, 24 Oct 2024 22:51:04 +0900 Subject: [PATCH 39/99] [Security Solution] update endpoint serverless metering (#197291) ## Summary serverless endpoint metering now checks for heartbeats from all namespaces. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) --- .../security_solution/common/endpoint/constants.ts | 1 + .../data_loaders/index_endpoint_hearbeats.ts | 5 +++-- .../endpoint/services/metering_service.test.ts | 12 +++++++----- .../server/endpoint/services/metering_service.ts | 5 +++-- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/security_solution/common/endpoint/constants.ts b/x-pack/plugins/security_solution/common/endpoint/constants.ts index 2a11d047dd865..534d7e5c2b8a4 100644 --- a/x-pack/plugins/security_solution/common/endpoint/constants.ts +++ b/x-pack/plugins/security_solution/common/endpoint/constants.ts @@ -53,6 +53,7 @@ export const policyIndexPattern = 'metrics-endpoint.policy-*'; export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*'; export const ENDPOINT_HEARTBEAT_INDEX = '.logs-endpoint.heartbeat-default'; +export const ENDPOINT_HEARTBEAT_INDEX_PATTERN = '.logs-endpoint.heartbeat-*'; // File storage indexes supporting endpoint Upload/download export const FILE_STORAGE_METADATA_INDEX = getFileMetadataIndexName('endpoint'); diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts index ff6381cb9d3df..85a6242162086 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts @@ -7,7 +7,7 @@ import type { Client, estypes } from '@elastic/elasticsearch'; import type { ToolingLog } from '@kbn/tooling-log'; -import { ENDPOINT_HEARTBEAT_INDEX } from '../constants'; + import { createToolingLogger } from './utils'; export interface IndexedEndpointHeartbeats { @@ -79,7 +79,8 @@ export const indexEndpointHeartbeats = async ( const operations = docs.concat(unbilledDocs).flatMap((doc) => [ { index: { - _index: ENDPOINT_HEARTBEAT_INDEX, + // simulating different namespaces + _index: `.logs-endpoint.heartbeat-${doc.agent.id.slice(-1)}`, op_type: 'create', }, }, diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts index 9ef80a63f0a4a..323d85e9b9ab5 100644 --- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts +++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts @@ -5,16 +5,18 @@ * 2.0. */ -import { loggingSystemMock } from '@kbn/core-logging-server-mocks'; -import { type ElasticsearchClientMock, elasticsearchServiceMock } from '@kbn/core/server/mocks'; +import type { ElasticsearchClientMock } from '@kbn/core/server/mocks'; import type { AggregationsAggregate, SearchResponse } from '@elastic/elasticsearch/lib/api/types'; import type { CloudSetup } from '@kbn/cloud-plugin/server'; import type { EndpointHeartbeat } from '@kbn/security-solution-plugin/common/endpoint/types'; -import { ENDPOINT_HEARTBEAT_INDEX } from '@kbn/security-solution-plugin/common/endpoint/constants'; -import { ProductLine, ProductTier } from '../../../common/product'; +import { elasticsearchServiceMock } from '@kbn/core/server/mocks'; +import { ENDPOINT_HEARTBEAT_INDEX_PATTERN } from '@kbn/security-solution-plugin/common/endpoint/constants'; +import { loggingSystemMock } from '@kbn/core-logging-server-mocks'; import type { ServerlessSecurityConfig } from '../../config'; + +import { ProductLine, ProductTier } from '../../../common/product'; import { METERING_TASK } from '../constants/metering'; import { EndpointMeteringService } from './metering_service'; @@ -59,7 +61,7 @@ describe('EndpointMeteringService', () => { hits: { hits: [ { - _index: ENDPOINT_HEARTBEAT_INDEX, + _index: ENDPOINT_HEARTBEAT_INDEX_PATTERN, _id: 'test-heartbeat-doc-id', _source: { agent: { diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts index 2d253633b7231..3f3ff94d0aa77 100644 --- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts +++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts @@ -7,9 +7,10 @@ import type { AggregationsAggregate, SearchResponse } from '@elastic/elasticsearch/lib/api/types'; import type { ElasticsearchClient } from '@kbn/core/server'; -import { ENDPOINT_HEARTBEAT_INDEX } from '@kbn/security-solution-plugin/common/endpoint/constants'; import type { EndpointHeartbeat } from '@kbn/security-solution-plugin/common/endpoint/types'; +import { ENDPOINT_HEARTBEAT_INDEX_PATTERN } from '@kbn/security-solution-plugin/common/endpoint/constants'; + import { METERING_SERVICE_BATCH_SIZE } from '../../constants'; import { ProductLine, ProductTier } from '../../../common/product'; @@ -83,7 +84,7 @@ export class EndpointMeteringService { ): Promise>> { return esClient.search( { - index: ENDPOINT_HEARTBEAT_INDEX, + index: ENDPOINT_HEARTBEAT_INDEX_PATTERN, sort: 'event.ingested', size: METERING_SERVICE_BATCH_SIZE, query: { From 4c0b5c5e9fb967f78c2486758b6580f469f144c4 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Thu, 24 Oct 2024 06:59:31 -0700 Subject: [PATCH 40/99] [Reporting/Tests] Improvements for task stability in serverless tests (#195841) ## Summary Continuation of https://github.com/elastic/kibana/pull/192417. This PR attempts to further improve task stability of the reporting task. The original goals were: 1. Ensure the test data that is needed for the report gets loaded 2. Wait for report jobs to finish before the test completes. Errors in task success metrics also occur if the task triggers after resources for the report, such as a saved search, are removed before the task triggers. During development of this PR, more issues were discovered: 3. Requests to internal endpoints should use cookie credentials 4. The CSV export from ES|QL test was hitting a 404 error when it tried to download the CSV. That error was included in the test. In other words, that test was fundamentaly broken. ## Testing locally 1. Run the serverless functional tests: 1. **Reporting management app**: `node scripts/functional_tests.js --config=x-pack/test_serverless/functional/test_suites/observability/common_configs/config.group1.ts --grep=Reporting` 1. **CSV export in Discover**: `node scripts/functional_tests.js --config=x-pack/test_serverless/functional/test_suites/observability/common_configs/config.group6.ts --grep=CSV` 1. **Reporting API integration tests**: `node scripts/functional_tests.js --config=x-pack/test_serverless/api_integration/test_suites/search/common_configs/config.group1.ts --grep=Reporting` 3. Ensure that there are no error logs from Task Manager regarding task failure --------- Co-authored-by: Dzmitry Lemechko --- .../reporting/__snapshots__/csv_v2_esql.snap | 31 +++++- .../common/reporting/csv_v2_esql.ts | 25 +++-- .../common/reporting/datastream.ts | 18 ++- .../common/reporting/generate_csv_discover.ts | 84 +++++++------- .../common/reporting/management.ts | 105 +++++++++--------- .../common/reporting/management.ts | 47 ++++---- .../shared/services/svl_reporting.ts | 35 +++--- 7 files changed, 191 insertions(+), 154 deletions(-) diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/__snapshots__/csv_v2_esql.snap b/x-pack/test_serverless/api_integration/test_suites/common/reporting/__snapshots__/csv_v2_esql.snap index 83c8c2982c4f5..e6ceffaa3b4ab 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/__snapshots__/csv_v2_esql.snap +++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/__snapshots__/csv_v2_esql.snap @@ -1,21 +1,40 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`Reporting CSV Generation from ES|QL export from non-timebased data view csv from es|ql csv file matches 1`] = `"{\\"statusCode\\":404,\\"error\\":\\"Not Found\\",\\"message\\":\\"Not Found\\"}"`; +exports[`Reporting CSV Generation from ES|QL export from non-timebased data view csv from es|ql csv file matches 1`] = ` +"eon,epoch,era,period +Phanerozoic,\\" Pliocene\\",Cenozoic,Neogene +Phanerozoic,\\" Holocene\\",Cenozoic,Quaternary +Phanerozoic,,Mesozoic,Cretaceous +Phanerozoic,,Mesozoic,Jurassic +Phanerozoic,,Paleozoic,Cambrian +Proterozoic,,Paleozoic,Permian +Archean,,, +Hadean,,, +" +`; exports[`Reporting CSV Generation from ES|QL export from non-timebased data view csv from es|ql job response data is correct 1`] = ` Object { - "contentDisposition": undefined, - "contentType": "application/json; charset=utf-8", + "contentDisposition": "attachment; filename=CSV%20Report.csv", + "contentType": "text/csv; charset=utf-8", "title": "CSV Report", } `; -exports[`Reporting CSV Generation from ES|QL export from timebased data view csv from es|ql export with time filter csv file matches 1`] = `"{\\"statusCode\\":404,\\"error\\":\\"Not Found\\",\\"message\\":\\"Not Found\\"}"`; +exports[`Reporting CSV Generation from ES|QL export from timebased data view csv from es|ql export with time filter csv file matches 1`] = ` +"\\"@message\\" +\\"143.84.142.7 - - [2015-09-20T00:00:00.000Z] \\"\\"GET /uploads/steven-hawley.jpg HTTP/1.1\\"\\" 200 1623 \\"\\"-\\"\\" \\"\\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\\"\\"\\" +\\"193.164.192.47 - - [2015-09-20T00:30:34.206Z] \\"\\"GET /uploads/michael-foreman.jpg HTTP/1.1\\"\\" 200 8537 \\"\\"-\\"\\" \\"\\"Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1\\"\\"\\" +\\"176.7.244.68 - - [2015-09-20T00:32:42.058Z] \\"\\"GET /uploads/james-pawelczyk.jpg HTTP/1.1\\"\\" 200 9196 \\"\\"-\\"\\" \\"\\"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24\\"\\"\\" +\\"237.56.90.184 - - [2015-09-20T00:35:21.445Z] \\"\\"GET /uploads/david-leestma.jpg HTTP/1.1\\"\\" 200 9790 \\"\\"-\\"\\" \\"\\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\\"\\"\\" +\\"255.56.89.50 - - [2015-09-20T00:43:01.353Z] \\"\\"GET /uploads/michael-r-barratt.jpg HTTP/1.1\\"\\" 200 9583 \\"\\"-\\"\\" \\"\\"Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1\\"\\"\\" +" +`; exports[`Reporting CSV Generation from ES|QL export from timebased data view csv from es|ql export with time filter job response data is correct 1`] = ` Object { - "contentDisposition": undefined, - "contentType": "application/json; charset=utf-8", + "contentDisposition": "attachment; filename=Untitled%20discover%20search.csv", + "contentType": "text/csv; charset=utf-8", "title": "Untitled discover search", } `; diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/csv_v2_esql.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/csv_v2_esql.ts index e74eb14ac31d7..022f22a144b6e 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/csv_v2_esql.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/csv_v2_esql.ts @@ -9,20 +9,20 @@ import expect from '@kbn/expect'; import request from 'supertest'; import { DISCOVER_APP_LOCATOR } from '@kbn/discover-plugin/common'; -import { InternalRequestHeader, RoleCredentials } from '@kbn/ftr-common-functional-services'; +import { CookieCredentials, InternalRequestHeader } from '@kbn/ftr-common-functional-services'; import type { ReportApiJSON } from '@kbn/reporting-common/types'; import type { JobParamsCsvFromSavedObject } from '@kbn/reporting-export-types-csv-common'; import { FtrProviderContext } from '../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const es = getService('es'); - const supertest = getService('supertest'); + const supertestWithoutAuth = getService('supertestWithoutAuth'); const esArchiver = getService('esArchiver'); const log = getService('log'); const reportingAPI = getService('svlReportingApi'); const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - let roleAuthc: RoleCredentials; + const samlAuth = getService('samlAuth'); + let cookieCredentials: CookieCredentials; let internalReqHeader: InternalRequestHeader; // Helper function @@ -38,7 +38,12 @@ export default ({ getService }: FtrProviderContext) => { }; log.info(`sending request for query: ${JSON.stringify(job.locatorParams[0].params.query)}`); - return await reportingAPI.createReportJobInternal('csv_v2', job, roleAuthc, internalReqHeader); + return await reportingAPI.createReportJobInternal( + 'csv_v2', + job, + cookieCredentials, + internalReqHeader + ); }; describe('CSV Generation from ES|QL', () => { @@ -84,7 +89,7 @@ export default ({ getService }: FtrProviderContext) => { }; before(async () => { await loadTimelessData(); - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); + cookieCredentials = await samlAuth.getM2MApiCookieCredentialsWithRoleScope('admin'); internalReqHeader = svlCommonApi.getInternalRequestHeader(); }); @@ -112,8 +117,8 @@ export default ({ getService }: FtrProviderContext) => { }, ], })); - await reportingAPI.waitForJobToFinish(path, roleAuthc, internalReqHeader); - response = await supertest.get(path); + await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader); + response = await supertestWithoutAuth.get(path).set(cookieCredentials); csvFile = response.text; }); @@ -184,8 +189,8 @@ export default ({ getService }: FtrProviderContext) => { ], title: 'Untitled discover search', })); - await reportingAPI.waitForJobToFinish(path, roleAuthc, internalReqHeader); - response = await supertest.get(path); + await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader); + response = await supertestWithoutAuth.get(path).set(cookieCredentials); csvFile = response.text; }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts index ce9fe313ecf88..671b42f5a02a3 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts @@ -6,8 +6,12 @@ */ import { expect } from 'expect'; +import { + CookieCredentials, + InternalRequestHeader, + RoleCredentials, +} from '@kbn/ftr-common-functional-services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); @@ -16,7 +20,9 @@ export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const svlUserManager = getService('svlUserManager'); + const samlAuth = getService('samlAuth'); let roleAuthc: RoleCredentials; + let cookieCredentials: CookieCredentials; let internalReqHeader: InternalRequestHeader; const archives: Record = { @@ -30,12 +36,13 @@ export default function ({ getService }: FtrProviderContext) { const generatedReports = new Set(); before(async () => { roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); + cookieCredentials = await samlAuth.getM2MApiCookieCredentialsWithRoleScope('admin'); internalReqHeader = svlCommonApi.getInternalRequestHeader(); await esArchiver.load(archives.ecommerce.data); await kibanaServer.importExport.load(archives.ecommerce.savedObjects); - const { job } = await reportingAPI.createReportJobInternal( + const { job, path } = await reportingAPI.createReportJobInternal( 'csv_searchsource', { browserTimezone: 'UTC', @@ -48,16 +55,17 @@ export default function ({ getService }: FtrProviderContext) { title: 'Ecommerce Data', version: '8.15.0', }, - roleAuthc, + cookieCredentials, internalReqHeader ); + await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader); generatedReports.add(job.id); }); after(async () => { for (const reportId of generatedReports) { - await reportingAPI.deleteReport(reportId, roleAuthc, internalReqHeader); + await reportingAPI.deleteReport(reportId, cookieCredentials, internalReqHeader); } await esArchiver.unload(archives.ecommerce.data); @@ -69,7 +77,7 @@ export default function ({ getService }: FtrProviderContext) { const { status, body } = await supertestWithoutAuth .get(`/api/index_management/data_streams/.kibana-reporting`) .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + .set(roleAuthc.apiKeyHeader); // use API key since the datastream management API is a public endpoint svlCommonApi.assertResponseStatusCode(200, status, body); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts index dd070d9a84aa2..c654e5e307f86 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/generate_csv_discover.ts @@ -9,7 +9,7 @@ import expect from '@kbn/expect'; import type { SortDirection } from '@kbn/data-plugin/common'; import type { JobParamsCSV } from '@kbn/reporting-export-types-csv-common'; import type { Filter } from '@kbn/es-query'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import { CookieCredentials, InternalRequestHeader } from '@kbn/ftr-common-functional-services'; import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { @@ -17,8 +17,8 @@ export default function ({ getService }: FtrProviderContext) { const kibanaServer = getService('kibanaServer'); const reportingAPI = getService('svlReportingApi'); const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - let roleAuthc: RoleCredentials; + const samlAuth = getService('samlAuth'); + let cookieCredentials: CookieCredentials; let internalReqHeader: InternalRequestHeader; /* @@ -79,7 +79,7 @@ export default function ({ getService }: FtrProviderContext) { this.timeout(12 * 60 * 1000); before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); + cookieCredentials = await samlAuth.getM2MApiCookieCredentialsWithRoleScope('admin'); internalReqHeader = svlCommonApi.getInternalRequestHeader(); }); @@ -90,10 +90,6 @@ export default function ({ getService }: FtrProviderContext) { }); }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); - }); - describe('exported CSV', () => { before(async () => { await esArchiver.load(archives.ecommerce.data); @@ -169,13 +165,13 @@ export default function ({ getService }: FtrProviderContext) { title: 'Ecommerce Data', version: '8.14.0', }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(124183); @@ -212,11 +208,11 @@ export default function ({ getService }: FtrProviderContext) { title: 'Untitled discover search', version: '8.14.0', }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); - return reportingAPI.getCompletedJobOutput(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); + return reportingAPI.getCompletedJobOutput(res.path, cookieCredentials, internalReqHeader); } it('includes an unmapped field to the report', async () => { @@ -359,13 +355,13 @@ export default function ({ getService }: FtrProviderContext) { }, }, }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(1270683); @@ -411,13 +407,13 @@ export default function ({ getService }: FtrProviderContext) { }, }, }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(918298); @@ -469,13 +465,13 @@ export default function ({ getService }: FtrProviderContext) { }, columns: ['@timestamp', 'clientip', 'extension'], }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(3020); @@ -515,13 +511,13 @@ export default function ({ getService }: FtrProviderContext) { }, columns: ['@timestamp', 'clientip', 'extension'], }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(3020); @@ -555,13 +551,13 @@ export default function ({ getService }: FtrProviderContext) { }, columns: ['date', 'message'], }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(103); @@ -584,13 +580,13 @@ export default function ({ getService }: FtrProviderContext) { }, columns: ['date', 'message'], }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(103); @@ -627,13 +623,13 @@ export default function ({ getService }: FtrProviderContext) { }, columns: ['date', 'message', '_id', '_index'], }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(134); @@ -659,13 +655,13 @@ export default function ({ getService }: FtrProviderContext) { }, columns: ['name', 'power'], }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(274); @@ -743,13 +739,13 @@ export default function ({ getService }: FtrProviderContext) { }, columns: [], }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(356); @@ -809,13 +805,13 @@ export default function ({ getService }: FtrProviderContext) { }, }, }), - roleAuthc, + cookieCredentials, internalReqHeader ); - await reportingAPI.waitForJobToFinish(res.path, roleAuthc, internalReqHeader); + await reportingAPI.waitForJobToFinish(res.path, cookieCredentials, internalReqHeader); const csvFile = await reportingAPI.getCompletedJobOutput( res.path, - roleAuthc, + cookieCredentials, internalReqHeader ); expect((csvFile as string).length).to.be(4845684); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts index 62e9f4eaf8acd..ad1088ae0ebd2 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/management.ts @@ -5,74 +5,79 @@ * 2.0. */ -import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common/src/constants'; import expect from '@kbn/expect'; import { INTERNAL_ROUTES } from '@kbn/reporting-common'; -import { ReportApiJSON } from '@kbn/reporting-common/types'; -import { FtrProviderContext } from '../../../ftr_provider_context'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import type { ReportApiJSON } from '@kbn/reporting-common/types'; +import type { CookieCredentials, InternalRequestHeader } from '@kbn/ftr-common-functional-services'; +import type { FtrProviderContext } from '../../../ftr_provider_context'; const API_HEADER: [string, string] = ['kbn-xsrf', 'reporting']; -const INTERNAL_HEADER: [string, string] = [X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'Kibana']; export default ({ getService }: FtrProviderContext) => { - const log = getService('log'); + const esArchiver = getService('esArchiver'); + const kibanaServer = getService('kibanaServer'); const reportingAPI = getService('svlReportingApi'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - let adminUser: RoleCredentials; + const samlAuth = getService('samlAuth'); + let cookieCredentials: CookieCredentials; let internalReqHeader: InternalRequestHeader; + const archives = { + ecommerce: { + data: 'x-pack/test/functional/es_archives/reporting/ecommerce', + savedObjects: 'x-pack/test/functional/fixtures/kbn_archiver/reporting/ecommerce', + }, + }; + describe('Reporting Management', function () { + let reportJob: ReportApiJSON; + let path: string; + before(async () => { - adminUser = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(adminUser); - }); + cookieCredentials = await samlAuth.getM2MApiCookieCredentialsWithRoleScope('admin'); + internalReqHeader = samlAuth.getInternalRequestHeader(); - describe('Deletion', () => { - let reportJob: ReportApiJSON; + await esArchiver.load(archives.ecommerce.data); + await kibanaServer.importExport.load(archives.ecommerce.savedObjects); - const createJob = async (roleAuthc: RoleCredentials): Promise => { - log.info(`request report job with ApiKey ${adminUser.apiKey.name}`); - const { job } = await reportingAPI.createReportJobInternal( - 'csv_searchsource', - { - browserTimezone: 'UTC', - objectType: 'search', - searchSource: { - index: '5193f870-d861-11e9-a311-0fa548c5f953', - query: { language: 'kuery', query: '' }, - version: true, - }, - title: 'Ecommerce Data', - version: '8.15.0', + // generate a report that can be deleted in the test + const result = await reportingAPI.createReportJobInternal( + 'csv_searchsource', + { + browserTimezone: 'UTC', + objectType: 'search', + searchSource: { + index: '5193f870-d861-11e9-a311-0fa548c5f953', + query: { language: 'kuery', query: '' }, + version: true, }, - roleAuthc, - internalReqHeader - ); - log.info(`created report job ${job.id} with ApiKey ${adminUser.apiKey.name}`); - return job; - }; + title: 'Ecommerce Data', + version: '8.15.0', + }, + cookieCredentials, + internalReqHeader + ); - before(async () => { - reportJob = await createJob(adminUser); - }); + path = result.path; + reportJob = result.job; + + await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader); + }); + + after(async () => { + await esArchiver.unload(archives.ecommerce.data); + await kibanaServer.importExport.unload(archives.ecommerce.savedObjects); + }); - it(`user can delete a report they've created`, async () => { - // for this test, we don't need to wait for the job to finish or verify the result - const response = await supertestWithoutAuth - .delete(`${INTERNAL_ROUTES.JOBS.DELETE_PREFIX}/${reportJob.id}`) - .set(...API_HEADER) - .set(...INTERNAL_HEADER) - .set(adminUser.apiKeyHeader); + it(`user can delete a report they've created`, async () => { + const response = await supertestWithoutAuth + .delete(`${INTERNAL_ROUTES.JOBS.DELETE_PREFIX}/${reportJob.id}`) + .set(...API_HEADER) + .set(internalReqHeader) + .set(cookieCredentials); - expect(response.status).to.be(200); - expect(response.body).to.eql({ deleted: true }); - }); + expect(response.status).to.be(200); + expect(response.body).to.eql({ deleted: true }); }); }); }; diff --git a/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts b/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts index 2ea17190ee868..35a1d1ec1872f 100644 --- a/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts +++ b/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts @@ -8,10 +8,11 @@ import { DISCOVER_APP_LOCATOR } from '@kbn/discover-plugin/common'; import { CSV_REPORT_TYPE_V2, - JobParamsCsvFromSavedObject, + type JobParamsCsvFromSavedObject, } from '@kbn/reporting-export-types-csv-common'; -import { FtrProviderContext } from '../../../ftr_provider_context'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import type { CookieCredentials, InternalRequestHeader } from '@kbn/ftr-common-functional-services'; +import { ReportApiJSON } from '@kbn/reporting-common/types'; +import type { FtrProviderContext } from '../../../ftr_provider_context'; export default ({ getPageObjects, getService }: FtrProviderContext) => { const kibanaServer = getService('kibanaServer'); @@ -20,10 +21,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { const retry = getService('retry'); const PageObjects = getPageObjects(['common', 'svlCommonPage', 'header']); const reportingAPI = getService('svlReportingApi'); - const svlUserManager = getService('svlUserManager'); - const svlCommonApi = getService('svlCommonApi'); - let roleAuthc: RoleCredentials; - let roleName: string; + const samlAuth = getService('samlAuth'); + let cookieCredentials: CookieCredentials; let internalReqHeader: InternalRequestHeader; const navigateToReportingManagement = async () => { @@ -39,6 +38,10 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { describe('Reporting Management app', function () { // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.reporting-2020.04.19], this action is granted by the index privileges [create_index,manage,all] this.tags('failsOnMKI'); + + let reportJob: ReportApiJSON; + let path: string; + const savedObjectsArchive = 'test/functional/fixtures/kbn_archiver/discover'; const job: JobParamsCsvFromSavedObject = { @@ -57,31 +60,31 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { // Kibana CI and MKI use different users before('initialize saved object archive', async () => { - roleName = 'admin'; - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope(roleName); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); + cookieCredentials = await samlAuth.getM2MApiCookieCredentialsWithRoleScope('admin'); + internalReqHeader = samlAuth.getInternalRequestHeader(); // add test saved search object await kibanaServer.importExport.load(savedObjectsArchive); + + // generate a report that can be tested to show in the listing + const result = await reportingAPI.createReportJobInternal( + CSV_REPORT_TYPE_V2, + job, + cookieCredentials, + internalReqHeader + ); + + path = result.path; + reportJob = result.job; }); after('clean up archives', async () => { await kibanaServer.importExport.unload(savedObjectsArchive); - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader); }); it(`user sees a job they've created`, async () => { - const { - job: { id: jobId }, - } = await reportingAPI.createReportJobInternal( - CSV_REPORT_TYPE_V2, - job, - roleAuthc, - internalReqHeader - ); - await navigateToReportingManagement(); - await testSubjects.existOrFail(`viewReportingLink-${jobId}`); + await testSubjects.existOrFail(`viewReportingLink-${reportJob.id}`); }); }); }; diff --git a/x-pack/test_serverless/shared/services/svl_reporting.ts b/x-pack/test_serverless/shared/services/svl_reporting.ts index f056543e72e23..305b308658887 100644 --- a/x-pack/test_serverless/shared/services/svl_reporting.ts +++ b/x-pack/test_serverless/shared/services/svl_reporting.ts @@ -5,18 +5,17 @@ * 2.0. */ -import expect from '@kbn/expect'; import { INTERNAL_ROUTES } from '@kbn/reporting-common'; import type { ReportingJobResponse } from '@kbn/reporting-plugin/server/types'; import rison from '@kbn/rison'; +import { CookieCredentials } from '@kbn/ftr-common-functional-services'; import { FtrProviderContext } from '../../functional/ftr_provider_context'; -import { RoleCredentials } from '.'; import { InternalRequestHeader } from '.'; const API_HEADER: [string, string] = ['kbn-xsrf', 'reporting']; /** - * Services to create roles and users for security testing + * Services to handle report job lifecycle phases for tests */ export function SvlReportingServiceProvider({ getService }: FtrProviderContext) { const log = getService('log'); @@ -31,32 +30,34 @@ export function SvlReportingServiceProvider({ getService }: FtrProviderContext) async createReportJobInternal( jobType: string, job: object, - roleAuthc: RoleCredentials, + cookieCredentials: CookieCredentials, internalReqHeader: InternalRequestHeader ) { const requestPath = `${INTERNAL_ROUTES.GENERATE_PREFIX}/${jobType}`; log.debug(`POST request to ${requestPath}`); - const { status, body } = await supertestWithoutAuth + const { body }: { status: number; body: ReportingJobResponse } = await supertestWithoutAuth .post(requestPath) .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) - .send({ jobParams: rison.encode(job) }); + .set(cookieCredentials) + .send({ jobParams: rison.encode(job) }) + .expect(200); - expect(status).to.be(200); + log.info(`ReportingAPI.createReportJobInternal created report job` + ` ${body.job.id}`); return { - job: (body as ReportingJobResponse).job, - path: (body as ReportingJobResponse).path, + job: body.job, + path: body.path, }; }, /* - * This function is only used in the API tests + * If a test requests a report, it must wait for the job to finish before deleting the report. + * Otherwise, report task success metrics will be affected. */ async waitForJobToFinish( downloadReportPath: string, - roleAuthc: RoleCredentials, + cookieCredentials: CookieCredentials, internalReqHeader: InternalRequestHeader, options?: { timeout?: number } ) { @@ -69,7 +70,7 @@ export function SvlReportingServiceProvider({ getService }: FtrProviderContext) .responseType('blob') .set(...API_HEADER) .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + .set(cookieCredentials); if (response.status === 500) { throw new Error(`Report at path ${downloadReportPath} has failed`); @@ -101,13 +102,13 @@ export function SvlReportingServiceProvider({ getService }: FtrProviderContext) */ async getCompletedJobOutput( downloadReportPath: string, - roleAuthc: RoleCredentials, + cookieCredentials: CookieCredentials, internalReqHeader: InternalRequestHeader ) { const response = await supertestWithoutAuth .get(`${downloadReportPath}?elasticInternalOrigin=true`) .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + .set(cookieCredentials); return response.text as unknown; }, @@ -116,14 +117,14 @@ export function SvlReportingServiceProvider({ getService }: FtrProviderContext) */ async deleteReport( reportId: string, - roleAuthc: RoleCredentials, + cookieCredentials: CookieCredentials, internalReqHeader: InternalRequestHeader ) { log.debug(`ReportingAPI.deleteReport ${INTERNAL_ROUTES.JOBS.DELETE_PREFIX}/${reportId}`); const response = await supertestWithoutAuth .delete(INTERNAL_ROUTES.JOBS.DELETE_PREFIX + `/${reportId}`) .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) + .set(cookieCredentials) .set('kbn-xsrf', 'xxx') .expect(200); return response.text as unknown; From db0a898f2d9fc6b57d7c683a978c86a52e16bdc0 Mon Sep 17 00:00:00 2001 From: Milosz Marcinkowski <38698566+miloszmarcinkowski@users.noreply.github.com> Date: Thu, 24 Oct 2024 15:59:47 +0200 Subject: [PATCH 41/99] [APM] Set explicit access options for APM public APIs (#197435) ## Summary Closes #192473 Part of #186781 Set explicit `access` option to `public` for APM public APIs. List of affected APIs: ``` POST /api/apm/agent_keys 2023-10-31 GET /api/apm/services/{serviceName}/annotation/search 2023-10-31 POST /api/apm/services/{serviceName}/annotation 2023-10-31 GET /api/apm/settings/agent-configuration 2023-10-31 DELETE /api/apm/settings/agent-configuration 2023-10-31 PUT /api/apm/settings/agent-configuration 2023-10-31 POST /api/apm/settings/agent-configuration/search 2023-10-31 GET /api/apm/sourcemaps 2023-10-31 POST /api/apm/sourcemaps 2023-10-31 DELETE /api/apm/sourcemaps/{id} 2023-10-31 GET /api/apm/settings/agent-configuration/view 2023-10-31 GET /api/apm/settings/agent-configuration/environments 2023-10-31 GET /api/apm/settings/agent-configuration/agent_name 2023-10-31 POST /api/apm/fleet/apm_server_schema 2023-10-31 ``` --- .../apm/server/routes/agent_keys/route.ts | 5 ++++- .../apm/server/routes/fleet/route.ts | 2 +- .../apm/server/routes/services/route.ts | 3 ++- .../routes/settings/agent_configuration/route.ts | 12 +++++++----- .../apm/server/routes/source_maps/route.ts | 5 +++-- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/route.ts index d8c2cd70768c4..a296b7f8be284 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/route.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/route.ts @@ -91,7 +91,10 @@ const invalidateAgentKeyRoute = createApmServerRoute({ const createAgentKeyRoute = createApmServerRoute({ endpoint: 'POST /api/apm/agent_keys 2023-10-31', - options: { tags: ['access:apm', 'access:apm_settings_write', 'oas-tag:APM agent keys'] }, + options: { + tags: ['access:apm', 'access:apm_settings_write', 'oas-tag:APM agent keys'], + access: 'public', + }, params: t.type({ body: t.type({ name: t.string, diff --git a/x-pack/plugins/observability_solution/apm/server/routes/fleet/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/fleet/route.ts index 05b74b3fc9c42..1355460cc1836 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/fleet/route.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/fleet/route.ts @@ -65,7 +65,7 @@ const fleetAgentsRoute = createApmServerRoute({ const saveApmServerSchemaRoute = createApmServerRoute({ endpoint: 'POST /api/apm/fleet/apm_server_schema 2023-10-31', - options: { tags: ['access:apm', 'access:apm_write'] }, + options: { tags: ['access:apm', 'access:apm_write'], access: 'public' }, params: t.type({ body: t.type({ schema: t.record(t.string, t.unknown), diff --git a/x-pack/plugins/observability_solution/apm/server/routes/services/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/services/route.ts index da2a506e3ae3f..eb810fae50323 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/services/route.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/services/route.ts @@ -395,7 +395,7 @@ const serviceAnnotationsRoute = createApmServerRoute({ }), query: t.intersection([environmentRt, rangeRt]), }), - options: { tags: ['access:apm', 'oas-tag:APM annotations'] }, + options: { tags: ['access:apm', 'oas-tag:APM annotations'], access: 'public' }, handler: async (resources): Promise => { const apmEventClient = await getApmEventClient(resources); const { params, plugins, context, request, logger, config } = resources; @@ -440,6 +440,7 @@ const serviceAnnotationsCreateRoute = createApmServerRoute({ endpoint: 'POST /api/apm/services/{serviceName}/annotation 2023-10-31', options: { tags: ['access:apm', 'access:apm_write', 'oas-tag:APM annotations'], + access: 'public', }, params: t.type({ path: t.type({ diff --git a/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts index aaf8fb2c48681..bc8109dfa2808 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts @@ -39,7 +39,7 @@ function throwNotFoundIfAgentConfigNotAvailable(featureFlags: ApmFeatureFlags): // get list of configurations const agentConfigurationRoute = createApmServerRoute({ endpoint: 'GET /api/apm/settings/agent-configuration 2023-10-31', - options: { tags: ['access:apm'] }, + options: { tags: ['access:apm'], access: 'public' }, handler: async ( resources ): Promise<{ @@ -68,7 +68,7 @@ const getSingleAgentConfigurationRoute = createApmServerRoute({ params: t.partial({ query: serviceRt, }), - options: { tags: ['access:apm'] }, + options: { tags: ['access:apm'], access: 'public' }, handler: async (resources): Promise => { throwNotFoundIfAgentConfigNotAvailable(resources.featureFlags); @@ -100,6 +100,7 @@ const deleteAgentConfigurationRoute = createApmServerRoute({ endpoint: 'DELETE /api/apm/settings/agent-configuration 2023-10-31', options: { tags: ['access:apm', 'access:apm_settings_write'], + access: 'public', }, params: t.type({ body: t.type({ @@ -156,6 +157,7 @@ const createOrUpdateAgentConfigurationRoute = createApmServerRoute({ endpoint: 'PUT /api/apm/settings/agent-configuration 2023-10-31', options: { tags: ['access:apm', 'access:apm_settings_write'], + access: 'public', }, params: t.intersection([ t.partial({ query: t.partial({ overwrite: toBooleanRt }) }), @@ -224,7 +226,7 @@ const agentConfigurationSearchRoute = createApmServerRoute({ params: t.type({ body: searchParamsRt, }), - options: { tags: ['access:apm'], disableTelemetry: true }, + options: { tags: ['access:apm'], disableTelemetry: true, access: 'public' }, handler: async ( resources ): Promise | null> => { @@ -286,7 +288,7 @@ const listAgentConfigurationEnvironmentsRoute = createApmServerRoute({ params: t.partial({ query: t.partial({ serviceName: t.string }), }), - options: { tags: ['access:apm'] }, + options: { tags: ['access:apm'], access: 'public' }, handler: async ( resources ): Promise<{ @@ -327,7 +329,7 @@ const agentConfigurationAgentNameRoute = createApmServerRoute({ params: t.type({ query: t.type({ serviceName: t.string }), }), - options: { tags: ['access:apm'] }, + options: { tags: ['access:apm'], access: 'public' }, handler: async (resources): Promise<{ agentName: string | undefined }> => { throwNotFoundIfAgentConfigNotAvailable(resources.featureFlags); diff --git a/x-pack/plugins/observability_solution/apm/server/routes/source_maps/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/source_maps/route.ts index bc92c06416204..f1f7f3def93ab 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/source_maps/route.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/source_maps/route.ts @@ -49,7 +49,7 @@ function throwNotImplementedIfSourceMapNotAvailable(featureFlags: ApmFeatureFlag const listSourceMapRoute = createApmServerRoute({ endpoint: 'GET /api/apm/sourcemaps 2023-10-31', - options: { tags: ['access:apm'] }, + options: { tags: ['access:apm'], access: 'public' }, params: t.partial({ query: t.partial({ page: toNumberRt, @@ -87,6 +87,7 @@ const uploadSourceMapRoute = createApmServerRoute({ options: { tags: ['access:apm', 'access:apm_write'], body: { accepts: ['multipart/form-data'] }, + access: 'public', }, params: t.type({ body: t.type({ @@ -159,7 +160,7 @@ const uploadSourceMapRoute = createApmServerRoute({ const deleteSourceMapRoute = createApmServerRoute({ endpoint: 'DELETE /api/apm/sourcemaps/{id} 2023-10-31', - options: { tags: ['access:apm', 'access:apm_write'] }, + options: { tags: ['access:apm', 'access:apm_write'], access: 'public' }, params: t.type({ path: t.type({ id: t.string, From a1a5db933bbd7b9d3a5da4ead05fae97dad392f4 Mon Sep 17 00:00:00 2001 From: Jared Burgett <147995946+jaredburgettelastic@users.noreply.github.com> Date: Thu, 24 Oct 2024 09:01:04 -0500 Subject: [PATCH 42/99] Security entity store host os fields (#197326) ## Summary Adds the `host.os.name` and `host.os.type` ECS fields to Security's entity store definition. These fields, much like other `host.*` fields, are collected up to a maximum number of 10 distinct values. --------- Co-authored-by: Elastic Machine --- .../entity_types/host.ts | 2 ++ .../get_united_definition.test.ts | 32 +++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts index e8d812d73ff27..db9266997743e 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts @@ -18,6 +18,8 @@ export const getHostUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLen collect({ field: 'host.domain' }), collect({ field: 'host.hostname' }), collect({ field: 'host.id' }), + collect({ field: 'host.os.name' }), + collect({ field: 'host.os.type' }), collect({ field: 'host.ip', mapping: { diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts index 81a381bc91873..d9c54e1fcd288 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts @@ -59,6 +59,12 @@ describe('getUnitedEntityDefinition', () => { "host.name": Object { "type": "keyword", }, + "host.os.name": Object { + "type": "keyword", + }, + "host.os.type": Object { + "type": "keyword", + }, "host.risk.calculated_level": Object { "type": "keyword", }, @@ -95,6 +101,16 @@ describe('getUnitedEntityDefinition', () => { "maxLength": 10, "operation": "collect_values", }, + Object { + "field": "host.os.name", + "maxLength": 10, + "operation": "collect_values", + }, + Object { + "field": "host.os.type", + "maxLength": 10, + "operation": "collect_values", + }, Object { "field": "host.ip", "maxLength": 10, @@ -184,6 +200,22 @@ describe('getUnitedEntityDefinition', () => { "destination": "host.id", "source": "host.id", }, + Object { + "aggregation": Object { + "limit": 10, + "type": "terms", + }, + "destination": "host.os.name", + "source": "host.os.name", + }, + Object { + "aggregation": Object { + "limit": 10, + "type": "terms", + }, + "destination": "host.os.type", + "source": "host.os.type", + }, Object { "aggregation": Object { "limit": 10, From 909879bd4e3c1ee202aef2ea9bbd9d47fbc7ef70 Mon Sep 17 00:00:00 2001 From: christineweng <18648970+christineweng@users.noreply.github.com> Date: Thu, 24 Oct 2024 09:03:38 -0500 Subject: [PATCH 43/99] [Security Solution] Add visualization in flyout advanced setting in serverless (#196211) ## Summary This PR adds `securitySolution:enableVisualizationsInFlyout` setting in serverless, which allow users to enable the visualizations (analyzer, session view) in alert flyout experience. --- packages/serverless/settings/security_project/index.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/serverless/settings/security_project/index.ts b/packages/serverless/settings/security_project/index.ts index 0fd820640bb98..daa11da3af312 100644 --- a/packages/serverless/settings/security_project/index.ts +++ b/packages/serverless/settings/security_project/index.ts @@ -23,4 +23,5 @@ export const SECURITY_PROJECT_SETTINGS = [ settings.SECURITY_SOLUTION_NEWS_FEED_URL_ID, settings.SECURITY_SOLUTION_ENABLE_NEWS_FEED_ID, settings.SECURITY_SOLUTION_DEFAULT_ALERT_TAGS_KEY, + settings.SECURITY_SOLUTION_ENABLE_VISUALIZATIONS_IN_FLYOUT_SETTING, ]; From 7a8d813a9ccb3dcb3aa8c7524f2e07f8d0ce5781 Mon Sep 17 00:00:00 2001 From: Pablo Machado Date: Thu, 24 Oct 2024 16:04:13 +0200 Subject: [PATCH 44/99] [SecuritySolution] Fix entities list initial sorting (#197465) ## Summary The entity list initial sorting wasn't working because it referenced an old field. --- .../components/entity_store/entities_list.tsx | 2 +- .../entity_store/routes/entities/list.ts | 2 +- .../security_solution/entity_store/data.json | 32 ++- .../entity_store/mappings.json | 187 ++++++++++-------- 4 files changed, 121 insertions(+), 102 deletions(-) diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx index 67276e53795ca..aa03e41c553cb 100644 --- a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx +++ b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx @@ -34,7 +34,7 @@ export const EntitiesList: React.FC = () => { const [limit, setLimit] = useState(10); const { toggleStatus } = useQueryToggle(ENTITIES_LIST_TABLE_ID); const [sorting, setSorting] = useState({ - field: 'entity.last_seen_timestamp', + field: '@timestamp', direction: Direction.desc, }); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts index c702eaf2ab676..3eefcb7de5752 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts @@ -53,7 +53,7 @@ export const listEntitiesRoute = (router: EntityAnalyticsRoutesDeps['router'], l const { page = 1, per_page: perPage = 10, - sort_field: sortField = 'entity.last_seen_timestamp', + sort_field: sortField = '@timestamp', sort_order: sortOrder = 'desc', entities_types: entityTypes, filterQuery, diff --git a/x-pack/test/functional/es_archives/security_solution/entity_store/data.json b/x-pack/test/functional/es_archives/security_solution/entity_store/data.json index 529aa6020dce7..4f55a18acfd36 100644 --- a/x-pack/test/functional/es_archives/security_solution/entity_store/data.json +++ b/x-pack/test/functional/es_archives/security_solution/entity_store/data.json @@ -4,6 +4,7 @@ "id": "a4cf452c1e0375c3d4412cb550ad1783358468a3b3b777da4829d72c7d6fb74f", "index": ".entities.v1.latest.security_user_default", "source": { + "@timestamp": "2024-09-11T11:24:15.588Z", "event": { "ingested": "2024-09-11T11:26:49.706875Z" }, @@ -17,16 +18,10 @@ "hash": [] }, "entity": { - "last_seen_timestamp": "2024-09-11T11:24:15.588Z", - "schema_version": "v1", - "definition_version": "1.0.0", - "display_name": "hinamatsumoto", - "identity_fields": [ - "user.name" - ], - "id": "LBQAgKHGmpup0Kg9nlKmeQ==", - "type": "node", - "definition_id": "security_user_default" + "name": "hinamatsumoto", + "id": "hinamatsumoto", + "type": "user", + "source": ".ds-logs-endpoint.alerts-default-2024.10.23-000001" } } } @@ -38,6 +33,7 @@ "id": "a2cf452c1e0375c3d4412cb550bd1783358468a3b3b777da4829d72c7d6fb71f", "index": ".entities.v1.latest.security_host_default", "source": { + "@timestamp": "2024-09-11T11:24:15.591Z", "event": { "ingested": "2024-09-11T11:26:49.641707Z" }, @@ -67,17 +63,11 @@ ] }, "entity": { - "last_seen_timestamp": "2024-09-11T11:24:15.591Z", - "schema_version": "v1", - "definition_version": "1.0.0", - "display_name": "ali-ubuntu-server", - "identity_fields": [ - "host.name" - ], - "id": "ZXKm6GEcUJY6NHkMgPPmGQ==", - "type": "node", - "definition_id": "security_host_default" + "name": "ali-ubuntu-server", + "id": "ali-ubuntu-server", + "type": "host", + "source": ".ds-logs-endpoint.events.process-default-2024.10.23-000001" } } } -} +} \ No newline at end of file diff --git a/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json b/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json index 641f825896ffd..364ced91dc0b6 100644 --- a/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json +++ b/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json @@ -33,17 +33,27 @@ } ], "properties": { + "@timestamp": { + "type": "date" + }, + "asset": { + "properties": { + "criticality": { + "type": "keyword" + } + } + }, "entity": { "properties": { - "definition_id": { + "definitionId": { "type": "keyword", "ignore_above": 1024 }, - "definition_version": { + "definitionVersion": { "type": "keyword", "ignore_above": 1024 }, - "display_name": { + "displayName": { "type": "text", "fields": { "keyword": { @@ -52,20 +62,34 @@ } } }, + "firstSeenTimestamp": { + "type": "date" + }, "id": { "type": "keyword", "ignore_above": 1024 }, - "identity_fields": { + "identityFields": { "type": "keyword" }, - "last_seen_timestamp": { + "lastSeenTimestamp": { "type": "date" }, - "schema_version": { + "name": { + "type": "text", + "fields": { + "text": { + "type": "keyword" + } + } + }, + "schemaVersion": { "type": "keyword", "ignore_above": 1024 }, + "source": { + "type": "keyword" + }, "type": { "type": "keyword", "ignore_above": 1024 @@ -82,58 +106,41 @@ "host": { "properties": { "architecture": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" + }, + "domain": { + "type": "keyword" }, "hostname": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "id": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "ip": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "ip" }, "mac": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "name": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" + "type": "keyword" + }, + "risk": { + "properties": { + "calculated_level": { + "type": "keyword" + }, + "calculated_score": { + "type": "float" + }, + "calculated_score_norm": { + "type": "float" } } + }, + "type": { + "type": "keyword" } } }, @@ -191,17 +198,27 @@ } ], "properties": { + "@timestamp": { + "type": "date" + }, + "asset": { + "properties": { + "criticality": { + "type": "keyword" + } + } + }, "entity": { "properties": { - "definition_id": { + "definitionId": { "type": "keyword", "ignore_above": 1024 }, - "definition_version": { + "definitionVersion": { "type": "keyword", "ignore_above": 1024 }, - "display_name": { + "displayName": { "type": "text", "fields": { "keyword": { @@ -210,20 +227,34 @@ } } }, + "firstSeenTimestamp": { + "type": "date" + }, "id": { "type": "keyword", "ignore_above": 1024 }, - "identity_fields": { + "identityFields": { "type": "keyword" }, - "last_seen_timestamp": { + "lastSeenTimestamp": { "type": "date" }, - "schema_version": { + "name": { + "type": "text", + "fields": { + "text": { + "type": "keyword" + } + } + }, + "schemaVersion": { "type": "keyword", "ignore_above": 1024 }, + "source": { + "type": "keyword" + }, "type": { "type": "keyword", "ignore_above": 1024 @@ -247,40 +278,38 @@ "user": { "properties": { "domain": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "email": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" + }, + "full_name": { + "type": "keyword" + }, + "hash": { + "type": "keyword" }, "id": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "name": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" + "type": "keyword" + }, + "risk": { + "properties": { + "calculated_level": { + "type": "keyword" + }, + "calculated_score": { + "type": "float" + }, + "calculated_score_norm": { + "type": "float" } } + }, + "roles": { + "type": "keyword" } } } @@ -294,4 +323,4 @@ } } } -} +} \ No newline at end of file From f151e2ccaa55cc5e13740f49e88c323c0e1d8f6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Thu, 24 Oct 2024 16:27:08 +0200 Subject: [PATCH 45/99] [EDR Workflows] Unskip and fix flaky endpoint exceptions FTR (#197457) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary closes #173184 closes #173441 closes #196003 This PR tries to improve on the `StaleElementReferenceError` happening in Endpoint Exception tests. This error is thrown if an element has already been removed from the DOM when trying to perform an action on it. For some reference, see https://github.com/elastic/kibana/pull/140427 Improvements: - the part that was failing is wrapped inside the `retryOnStale` helper: 602f2294fddb9bee8b69ebf2fd8382e9f025d59d **note:** actually the test fails have started in December, 2023, but the line where the fail was in the last test runs were added in May, 2024 (https://github.com/elastic/kibana/pull/183471). unfortunately, the log artifacts from 2023 are already removed from Buildkite, so no certainty on what happened back then - another suspicious part was wrapped as well: ec8c5cfd94812c8e5b357e00aac8bfae93ceecf4 and e5245ad010a02527105a56973465a25feb52ec85 - and as an extra, wait for page load: 7cd867fcb9489b24e79066dce750a2381af93d7d flaky 50/50 ✅ but this doesn't mean much, as this issue happens quite rarely ¯\\(◉‿◉)/¯ ### Checklist Delete any items that are not applicable to this PR. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine --- .../apps/integrations/endpoint_exceptions.ts | 42 ++++++++++--------- .../apps/integrations/index.ts | 2 +- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/x-pack/test/security_solution_endpoint/apps/integrations/endpoint_exceptions.ts b/x-pack/test/security_solution_endpoint/apps/integrations/endpoint_exceptions.ts index 42d28132998bf..eac635ac958eb 100644 --- a/x-pack/test/security_solution_endpoint/apps/integrations/endpoint_exceptions.ts +++ b/x-pack/test/security_solution_endpoint/apps/integrations/endpoint_exceptions.ts @@ -22,6 +22,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { const endpointTestResources = getService('endpointTestResources'); const endpointArtifactTestResources = getService('endpointArtifactTestResources'); const retry = getService('retry'); + const retryOnStale = getService('retryOnStale'); const esClient = getService('es'); const supertest = getService('supertest'); const find = getService('find'); @@ -30,30 +31,17 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { const toasts = getService('toasts'); const MINUTES = 60 * 1000 * 10; - // FLAKY: https://github.com/elastic/kibana/issues/173441 - // Failing: See https://github.com/elastic/kibana/issues/173441 - describe.skip('Endpoint Exceptions', function () { + describe('Endpoint Exceptions', function () { targetTags(this, ['@ess', '@serverless']); - this.timeout(10 * MINUTES); - const clearPrefilledEntries = async () => { - const entriesContainer = await testSubjects.find('exceptionEntriesContainer'); - - let deleteButtons: WebElementWrapper[]; - do { - deleteButtons = await testSubjects.findAllDescendant( - 'builderItemEntryDeleteButton', - entriesContainer - ); - - await deleteButtons[0].click(); - } while (deleteButtons.length > 1); - }; + let clearPrefilledEntries: () => Promise; const openNewEndpointExceptionFlyout = async () => { - await testSubjects.scrollIntoView('timeline-context-menu-button'); - await testSubjects.click('timeline-context-menu-button'); + retryOnStale(async () => { + await testSubjects.scrollIntoView('timeline-context-menu-button'); + await testSubjects.click('timeline-context-menu-button'); + }); await testSubjects.click('add-endpoint-exception-menu-item'); await testSubjects.existOrFail('addExceptionFlyout'); @@ -166,10 +154,25 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }; await deleteEndpointExceptions(); + + clearPrefilledEntries = retryOnStale.wrap(async () => { + const entriesContainer = await testSubjects.find('exceptionEntriesContainer'); + + let deleteButtons: WebElementWrapper[]; + do { + deleteButtons = await testSubjects.findAllDescendant( + 'builderItemEntryDeleteButton', + entriesContainer + ); + + await deleteButtons[0].click(); + } while (deleteButtons.length > 1); + }); }); it('should add `event.module=endpoint` to entry if only wildcard operator is present', async () => { await pageObjects.common.navigateToUrlWithBrowserHistory('security', `/alerts`); + await pageObjects.header.waitUntilLoadingHasFinished(); await pageObjects.timePicker.setCommonlyUsedTime('Last_24 hours'); await openNewEndpointExceptionFlyout(); @@ -215,6 +218,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { it('should NOT add `event.module=endpoint` to entry if there is another operator', async () => { await pageObjects.common.navigateToUrlWithBrowserHistory('security', `/alerts`); + await pageObjects.header.waitUntilLoadingHasFinished(); await pageObjects.timePicker.setCommonlyUsedTime('Last_24 hours'); await openNewEndpointExceptionFlyout(); diff --git a/x-pack/test/security_solution_endpoint/apps/integrations/index.ts b/x-pack/test/security_solution_endpoint/apps/integrations/index.ts index 7bf73a60499d2..037ee3d60ec3e 100644 --- a/x-pack/test/security_solution_endpoint/apps/integrations/index.ts +++ b/x-pack/test/security_solution_endpoint/apps/integrations/index.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../configs/ftr_provider_context'; export default function (providerContext: FtrProviderContext) { const { loadTestFile, getService, getPageObjects } = providerContext; - describe('endpoint', function () { + describe('integrations', function () { const ingestManager = getService('ingestManager'); const log = getService('log'); const endpointTestResources = getService('endpointTestResources'); From 42de8c858995b190f35858b2798f7ea4dfcb2439 Mon Sep 17 00:00:00 2001 From: Irene Blanco Date: Thu, 24 Oct 2024 16:34:55 +0200 Subject: [PATCH 46/99] [APM]Refactor ServiceTabEmptyState to use AddDataPanel (#197578) ## Summary Closes https://github.com/elastic/kibana/issues/195876 This PR refactors the ServiceTabEmptyState component to use the newly created generic AddDataPanel component, which was derived from it. The functionality remains the same. ### Tabs |Light|Dark| |-|-| |![callout_light](https://github.com/user-attachments/assets/46c7d14b-c4f4-44e4-a753-099abec378e4)|![callout_dark](https://github.com/user-attachments/assets/298386bf-eb76-4b23-9952-df6576032f86)| ### Actions ![callout_actions](https://github.com/user-attachments/assets/08c4364c-c3cb-45af-b02e-5012cbf86536) ### Dismiss ![callout_dismissable](https://github.com/user-attachments/assets/a0276001-98a9-47b3-83c9-aaa0685c7418) --- .../components/app/service_overview/index.tsx | 2 +- .../app/service_tab_empty_state/constants.ts | 229 ++++++++++++------ .../app/service_tab_empty_state/index.tsx | 162 +++---------- .../entities_inventory_callout.tsx | 6 +- .../templates/apm_main_template/index.tsx | 2 +- .../add_metrics_callout/index.tsx | 2 +- .../add_data_panel/add_data_panel.stories.tsx | 4 +- .../components/add_data_panel/index.tsx | 8 +- 8 files changed, 196 insertions(+), 219 deletions(-) diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx index 0df6e9e1ebae0..98deba4f85a80 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx @@ -97,7 +97,7 @@ export function ServiceOverview() { setDismissedLogsOnlyEmptyState(true)} + onDismiss={() => setDismissedLogsOnlyEmptyState(true)} /> )} diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/constants.ts b/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/constants.ts index 8551745238e43..312ed042bb8de 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/constants.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/constants.ts @@ -5,9 +5,12 @@ * 2.0. */ +import type { ObservabilityOnboardingLocatorParams } from '@kbn/deeplinks-observability'; import { i18n } from '@kbn/i18n'; +import type { AddDataPanelProps } from '@kbn/observability-shared-plugin/public'; +import type { LocatorPublic } from '@kbn/share-plugin/common'; -export type EmptyStateKey = +export type AddAPMCalloutKeys = | 'serviceOverview' | 'serviceDependencies' | 'infraOverview' @@ -16,80 +19,154 @@ export type EmptyStateKey = | 'metrics' | 'errorGroupOverview'; -interface EmptyStateContent { - title: string; - content: string; - imgName?: string; -} +const defaultActions = ( + locator: LocatorPublic | undefined +) => { + return { + actions: { + primary: { + href: locator?.getRedirectUrl({ category: 'application' }), + label: i18n.translate('xpack.apm.serviceTabEmptyState.defaultPrimaryActionLabel', { + defaultMessage: 'Add APM', + }), + }, + secondary: { + href: 'https://ela.st/demo-apm-try-it', + }, + link: { + href: 'https://www.elastic.co/observability/application-performance-monitoring', + }, + }, + }; +}; -export const emptyStateDefinitions: Record = { - serviceOverview: { - title: i18n.translate('xpack.apm.serviceTabEmptyState.overviewTitle', { - defaultMessage: 'Detect and resolve issues faster with deep visibility into your application', - }), - content: i18n.translate('xpack.apm.serviceTabEmptyState.overviewContent', { - defaultMessage: - 'Understanding your application performance, relationships and dependencies by instrumenting with APM.', - }), - }, - serviceDependencies: { - title: i18n.translate('xpack.apm.serviceTabEmptyState.dependenciesTitle', { - defaultMessage: 'Understand the dependencies for your service', - }), - content: i18n.translate('xpack.apm.serviceTabEmptyState.dependenciesContent', { - defaultMessage: - "See your service's dependencies on both internal and third-party services by instrumenting with APM.", - }), - imgName: 'service_tab_empty_state_dependencies.png', - }, - infraOverview: { - title: i18n.translate('xpack.apm.serviceTabEmptyState.infrastructureTitle', { - defaultMessage: 'Understand what your service is running on', - }), - content: i18n.translate('xpack.apm.serviceTabEmptyState.infrastructureContent', { - defaultMessage: - 'Troubleshoot service problems by seeing the infrastructure your service is running on.', - }), - imgName: 'service_tab_empty_state_infrastructure.png', - }, - serviceMap: { - title: i18n.translate('xpack.apm.serviceTabEmptyState.serviceMapTitle', { - defaultMessage: 'Visualise the dependencies between your services', - }), - content: i18n.translate('xpack.apm.serviceTabEmptyState.serviceMapContent', { - defaultMessage: - 'See your services dependencies at a glance to help identify dependencies that may be affecting your service.', - }), - imgName: 'service_tab_empty_state_service_map.png', - }, - transactionOverview: { - title: i18n.translate('xpack.apm.serviceTabEmptyState.transactionsTitle', { - defaultMessage: 'Troubleshoot latency, throughput and errors', - }), - content: i18n.translate('xpack.apm.serviceTabEmptyState.transactionsContent', { - defaultMessage: - "Troubleshoot your service's performance by analysing latency, throughput and errors down to the specific transaction.", - }), - imgName: 'service_tab_empty_state_transactions.png', - }, - metrics: { - title: i18n.translate('xpack.apm.serviceTabEmptyState.metricsTitle', { - defaultMessage: 'View core metrics for your application', - }), - content: i18n.translate('xpack.apm.serviceTabEmptyState.metricsContent', { - defaultMessage: - 'View metric trends for the instances of your service to identify performance bottlenecks that could be affecting your users.', - }), - imgName: 'service_tab_empty_state_metrics.png', - }, - errorGroupOverview: { - title: i18n.translate('xpack.apm.serviceTabEmptyState.errorGroupOverviewTitle', { - defaultMessage: 'Identify transaction errors with your applications', - }), - content: i18n.translate('xpack.apm.serviceTabEmptyState.errorGroupOverviewContent', { - defaultMessage: - 'Analyse errors down to the specific transaction to pin-point specific errors within your service.', - }), - imgName: 'service_tab_empty_state_errors.png', - }, +export const addAPMCalloutDefinitions = ( + baseFolderPath: string, + locator: LocatorPublic | undefined +): Record< + AddAPMCalloutKeys, + Omit +> => { + return { + serviceOverview: { + content: { + title: i18n.translate('xpack.apm.serviceTabEmptyState.overviewTitle', { + defaultMessage: + 'Detect and resolve issues faster with deep visibility into your application', + }), + content: i18n.translate('xpack.apm.serviceTabEmptyState.overviewContent', { + defaultMessage: + 'Understanding your application performance, relationships and dependencies by instrumenting with APM.', + }), + img: { + name: 'service_tab_empty_state_overview.png', + baseFolderPath, + position: 'inside', + }, + }, + ...defaultActions(locator), + }, + serviceDependencies: { + content: { + title: i18n.translate('xpack.apm.serviceTabEmptyState.dependenciesTitle', { + defaultMessage: 'Understand the dependencies for your service', + }), + content: i18n.translate('xpack.apm.serviceTabEmptyState.dependenciesContent', { + defaultMessage: + "See your service's dependencies on both internal and third-party services by instrumenting with APM.", + }), + img: { + name: 'service_tab_empty_state_dependencies.png', + baseFolderPath, + position: 'below', + }, + }, + ...defaultActions(locator), + }, + infraOverview: { + content: { + title: i18n.translate('xpack.apm.serviceTabEmptyState.infrastructureTitle', { + defaultMessage: 'Understand what your service is running on', + }), + content: i18n.translate('xpack.apm.serviceTabEmptyState.infrastructureContent', { + defaultMessage: + 'Troubleshoot service problems by seeing the infrastructure your service is running on.', + }), + img: { + name: 'service_tab_empty_state_infrastructure.png', + baseFolderPath, + position: 'below', + }, + }, + ...defaultActions(locator), + }, + serviceMap: { + content: { + title: i18n.translate('xpack.apm.serviceTabEmptyState.serviceMapTitle', { + defaultMessage: 'Visualise the dependencies between your services', + }), + content: i18n.translate('xpack.apm.serviceTabEmptyState.serviceMapContent', { + defaultMessage: + 'See your services dependencies at a glance to help identify dependencies that may be affecting your service.', + }), + img: { + name: 'service_tab_empty_state_service_map.png', + baseFolderPath, + position: 'below', + }, + }, + ...defaultActions(locator), + }, + transactionOverview: { + content: { + title: i18n.translate('xpack.apm.serviceTabEmptyState.transactionsTitle', { + defaultMessage: 'Troubleshoot latency, throughput and errors', + }), + content: i18n.translate('xpack.apm.serviceTabEmptyState.transactionsContent', { + defaultMessage: + "Troubleshoot your service's performance by analysing latency, throughput and errors down to the specific transaction.", + }), + img: { + name: 'service_tab_empty_state_transactions.png', + baseFolderPath, + position: 'below', + }, + }, + ...defaultActions(locator), + }, + metrics: { + content: { + title: i18n.translate('xpack.apm.serviceTabEmptyState.metricsTitle', { + defaultMessage: 'View core metrics for your application', + }), + content: i18n.translate('xpack.apm.serviceTabEmptyState.metricsContent', { + defaultMessage: + 'View metric trends for the instances of your service to identify performance bottlenecks that could be affecting your users.', + }), + img: { + name: 'service_tab_empty_state_metrics.png', + baseFolderPath, + position: 'below', + }, + }, + ...defaultActions(locator), + }, + errorGroupOverview: { + content: { + title: i18n.translate('xpack.apm.serviceTabEmptyState.errorGroupOverviewTitle', { + defaultMessage: 'Identify transaction errors with your applications', + }), + content: i18n.translate('xpack.apm.serviceTabEmptyState.errorGroupOverviewContent', { + defaultMessage: + 'Analyse errors down to the specific transaction to pin-point specific errors within your service.', + }), + img: { + name: 'service_tab_empty_state_errors.png', + baseFolderPath, + position: 'below', + }, + }, + ...defaultActions(locator), + }, + }; }; diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/index.tsx index a8962fcc1d2f7..f6493e213cce9 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_tab_empty_state/index.tsx @@ -5,50 +5,24 @@ * 2.0. */ -/* eslint-disable @elastic/eui/href-or-on-click */ - -import { - EuiButton, - EuiButtonIcon, - EuiFlexGroup, - EuiFlexItem, - EuiImage, - EuiLink, - EuiPanel, - EuiSpacer, - EuiText, - EuiTitle, - useEuiTheme, -} from '@elastic/eui'; import React from 'react'; -import { i18n } from '@kbn/i18n'; import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { AddDataPanel } from '@kbn/observability-shared-plugin/public'; +import { + OBSERVABILITY_ONBOARDING_LOCATOR, + ObservabilityOnboardingLocatorParams, +} from '@kbn/deeplinks-observability'; +import { useApmPluginContext } from '../../../context/apm_plugin/use_apm_plugin_context'; import { EmptyStateClickParams, EntityInventoryAddDataParams } from '../../../services/telemetry'; import { ApmPluginStartDeps, ApmServices } from '../../../plugin'; -import { useApmPluginContext } from '../../../context/apm_plugin/use_apm_plugin_context'; import { useKibanaUrl } from '../../../hooks/use_kibana_url'; -import { AddApmData } from '../../shared/add_data_buttons/buttons'; -import { emptyStateDefinitions, EmptyStateKey } from './constants'; +import { addAPMCalloutDefinitions, AddAPMCalloutKeys } from './constants'; export interface ServiceTabEmptyStateProps { - id: EmptyStateKey; - onDissmiss?: () => void; + id: AddAPMCalloutKeys; + onDismiss?: () => void; } -const tryItNowButton = { - label: i18n.translate('xpack.apm.serviceTabEmptyState.tryItNowButtonLabel', { - defaultMessage: 'Try it now in our demo cluster', - }), - href: 'https://ela.st/demo-apm-try-it', -}; - -const learnMoreLink = { - label: i18n.translate('xpack.apm.serviceTabEmptyState.learnMoreLinkLabel', { - defaultMessage: 'Learn more', - }), - href: 'https://www.elastic.co/observability/application-performance-monitoring', -}; - const baseImgFolder = '/plugins/apm/assets/service_tab_empty_state'; const defaultAddDataTelemetryParams: EntityInventoryAddDataParams = { view: 'add_apm_cta', @@ -58,114 +32,40 @@ const defaultClickTelemetryParams: EmptyStateClickParams = { view: 'add_apm_cta', }; -export function ServiceTabEmptyState({ id, onDissmiss }: ServiceTabEmptyStateProps) { - const { euiTheme } = useEuiTheme(); - const { services } = useKibana(); - const { core } = useApmPluginContext(); +export function ServiceTabEmptyState({ id, onDismiss }: ServiceTabEmptyStateProps) { + const { + services: { telemetry }, + } = useKibana(); - const imgFolder = `${baseImgFolder}/${ - core.uiSettings.get('theme:darkMode') === 'enabled' ? 'dark' : 'light' - }`; - const imgName = emptyStateDefinitions[id].imgName; - const imgSrc = useKibanaUrl( - `${imgFolder}/${imgName ? imgName : 'service_tab_empty_state_overview.png'}` + const { share } = useApmPluginContext(); + + const onboardingLocator = share.url.locators.get( + OBSERVABILITY_ONBOARDING_LOCATOR ); + const imgBaseFolderPath = useKibanaUrl(baseImgFolder); + function handleAddAPMClick() { - services.telemetry.reportEntityInventoryAddData(defaultAddDataTelemetryParams); + telemetry.reportEntityInventoryAddData(defaultAddDataTelemetryParams); } function handleTryItClick() { - services.telemetry.reportTryItClick(defaultClickTelemetryParams); + telemetry.reportTryItClick(defaultClickTelemetryParams); } function handleLearnMoreClick() { - services.telemetry.reportLearnMoreClick(defaultClickTelemetryParams); + telemetry.reportLearnMoreClick(defaultClickTelemetryParams); } return ( - <> - - - - -

{emptyStateDefinitions[id].title}

- - - {emptyStateDefinitions[id].content} - - - - - - - - {tryItNowButton.label} - - - - - {learnMoreLink.label} - - - - - {!emptyStateDefinitions[id].imgName && ( - - - - )} - - {onDissmiss && ( - - )} - - - {emptyStateDefinitions[id].imgName && ( - <> - - - - )} - + ); } diff --git a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/entities_inventory_callout.tsx b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/entities_inventory_callout.tsx index 16cc93e2827f2..16eeba5e67ef4 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/entities_inventory_callout.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/entities_inventory_callout.tsx @@ -13,10 +13,10 @@ import { useKibana } from '@kbn/kibana-react-plugin/public'; import { ApmPluginStartDeps } from '../../../../plugin'; interface EntitiesInventoryCalloutProps { - onDissmiss: () => void; + onDismiss: () => void; } -export function EntitiesInventoryCallout({ onDissmiss }: EntitiesInventoryCalloutProps) { +export function EntitiesInventoryCallout({ onDismiss }: EntitiesInventoryCalloutProps) { const { services } = useKibana(); const { observabilityShared } = services; @@ -50,7 +50,7 @@ export function EntitiesInventoryCallout({ onDissmiss }: EntitiesInventoryCallou diff --git a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/index.tsx index 3f05d872f6d1f..b7fadf8c12870 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_main_template/index.tsx @@ -176,7 +176,7 @@ export function ApmMainTemplate({ {showEntitiesInventoryCallout ? ( { + onDismiss={() => { setdismissedEntitiesInventoryCallout(true); }} /> diff --git a/x-pack/plugins/observability_solution/infra/public/components/asset_details/add_metrics_callout/index.tsx b/x-pack/plugins/observability_solution/infra/public/components/asset_details/add_metrics_callout/index.tsx index c4132a1e29a3a..bd749baed7114 100644 --- a/x-pack/plugins/observability_solution/infra/public/components/asset_details/add_metrics_callout/index.tsx +++ b/x-pack/plugins/observability_solution/infra/public/components/asset_details/add_metrics_callout/index.tsx @@ -56,7 +56,7 @@ export function AddMetricsCallout({ id, onDismiss }: AddMetricsCalloutProps) { onAddData={handleAddMetricsClick} onTryIt={handleTryItClick} onLearnMore={handleLearnMoreClick} - onDissmiss={onDismiss && handleDismiss} + onDismiss={onDismiss && handleDismiss} /> ); } diff --git a/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/add_data_panel.stories.tsx b/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/add_data_panel.stories.tsx index 76442c0a4de0a..7915e4d010454 100644 --- a/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/add_data_panel.stories.tsx +++ b/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/add_data_panel.stories.tsx @@ -15,7 +15,7 @@ export default { }; const defaultFunctions = { - onDissmiss: () => alert('Dismissed'), + onDismiss: () => alert('Dismissed'), onAddData: () => alert('Add Data'), onTryIt: () => alert('Try It'), onLearnMore: () => alert('Learn More'), @@ -139,7 +139,7 @@ export function NotDismissable(props: ComponentProps) { NotDismissable.args = { ...defaultContent(), ...defaultFunctions, - onDissmiss: undefined, + onDismiss: undefined, actions: { primary: defaultPrimaryAction, secondary: { diff --git a/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/index.tsx b/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/index.tsx index ec6e405adcb26..f047fdb6b33d3 100644 --- a/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/index.tsx +++ b/x-pack/plugins/observability_solution/observability_shared/public/components/add_data_panel/index.tsx @@ -43,7 +43,7 @@ type AddDataPanelButtonWithLabel = Required; export interface AddDataPanelProps { content: AddDataPanelContent; - onDissmiss?: () => void; + onDismiss?: () => void; onAddData: () => void; onTryIt?: () => void; onLearnMore: () => void; @@ -72,7 +72,7 @@ const learnMoreDefaultLabel = i18n.translate( export function AddDataPanel({ content, actions, - onDissmiss, + onDismiss, onLearnMore, onTryIt, onAddData, @@ -155,7 +155,7 @@ export function AddDataPanel({ )} - {onDissmiss && ( + {onDismiss && ( )} From 48959e769cb29b02e8c49d68fb2c7f9f8c3418d0 Mon Sep 17 00:00:00 2001 From: Thom Heymann <190132+thomheymann@users.noreply.github.com> Date: Thu, 24 Oct 2024 15:43:01 +0100 Subject: [PATCH 47/99] [Observability Onboarding] Display next steps (#197179) ## Summary Display next steps after the auto-detect script completes. ## Screenshot Screenshot 2024-10-22 at 09 30 51 --- .../services/epm/package_service.mock.ts | 2 +- .../server/services/epm/package_service.ts | 13 ++-- .../public/assets/auto_detect.sh | 35 ++++++--- .../public/assets/integrations.conf | 26 +++---- .../server/routes/flow/route.ts | 72 ++++++------------- .../server/routes/types.ts | 2 +- 6 files changed, 67 insertions(+), 83 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/epm/package_service.mock.ts b/x-pack/plugins/fleet/server/services/epm/package_service.mock.ts index 39d0451687de5..eeaa80b0c9449 100644 --- a/x-pack/plugins/fleet/server/services/epm/package_service.mock.ts +++ b/x-pack/plugins/fleet/server/services/epm/package_service.mock.ts @@ -16,7 +16,7 @@ const createClientMock = (): jest.Mocked => ({ installCustomIntegration: jest.fn(), fetchFindLatestPackage: jest.fn(), readBundledPackage: jest.fn(), - getAgentPolicyInputs: jest.fn(), + getAgentPolicyConfigYAML: jest.fn(), getPackage: jest.fn(), getPackageFieldsMetadata: jest.fn(), getPackages: jest.fn(), diff --git a/x-pack/plugins/fleet/server/services/epm/package_service.ts b/x-pack/plugins/fleet/server/services/epm/package_service.ts index 1911ed14a7c80..661475dfadc09 100644 --- a/x-pack/plugins/fleet/server/services/epm/package_service.ts +++ b/x-pack/plugins/fleet/server/services/epm/package_service.ts @@ -28,7 +28,6 @@ import type { InstallablePackage, Installation, RegistryPackage, - TemplateAgentPolicyInput, } from '../../types'; import type { FleetAuthzRouteConfig } from '../security/types'; @@ -116,12 +115,12 @@ export interface PackageClient { prerelease?: false; }): Promise; - getAgentPolicyInputs( + getAgentPolicyConfigYAML( pkgName: string, pkgVersion?: string, prerelease?: false, ignoreUnverified?: boolean - ): Promise; + ): Promise; reinstallEsAssets( packageInfo: InstallablePackage, @@ -284,7 +283,7 @@ class PackageClientImpl implements PackageClient { return generatePackageInfoFromArchiveBuffer(archiveBuffer, 'application/zip'); } - public async getAgentPolicyInputs( + public async getAgentPolicyConfigYAML( pkgName: string, pkgVersion?: string, prerelease?: false, @@ -298,16 +297,14 @@ class PackageClientImpl implements PackageClient { pkgVersion = pkg.version; } - const { inputs } = await getTemplateInputs( + return getTemplateInputs( this.internalSoClient, pkgName, pkgVersion, - 'json', + 'yml', prerelease, ignoreUnverified ); - - return inputs; } public async getPackage( diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh index ebdcdeb0d81dc..c315ef483d9d6 100755 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh @@ -105,6 +105,7 @@ elastic_agent_config_path="/opt/Elastic/Agent/elastic-agent.yml" elastic_agent_tmp_config_path="/tmp/elastic-agent-config.tar" integration_names=() integration_titles=() +config_files_with_password=() OS="$(uname)" ARCH="$(uname -m)" @@ -155,7 +156,7 @@ download_elastic_agent() { curl -L -O "$download_url" --silent --fail if [ "$?" -eq 0 ]; then - printf "\e[1;32m✓\e[0m %s\n" "Elastic Agent downloaded to $(pwd)/$elastic_agent_artifact_name.tar.gz" + printf "\e[32;1m✓\e[0m %s\n" "Elastic Agent downloaded to $(pwd)/$elastic_agent_artifact_name.tar.gz" update_step_progress "ea-download" "complete" else update_step_progress "ea-download" "danger" "Failed to download Elastic Agent, see script output for error." @@ -167,7 +168,7 @@ extract_elastic_agent() { tar -xzf "${elastic_agent_artifact_name}.tar.gz" if [ "$?" -eq 0 ]; then - printf "\e[1;32m✓\e[0m %s\n" "Archive extracted" + printf "\e[32;1m✓\e[0m %s\n" "Archive extracted" update_step_progress "ea-extract" "complete" else update_step_progress "ea-extract" "danger" "Failed to extract Elastic Agent, see script output for error." @@ -179,7 +180,7 @@ install_elastic_agent() { "./${elastic_agent_artifact_name}/elastic-agent" install -f -n >/dev/null if [ "$?" -eq 0 ]; then - printf "\e[1;32m✓\e[0m %s\n" "Elastic Agent installed to $(dirname "$elastic_agent_config_path")" + printf "\e[32;1m✓\e[0m %s\n" "Elastic Agent installed to $(dirname "$elastic_agent_config_path")" update_step_progress "ea-install" "complete" else update_step_progress "ea-install" "danger" "Failed to install Elastic Agent, see script output for error." @@ -224,7 +225,7 @@ ensure_elastic_agent_healthy() { backup_elastic_agent_config() { if [ -f "$elastic_agent_config_path" ]; then - echo -e "\nExisting config found at $elastic_agent_config_path" + printf "\n%s \e[36m%s\e[0m\n" "Existing config found at" "$elastic_agent_config_path" printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Create backup and continue installation?" "[Y/n] (default: Yes): " read confirmation_reply @@ -241,7 +242,7 @@ backup_elastic_agent_config() { fi if [ "$?" -eq 0 ]; then - printf "\n\e[1;32m✓\e[0m %s\n" "Backup saved to $backup_path" + printf "\n\e[32;1m✓\e[0m %s \e[36m%s\e[0m\n" "Backup saved to" "$backup_path" else update_step_progress "ea-config" "warning" "Failed to backup existing configuration" fail "Failed to backup existing config - Try manually creating a backup or delete your existing config before re-running this script" @@ -278,7 +279,7 @@ install_integrations() { --output "$elastic_agent_tmp_config_path" if [ "$?" -eq 0 ]; then - printf "\n\e[1;32m✓\e[0m %s\n" "Integrations installed" + printf "\n\e[32;1m✓\e[0m %s\n" "Integrations installed" else update_step_progress "ea-config" "warning" "Failed to install integrations" fail "Failed to install integrations" @@ -297,10 +298,15 @@ apply_elastic_agent_config() { # Replace placeholder with the Ingest API key sed -i='' "s/\${API_KEY}/$decoded_ingest_api_key/" "$elastic_agent_config_path" if [ "$?" -eq 0 ]; then - printf "\e[1;32m✓\e[0m %s\n" "Config written to:" - tar --list --file "$elastic_agent_tmp_config_path" | grep '\.yml$' | while read -r file; do - echo " - $(dirname "$elastic_agent_config_path")/$file" - done + printf "\e[32;1m✓\e[0m %s\n" "Config files written to:" + while IFS= read -r file; do + local path="$(dirname "$elastic_agent_config_path")/$file" + printf " \e[36m%s\e[0m\n" "$path" + grep '' "$path" >/dev/null + if [ "$?" -eq 0 ]; then + config_files_with_password+=("$path") + fi + done < <(tar --list --file "$elastic_agent_tmp_config_path" | grep '\.yml$') update_step_progress "ea-config" "complete" else @@ -585,4 +591,11 @@ printf "\n\e[1m%s\e[0m\n" "Waiting for healthy status..." wait_for_elastic_agent_status ensure_elastic_agent_healthy -printf "\n\e[32m%s\e[0m\n" "🎉 Elastic Agent is configured and running. You can now go back to Kibana and check for incoming logs." +printf "\n\e[32m%s\e[0m\n" "🎉 Elastic Agent is configured and running!" + +printf "\n\e[1m%s\e[0m\n" "Next steps:" +printf "\n• %s\n" "Go back to Kibana and check for incoming data" +for path in "${config_files_with_password[@]}"; do + printf "\n• %s:\n \e[36m%s\e[0m\n" "Collect $(known_integration_title "$(basename "${path%.yml}")") metrics by adding your username and password to" "$path" +done +printf "\n• %s:\n \e[36;4m%s\e[0m\n" "For information on other standalone integration setups, visit" "https://www.elastic.co/guide/en/fleet/current/elastic-agent-configuration.html" diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/integrations.conf b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/integrations.conf index e6455a9170c86..0b197bef30f7d 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/integrations.conf +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/integrations.conf @@ -1,14 +1,14 @@ [system] -title=System Logs And Metrics +title=System [nginx] -title=Nginx Logs +title=Nginx patterns= /var/log/nginx/access.log* /var/log/nginx/error.log* [apache] -title=Apache Logs +title=Apache patterns= /var/log/apache2/access.log* /var/log/apache2/other_vhosts_access.log* @@ -17,13 +17,13 @@ patterns= /var/log/httpd/error_log* [docker] -title=Docker Container Logs +title=Docker patterns= /var/lib/docker/containers/*/*-json.log /var/run/docker.sock [mysql] -title=MySQL Logs +title=MySQL patterns= /var/log/mysql/*error.log* /var/log/mysqld.log* @@ -31,7 +31,7 @@ patterns= /var/lib/mysql/*-slow.log* [postgresql] -title=PostgreSQL Logs +title=PostgreSQL patterns= /var/log/postgresql/postgresql-*-*.log* /*/postgresql-logs/*.log @@ -39,26 +39,26 @@ patterns= /var/log/postgresql/postgresql-*-*.csv* [redis] -title=Redis Logs +title=Redis patterns= /var/log/redis/redis-server.log* /etc/redis/redis.conf [haproxy] -title=HAProxy Logs +title=HAProxy patterns= /var/log/haproxy.log /etc/haproxy/haproxy.cfg [rabbitmq] -title=RabbitMQ Logs +title=RabbitMQ patterns= /var/log/rabbitmq/rabbit@*.log /etc/rabbitmq/rabbitmq.conf /etc/rabbitmq/rabbitmq.config [kafka] -title=Kafka Logs +title=Kafka patterns= /var/log/kafka/server.log /etc/kafka/server.properties @@ -68,19 +68,19 @@ patterns= /*/logs/kafka-*.log* [mongodb] -title=MongoDB Logs +title=MongoDB patterns= /var/log/mongodb/mongod.log [apache_tomcat] -title=Apache Tomcat Logs +title=Apache Tomcat patterns= /opt/tomcat/logs/localhost_access_log.*.txt /opt/tomcat/logs/catalina.*.log /opt/tomcat/logs/localhost.*.log [prometheus] -title=Prometheus Server overview +title=Prometheus patterns= /var/log/prometheus/prometheus.log /etc/prometheus/prometheus.yml \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts index 229ce3bf252d0..d6575f8751c4a 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts @@ -263,8 +263,8 @@ const createFlowRoute = createObservabilityOnboardingServerRoute({ * * The request format is TSV (tab-separated values) to simplify parsing in bash. * - * The response format is either a YAML file or a tar archive containing the Elastic Agent - * configuration, depending on the `Accept` header. + * The response format is a tar archive containing the Elastic Agent configuration, depending on the + * `Accept` header. * * Errors during installation are ignore unless all integrations fail to install. When that happens * a 500 Internal Server Error is returned with the first error message. @@ -348,7 +348,7 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({ } return acc; }, []); - // Errors during installation are ignore unless all integrations fail to install. When that happens + // Errors during installation are ignored unless all integrations fail to install. When that happens // a 500 Internal Server Error is returned with the first error message. if (!installedIntegrations.length) { throw (settledResults[0] as PromiseRejectedResult).reason; @@ -383,20 +383,11 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({ ? [plugins.cloud?.setup?.elasticsearchUrl] : await getFallbackESUrl(services.esLegacyConfigService); - if (request.headers.accept === 'application/x-tar') { - return response.ok({ - headers: { - 'content-type': 'application/x-tar', - }, - body: generateAgentConfigTar({ elasticsearchUrl, installedIntegrations }), - }); - } - return response.ok({ headers: { - 'content-type': 'application/yaml', + 'content-type': 'application/x-tar', }, - body: generateAgentConfigYAML({ elasticsearchUrl, installedIntegrations }), + body: generateAgentConfigTar({ elasticsearchUrl, installedIntegrations }), }); }, }); @@ -423,7 +414,7 @@ async function ensureInstalledIntegrations( if (installSource === 'registry') { const installation = await packageClient.ensureInstalledPackage({ pkgName }); const pkg = installation.package; - const inputs = await packageClient.getAgentPolicyInputs(pkg.name, pkg.version); + const config = await packageClient.getAgentPolicyConfigYAML(pkg.name, pkg.version); const { packageInfo } = await packageClient.getPackage(pkg.name, pkg.version); return { @@ -431,7 +422,7 @@ async function ensureInstalledIntegrations( pkgName: pkg.name, pkgVersion: pkg.version, title: packageInfo.title, - inputs: inputs.filter((input) => input.type !== 'httpjson'), + config, dataStreams: packageInfo.data_streams?.map(({ type, dataset }) => ({ type, dataset })) ?? [], kibanaAssets: pkg.installed_kibana, @@ -447,19 +438,21 @@ async function ensureInstalledIntegrations( pkgName, pkgVersion: '1.0.0', // Custom integrations are always installed as version `1.0.0` title: pkgName, - inputs: [ - { - id: `filestream-${pkgName}`, - type: 'filestream', - streams: [ - { - id: `filestream-${pkgName}`, - data_stream: dataStream, - paths: integration.logFilePaths, - }, - ], - }, - ], + config: dump({ + inputs: [ + { + id: `filestream-${pkgName}`, + type: 'filestream', + streams: [ + { + id: `filestream-${pkgName}`, + data_stream: dataStream, + paths: integration.logFilePaths, + }, + ], + }, + ], + }), dataStreams: [dataStream], kibanaAssets: [], }; @@ -538,25 +531,6 @@ function parseIntegrationsTSV(tsv: string) { ); } -const generateAgentConfigYAML = ({ - elasticsearchUrl, - installedIntegrations, -}: { - elasticsearchUrl: string[]; - installedIntegrations: InstalledIntegration[]; -}) => { - return dump({ - outputs: { - default: { - type: 'elasticsearch', - hosts: elasticsearchUrl, - api_key: '${API_KEY}', // Placeholder to be replaced by bash script with the actual API key - }, - }, - inputs: installedIntegrations.map(({ inputs }) => inputs).flat(), - }); -}; - const generateAgentConfigTar = ({ elasticsearchUrl, installedIntegrations, @@ -592,7 +566,7 @@ const generateAgentConfigTar = ({ path: `inputs.d/${integration.pkgName}.yml`, mode: 0o644, mtime: now, - data: dump({ inputs: integration.inputs }), + data: integration.config, })), ]); }; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts index de2e7ce65fd2d..c9cded0805f65 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts @@ -57,7 +57,7 @@ export const IntegrationRT = t.type({ pkgName: t.string, pkgVersion: t.string, title: t.string, - inputs: t.array(t.unknown), + config: t.string, dataStreams: t.array( t.type({ type: t.string, From 6b63f7f6314e9c05525df32629be7ba769c6ab4c Mon Sep 17 00:00:00 2001 From: Kerry Gallagher Date: Thu, 24 Oct 2024 15:49:27 +0100 Subject: [PATCH 48/99] [Logs Overview] Add a flyout to show category document examples (#194867) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary Implements https://github.com/elastic/kibana/issues/193450. ## Discover changes ⚠️ As part of this we need to render a basic table with the log level and summary columns, which is technically context aware but only in the sense we know we want it to be a logs context up front. The "correct" solution here (or at least from recent conversations) is to use the saved search embeddable. There is upcoming work planned to move log stream component usages over to the saved search embeddable. However, currently this isn't in a place to just be dropped in without some pretty extensive work. I didn't feel comfortable doing a big push on that work as a side effort to this work, especially with a loose (if possible) 8.16 aim for this. What I've done (and which isn't ideal I appreciate) is used the start contract of the Discover plugin to export the columns / cells pre-wrapped with the Discover services. It's not ideal in the sense of dependencies, but technically Discover doesn't use logs shared. I considered Discover shared but that's for registering functionality for Discover, rather than the other way around. Eventually we'll be able to remove this and convert over to the new solution. I'm all ears to a better solution, but there's a big mismatch between the needs here and dropping in something that exists currently. Thankfully the changeset for Discover is small if we're happy to keep this temporarily. Edit: I've made some notes here: https://github.com/elastic/logs-dev/issues/111#issuecomment-2411096251 Edit: New package added here: https://github.com/elastic/kibana/commit/c290819c1c1e1cb5a67d437cca7783c0e2302c8f ## Overview From a high level: - Adds a new state machine for handling "details" to show in the flyout (document examples now, plus details and a timeline later). - Hooks this up to a flyout expanded from the categories table. - Provides linking to Discover to view documents from the category in the flyout. I've also left some comments inline. ## UI / UX ![Screenshot 2024-10-10 at 15 05 21](https://github.com/user-attachments/assets/49b525b1-f730-4e90-9a84-05175edb8c40) ![flyout_open](https://github.com/user-attachments/assets/0995b952-566b-4e09-80cf-20ad94343980) ![discover_link](https://github.com/user-attachments/assets/249ef269-0105-48af-9c81-ebae1cfb1680) --------- Co-authored-by: Felix Stürmer Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine Co-authored-by: Felix Stürmer Co-authored-by: Julia Rechkunova --- .github/CODEOWNERS | 1 + .i18nrc.json | 2 +- package.json | 1 + .../README.md | 3 + .../index.ts | 7 +- .../jest.config.js | 14 + .../kibana.jsonc | 5 + .../package.json | 7 + .../logs/components}/cell_actions_popover.tsx | 64 ++-- .../src/data_types/logs/components/index.ts | 12 + .../log_level_badge_cell.test.tsx | 4 +- .../log_level_badge_cell.tsx | 4 +- .../service_name_badge_with_actions.tsx | 17 +- .../components}/summary_column/content.tsx | 4 +- .../logs/components/summary_column/index.ts | 13 + .../components}/summary_column/resource.tsx | 5 +- .../summary_column/summary_column.test.tsx | 50 +-- .../summary_column/summary_column.tsx | 171 ++++++++++ .../logs/components/summary_column/utils.tsx | 147 +++++++++ .../logs/components/translations.tsx | 72 +++++ .../src/index.ts | 16 + .../tsconfig.json | 37 +++ packages/kbn-discover-utils/index.ts | 4 +- .../logs/components/{index.ts => index.tsx} | 0 .../src/data_types/logs/constants.ts | 70 ++++ .../src/data_types/logs/index.ts | 2 +- .../src/data_types/logs/types.ts | 7 + .../utils/get_available_resource_fields.ts | 4 +- .../src/data_types/logs/utils/index.ts | 1 + packages/kbn-discover-utils/tsconfig.json | 2 +- .../common/data_types/logs/constants.ts | 62 +--- .../data_types/logs/service_name_cell.tsx | 6 +- .../data_types/logs/summary_column/index.tsx | 8 +- .../logs/summary_column/summary_column.tsx | 172 +--------- .../data_types/logs/summary_column/utils.tsx | 126 -------- .../data_types/logs/translations.tsx | 305 ------------------ .../accessors/get_cell_renderers.tsx | 2 +- src/plugins/discover/tsconfig.json | 4 +- src/plugins/unified_doc_viewer/kibana.jsonc | 1 + tsconfig.base.json | 2 + .../discover_link/discover_link.tsx | 16 +- .../log_categories/log_categories.tsx | 49 ++- .../log_categories_control_bar.tsx | 13 +- .../log_categories/log_categories_grid.tsx | 12 + .../log_categories_grid_cell.tsx | 2 +- .../log_categories_grid_control_columns.tsx | 45 +++ .../log_categories_grid_expand_button.tsx | 71 ++++ .../log_categories_grid_pattern_cell.tsx | 37 +-- .../log_categories_result_content.tsx | 38 ++- .../log_category_details_error_content.tsx | 41 +++ .../log_category_details_flyout.tsx | 139 ++++++++ .../log_category_details_loading_content.tsx | 19 ++ .../log_category_document_examples_table.tsx | 151 +++++++++ .../logs_overview/logs_overview.tsx | 10 +- .../shared/log_category_pattern.tsx | 50 +++ .../category_details_service.ts | 191 +++++++++++ .../category_documents.ts | 63 ++++ .../category_details_service/index.ts | 8 + .../category_details_service/queries.ts | 58 ++++ .../category_details_service/types.ts | 31 ++ .../logs_overview/src/utils/log_category.ts | 12 + .../logs_overview/src/utils/logs_source.ts | 53 ++- .../observability/logs_overview/tsconfig.json | 8 +- .../logs_shared/kibana.jsonc | 3 +- .../public/{plugin.ts => plugin.tsx} | 4 + .../logs_shared/public/types.ts | 2 + .../logs_shared/tsconfig.json | 1 + .../translations/translations/fr-FR.json | 35 -- .../translations/translations/ja-JP.json | 35 -- .../translations/translations/zh-CN.json | 35 -- yarn.lock | 4 + 71 files changed, 1766 insertions(+), 904 deletions(-) create mode 100644 packages/kbn-discover-contextual-components/README.md rename src/plugins/discover/common/data_types/logs/display_options.ts => packages/kbn-discover-contextual-components/index.ts (75%) create mode 100644 packages/kbn-discover-contextual-components/jest.config.js create mode 100644 packages/kbn-discover-contextual-components/kibana.jsonc create mode 100644 packages/kbn-discover-contextual-components/package.json rename {src/plugins/discover/public/components/data_types/logs => packages/kbn-discover-contextual-components/src/data_types/logs/components}/cell_actions_popover.tsx (75%) create mode 100644 packages/kbn-discover-contextual-components/src/data_types/logs/components/index.ts rename {src/plugins/discover/public/components/data_types/logs => packages/kbn-discover-contextual-components/src/data_types/logs/components/log_level_badge_cell}/log_level_badge_cell.test.tsx (93%) rename {src/plugins/discover/public/components/data_types/logs => packages/kbn-discover-contextual-components/src/data_types/logs/components/log_level_badge_cell}/log_level_badge_cell.tsx (92%) rename {src/plugins/discover/public/components/data_types/logs => packages/kbn-discover-contextual-components/src/data_types/logs/components}/service_name_badge_with_actions.tsx (80%) rename {src/plugins/discover/public/components/data_types/logs => packages/kbn-discover-contextual-components/src/data_types/logs/components}/summary_column/content.tsx (95%) create mode 100644 packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/index.ts rename {src/plugins/discover/public/components/data_types/logs => packages/kbn-discover-contextual-components/src/data_types/logs/components}/summary_column/resource.tsx (89%) rename {src/plugins/discover/public/components/data_types/logs => packages/kbn-discover-contextual-components/src/data_types/logs/components}/summary_column/summary_column.test.tsx (86%) create mode 100644 packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/summary_column.tsx create mode 100644 packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/utils.tsx create mode 100644 packages/kbn-discover-contextual-components/src/data_types/logs/components/translations.tsx create mode 100644 packages/kbn-discover-contextual-components/src/index.ts create mode 100644 packages/kbn-discover-contextual-components/tsconfig.json rename packages/kbn-discover-utils/src/data_types/logs/components/{index.ts => index.tsx} (100%) create mode 100644 packages/kbn-discover-utils/src/data_types/logs/constants.ts rename {src/plugins/discover/public => packages/kbn-discover-utils/src/data_types/logs}/utils/get_available_resource_fields.ts (87%) delete mode 100644 src/plugins/discover/public/components/data_types/logs/summary_column/utils.tsx delete mode 100644 src/plugins/discover/public/components/data_types/logs/translations.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_control_columns.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_expand_button.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_error_content.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_flyout.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_loading_content.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_document_examples_table.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/components/shared/log_category_pattern.tsx create mode 100644 x-pack/packages/observability/logs_overview/src/services/category_details_service/category_details_service.ts create mode 100644 x-pack/packages/observability/logs_overview/src/services/category_details_service/category_documents.ts create mode 100644 x-pack/packages/observability/logs_overview/src/services/category_details_service/index.ts create mode 100644 x-pack/packages/observability/logs_overview/src/services/category_details_service/queries.ts create mode 100644 x-pack/packages/observability/logs_overview/src/services/category_details_service/types.ts create mode 100644 x-pack/packages/observability/logs_overview/src/utils/log_category.ts rename x-pack/plugins/observability_solution/logs_shared/public/{plugin.ts => plugin.tsx} (97%) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3e0a5ea38a3db..161650cfa67b0 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -385,6 +385,7 @@ packages/kbn-dev-proc-runner @elastic/kibana-operations src/plugins/dev_tools @elastic/kibana-management packages/kbn-dev-utils @elastic/kibana-operations examples/developer_examples @elastic/appex-sharedux +packages/kbn-discover-contextual-components @elastic/obs-ux-logs-team @elastic/kibana-data-discovery examples/discover_customization_examples @elastic/kibana-data-discovery x-pack/plugins/discover_enhanced @elastic/kibana-data-discovery src/plugins/discover @elastic/kibana-data-discovery diff --git a/.i18nrc.json b/.i18nrc.json index 036be597ac969..5c7642e6283eb 100644 --- a/.i18nrc.json +++ b/.i18nrc.json @@ -27,7 +27,7 @@ "dataViews": "src/plugins/data_views", "defaultNavigation": "packages/default-nav", "devTools": "src/plugins/dev_tools", - "discover": ["src/plugins/discover", "packages/kbn-discover-utils"], + "discover": ["src/plugins/discover", "packages/kbn-discover-utils", "packages/kbn-discover-contextual-components"], "savedSearch": "src/plugins/saved_search", "embeddableApi": "src/plugins/embeddable", "presentationPanel": "src/plugins/presentation_panel", diff --git a/package.json b/package.json index dea3744893f0a..9109461115299 100644 --- a/package.json +++ b/package.json @@ -451,6 +451,7 @@ "@kbn/default-nav-ml": "link:packages/default-nav/ml", "@kbn/dev-tools-plugin": "link:src/plugins/dev_tools", "@kbn/developer-examples-plugin": "link:examples/developer_examples", + "@kbn/discover-contextual-components": "link:packages/kbn-discover-contextual-components", "@kbn/discover-customization-examples-plugin": "link:examples/discover_customization_examples", "@kbn/discover-enhanced-plugin": "link:x-pack/plugins/discover_enhanced", "@kbn/discover-plugin": "link:src/plugins/discover", diff --git a/packages/kbn-discover-contextual-components/README.md b/packages/kbn-discover-contextual-components/README.md new file mode 100644 index 0000000000000..ae9e2402c2a69 --- /dev/null +++ b/packages/kbn-discover-contextual-components/README.md @@ -0,0 +1,3 @@ +# @kbn/discover-contextual-components + +Houses contextual (e.g. logs) components that are used by Discover. diff --git a/src/plugins/discover/common/data_types/logs/display_options.ts b/packages/kbn-discover-contextual-components/index.ts similarity index 75% rename from src/plugins/discover/common/data_types/logs/display_options.ts rename to packages/kbn-discover-contextual-components/index.ts index 05803ba0bde7f..55b900ad5137a 100644 --- a/src/plugins/discover/common/data_types/logs/display_options.ts +++ b/packages/kbn-discover-contextual-components/index.ts @@ -7,9 +7,4 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -export interface SmartFieldGridColumnOptions { - type: 'smart-field'; - smartField: 'content' | 'resource'; - fallbackFields: string[]; - width?: number; -} +export * from './src'; diff --git a/packages/kbn-discover-contextual-components/jest.config.js b/packages/kbn-discover-contextual-components/jest.config.js new file mode 100644 index 0000000000000..bacfd33649ce4 --- /dev/null +++ b/packages/kbn-discover-contextual-components/jest.config.js @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-discover-contextual-components'], +}; diff --git a/packages/kbn-discover-contextual-components/kibana.jsonc b/packages/kbn-discover-contextual-components/kibana.jsonc new file mode 100644 index 0000000000000..cfb9b1d5431ef --- /dev/null +++ b/packages/kbn-discover-contextual-components/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-browser", + "id": "@kbn/discover-contextual-components", + "owner": ["@elastic/obs-ux-logs-team", "@elastic/kibana-data-discovery"] +} diff --git a/packages/kbn-discover-contextual-components/package.json b/packages/kbn-discover-contextual-components/package.json new file mode 100644 index 0000000000000..4a63d975cda42 --- /dev/null +++ b/packages/kbn-discover-contextual-components/package.json @@ -0,0 +1,7 @@ +{ + "name": "@kbn/discover-contextual-components", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0", + "sideEffects": false +} \ No newline at end of file diff --git a/src/plugins/discover/public/components/data_types/logs/cell_actions_popover.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/cell_actions_popover.tsx similarity index 75% rename from src/plugins/discover/public/components/data_types/logs/cell_actions_popover.tsx rename to packages/kbn-discover-contextual-components/src/data_types/logs/components/cell_actions_popover.tsx index 7b9d68e8f3dd7..96651cf26189b 100644 --- a/src/plugins/discover/public/components/data_types/logs/cell_actions_popover.tsx +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/cell_actions_popover.tsx @@ -24,7 +24,9 @@ import { import { css } from '@emotion/react'; import { useBoolean } from '@kbn/react-hooks'; import { euiThemeVars } from '@kbn/ui-theme'; -import { DocViewFilterFn } from '@kbn/unified-doc-viewer/types'; +import type { DocViewFilterFn } from '@kbn/unified-doc-viewer/types'; +import type { SharePluginStart } from '@kbn/share-plugin/public'; +import type { CoreStart } from '@kbn/core-lifecycle-browser'; import { actionFilterForText, actionFilterOutText, @@ -109,30 +111,32 @@ export function CellActionsPopover({ /> - - - - {filterForText} - - - {filterOutText} - - - + {onFilter ? ( + + + + {filterForText} + + + {filterOutText} + + + + ) : null} {(copy) => ( @@ -158,13 +162,21 @@ export interface FieldBadgeWithActionsProps icon?: EuiBadgeProps['iconType']; } +interface FieldBadgeWithActionsDependencies { + core?: CoreStart; + share?: SharePluginStart; +} + +export type FieldBadgeWithActionsPropsAndDependencies = FieldBadgeWithActionsProps & + FieldBadgeWithActionsDependencies; + export function FieldBadgeWithActions({ icon, onFilter, property, renderValue, value, -}: FieldBadgeWithActionsProps) { +}: FieldBadgeWithActionsPropsAndDependencies) { return ( { const LogLevelBadgeCell = getLogLevelBadgeCell(logLevelField); diff --git a/src/plugins/discover/public/components/data_types/logs/log_level_badge_cell.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/log_level_badge_cell/log_level_badge_cell.tsx similarity index 92% rename from src/plugins/discover/public/components/data_types/logs/log_level_badge_cell.tsx rename to packages/kbn-discover-contextual-components/src/data_types/logs/components/log_level_badge_cell/log_level_badge_cell.tsx index bff3bdddee026..4223f1e0de5c1 100644 --- a/src/plugins/discover/public/components/data_types/logs/log_level_badge_cell.tsx +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/log_level_badge_cell/log_level_badge_cell.tsx @@ -9,8 +9,8 @@ import type { CSSObject } from '@emotion/react'; import React from 'react'; +import type { DataGridCellValueElementProps } from '@kbn/unified-data-table/src/types'; import { LogLevelBadge } from '@kbn/discover-utils'; -import type { DataGridCellValueElementProps } from '@kbn/unified-data-table'; const dataTestSubj = 'logLevelBadgeCell'; const badgeCss: CSSObject = { marginTop: '-4px' }; @@ -32,3 +32,5 @@ export const getLogLevelBadgeCell = /> ); }; + +export type LogLevelBadgeCell = ReturnType; diff --git a/src/plugins/discover/public/components/data_types/logs/service_name_badge_with_actions.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/service_name_badge_with_actions.tsx similarity index 80% rename from src/plugins/discover/public/components/data_types/logs/service_name_badge_with_actions.tsx rename to packages/kbn-discover-contextual-components/src/data_types/logs/components/service_name_badge_with_actions.tsx index 581c889b8e98e..7916b1144d851 100644 --- a/src/plugins/discover/public/components/data_types/logs/service_name_badge_with_actions.tsx +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/service_name_badge_with_actions.tsx @@ -11,17 +11,20 @@ import React from 'react'; import { getRouterLinkProps } from '@kbn/router-utils'; import { EuiLink } from '@elastic/eui'; import { OBSERVABILITY_ENTITY_CENTRIC_EXPERIENCE } from '@kbn/management-settings-ids'; -import { SharePublicStart } from '@kbn/share-plugin/public/plugin'; -import { useDiscoverServices } from '../../../hooks/use_discover_services'; -import { FieldBadgeWithActions, FieldBadgeWithActionsProps } from './cell_actions_popover'; +import type { SharePublicStart } from '@kbn/share-plugin/public/plugin'; +import { + FieldBadgeWithActions, + FieldBadgeWithActionsProps, + FieldBadgeWithActionsPropsAndDependencies, +} from './cell_actions_popover'; const SERVICE_ENTITY_LOCATOR = 'SERVICE_ENTITY_LOCATOR'; -export function ServiceNameBadgeWithActions(props: FieldBadgeWithActionsProps) { - const { share, core } = useDiscoverServices(); - const canViewApm = core.application.capabilities.apm?.show || false; +export function ServiceNameBadgeWithActions(props: FieldBadgeWithActionsPropsAndDependencies) { + const { share, core } = props; + const canViewApm = core?.application.capabilities.apm?.show || false; const isEntityCentricExperienceSettingEnabled = canViewApm - ? core.uiSettings.get(OBSERVABILITY_ENTITY_CENTRIC_EXPERIENCE) + ? core?.uiSettings.get(OBSERVABILITY_ENTITY_CENTRIC_EXPERIENCE) : false; const derivedPropsForEntityExperience = isEntityCentricExperienceSettingEnabled diff --git a/src/plugins/discover/public/components/data_types/logs/summary_column/content.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/content.tsx similarity index 95% rename from src/plugins/discover/public/components/data_types/logs/summary_column/content.tsx rename to packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/content.tsx index 0da98cbf7145e..cc576efff17db 100644 --- a/src/plugins/discover/public/components/data_types/logs/summary_column/content.tsx +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/content.tsx @@ -14,7 +14,7 @@ import { getLogDocumentOverview, getMessageFieldWithFallbacks, } from '@kbn/discover-utils'; -import * as constants from '../../../../../common/data_types/logs/constants'; +import { MESSAGE_FIELD } from '@kbn/discover-utils'; import { formatJsonDocumentForContent } from './utils'; interface ContentProps extends DataGridCellValueElementProps { @@ -32,7 +32,7 @@ const LogMessage = ({ value: string; className: string; }) => { - const shouldRenderFieldName = field !== constants.MESSAGE_FIELD; + const shouldRenderFieldName = field !== MESSAGE_FIELD; if (shouldRenderFieldName) { return ( diff --git a/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/index.ts b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/index.ts new file mode 100644 index 0000000000000..006ec34d0a475 --- /dev/null +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +export * from './content'; +export * from './resource'; +export * from './summary_column'; +export * from './utils'; diff --git a/src/plugins/discover/public/components/data_types/logs/summary_column/resource.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/resource.tsx similarity index 89% rename from src/plugins/discover/public/components/data_types/logs/summary_column/resource.tsx rename to packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/resource.tsx index a7955fadde622..5ea7ddda7a6b7 100644 --- a/src/plugins/discover/public/components/data_types/logs/summary_column/resource.tsx +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/resource.tsx @@ -8,8 +8,8 @@ */ import React from 'react'; -import { EuiBadge, EuiFlexGroup } from '@elastic/eui'; -import { DocViewFilterFn } from '@kbn/unified-doc-viewer/types'; +import { CommonProps, EuiBadge, EuiFlexGroup } from '@elastic/eui'; +import type { DocViewFilterFn } from '@kbn/unified-doc-viewer/types'; import { ResourceFieldDescriptor } from './utils'; const MAX_LIMITED_FIELDS_VISIBLE = 3; @@ -19,6 +19,7 @@ interface ResourceProps { /* When true, the column will render a predefined number of resources and indicates with a badge how many more we have */ limited?: boolean; onFilter?: DocViewFilterFn; + css?: CommonProps['css']; } export const Resource = ({ fields, limited = false, onFilter, ...props }: ResourceProps) => { diff --git a/src/plugins/discover/public/components/data_types/logs/summary_column/summary_column.test.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/summary_column.test.tsx similarity index 86% rename from src/plugins/discover/public/components/data_types/logs/summary_column/summary_column.test.tsx rename to packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/summary_column.test.tsx index b8eeea613c9c6..6b337167279e3 100644 --- a/src/plugins/discover/public/components/data_types/logs/summary_column/summary_column.test.tsx +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/summary_column.test.tsx @@ -8,41 +8,41 @@ */ import React from 'react'; -import { buildDataTableRecord, DataTableRecord } from '@kbn/discover-utils'; -import { dataViewMock } from '@kbn/discover-utils/src/__mocks__'; import { fieldFormatsMock } from '@kbn/field-formats-plugin/common/mocks'; import { render, screen } from '@testing-library/react'; import SummaryColumn, { SummaryColumnFactoryDeps, SummaryColumnProps } from './summary_column'; import { DataGridDensity, ROWS_HEIGHT_OPTIONS } from '@kbn/unified-data-table'; -import * as constants from '../../../../../common/data_types/logs/constants'; -import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; -import { discoverServiceMock } from '../../../../__mocks__/services'; +import * as constants from '@kbn/discover-utils/src/data_types/logs/constants'; +import { sharePluginMock } from '@kbn/share-plugin/public/mocks'; +import { coreMock as corePluginMock } from '@kbn/core/public/mocks'; +import { DataTableRecord, buildDataTableRecord } from '@kbn/discover-utils'; +import { dataViewMock } from '@kbn/discover-utils/src/__mocks__/data_view'; const renderSummary = ( record: DataTableRecord, opts: Partial = {} ) => { render( - - {}} - closePopover={() => {}} - density={DataGridDensity.COMPACT} - rowHeight={ROWS_HEIGHT_OPTIONS.single} - onFilter={jest.fn()} - shouldShowFieldHandler={() => true} - {...opts} - /> - + {}} + closePopover={() => {}} + density={DataGridDensity.COMPACT} + rowHeight={ROWS_HEIGHT_OPTIONS.single} + onFilter={jest.fn()} + shouldShowFieldHandler={() => true} + core={corePluginMock.createStart()} + share={sharePluginMock.createStartContract()} + {...opts} + /> ); }; diff --git a/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/summary_column.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/summary_column.tsx new file mode 100644 index 0000000000000..98f772fcf41d1 --- /dev/null +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/summary_column.tsx @@ -0,0 +1,171 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { DataGridDensity, type DataGridCellValueElementProps } from '@kbn/unified-data-table'; +import React from 'react'; +import { EuiButtonIcon, EuiCodeBlock, EuiFlexGroup, EuiText, EuiTitle } from '@elastic/eui'; +import { JsonCodeEditor } from '@kbn/unified-doc-viewer-plugin/public'; +import { DocViewFilterFn } from '@kbn/unified-doc-viewer/types'; +import type { CoreStart } from '@kbn/core-lifecycle-browser'; +import type { SharePluginStart } from '@kbn/share-plugin/public'; +import { + ShouldShowFieldInTableHandler, + getLogDocumentOverview, + getMessageFieldWithFallbacks, +} from '@kbn/discover-utils'; +import { ROWS_HEIGHT_OPTIONS } from '@kbn/unified-data-table'; +import { Resource } from './resource'; +import { Content } from './content'; +import { createResourceFields, formatJsonDocumentForContent } from './utils'; +import { + closeCellActionPopoverText, + contentLabel, + jsonLabel, + resourceLabel, +} from '../translations'; + +export interface SummaryColumnFactoryDeps { + density: DataGridDensity | undefined; + rowHeight: number | undefined; + shouldShowFieldHandler: ShouldShowFieldInTableHandler; + onFilter?: DocViewFilterFn; + core: CoreStart; + share?: SharePluginStart; +} + +export type SummaryColumnProps = DataGridCellValueElementProps; +export type AllSummaryColumnProps = SummaryColumnProps & SummaryColumnFactoryDeps; + +export const SummaryColumn = (props: AllSummaryColumnProps) => { + const { isDetails } = props; + + if (isDetails) { + return ; + } + + return ; +}; + +// eslint-disable-next-line import/no-default-export +export default SummaryColumn; + +const SummaryCell = ({ + density: maybeNullishDensity, + rowHeight: maybeNullishRowHeight, + ...props +}: AllSummaryColumnProps) => { + const { onFilter, row, share, core } = props; + + const density = maybeNullishDensity ?? DataGridDensity.COMPACT; + const isCompressed = density === DataGridDensity.COMPACT; + + const rowHeight = maybeNullishRowHeight ?? ROWS_HEIGHT_OPTIONS.single; + const isSingleLine = rowHeight === ROWS_HEIGHT_OPTIONS.single || rowHeight === 1; + + const resourceFields = createResourceFields(row, core, share); + const shouldRenderResource = resourceFields.length > 0; + + return isSingleLine ? ( + + {shouldRenderResource && ( + + )} + + + ) : ( + <> + {shouldRenderResource && ( + + )} + + + ); +}; + +const SummaryCellPopover = (props: AllSummaryColumnProps) => { + const { row, dataView, fieldFormats, onFilter, closePopover, share, core } = props; + + const resourceFields = createResourceFields(row, core, share); + const shouldRenderResource = resourceFields.length > 0; + + const documentOverview = getLogDocumentOverview(row, { dataView, fieldFormats }); + const { field, value } = getMessageFieldWithFallbacks(documentOverview); + const shouldRenderContent = Boolean(field && value); + + const shouldRenderSource = !shouldRenderContent; + + return ( + + + {shouldRenderResource && ( + + + {resourceLabel} + + + + )} + + + {contentLabel} + + {shouldRenderContent && ( + + + {field} + + + {value} + + + )} + {shouldRenderSource && ( + + + {jsonLabel} + + + + )} + + + ); +}; + +const singleLineResourceCss = { + flexGrow: 0, + lineHeight: 'normal', + marginTop: -1, +}; + +const multiLineResourceCss = { display: 'inline-flex' }; diff --git a/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/utils.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/utils.tsx new file mode 100644 index 0000000000000..7dacc3393763e --- /dev/null +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/summary_column/utils.tsx @@ -0,0 +1,147 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { dynamic } from '@kbn/shared-ux-utility'; +import React from 'react'; +import { css } from '@emotion/react'; +import { AgentName } from '@kbn/elastic-agent-utils'; +import { euiThemeVars } from '@kbn/ui-theme'; +import type { SharePluginStart } from '@kbn/share-plugin/public'; +import type { CoreStart } from '@kbn/core-lifecycle-browser'; +import { + AGENT_NAME_FIELD, + CLOUD_INSTANCE_ID_FIELD, + CONTAINER_ID_FIELD, + CONTAINER_NAME_FIELD, + FILTER_OUT_FIELDS_PREFIXES_FOR_CONTENT, + HOST_NAME_FIELD, + ORCHESTRATOR_CLUSTER_NAME_FIELD, + ORCHESTRATOR_NAMESPACE_FIELD, + ORCHESTRATOR_RESOURCE_ID_FIELD, + SERVICE_NAME_FIELD, +} from '@kbn/discover-utils'; +import { DataTableRecord, getFieldValue } from '@kbn/discover-utils'; +import { LogDocument, ResourceFields, getAvailableResourceFields } from '@kbn/discover-utils/src'; +import { FieldBadgeWithActions, FieldBadgeWithActionsProps } from '../cell_actions_popover'; +import { ServiceNameBadgeWithActions } from '../service_name_badge_with_actions'; +/** + * getUnformattedResourceFields definitions + */ +export const getUnformattedResourceFields = (doc: LogDocument): ResourceFields => { + const serviceName = getFieldValue(doc, SERVICE_NAME_FIELD); + const hostName = getFieldValue(doc, HOST_NAME_FIELD); + const agentName = getFieldValue(doc, AGENT_NAME_FIELD); + const orchestratorClusterName = getFieldValue(doc, ORCHESTRATOR_CLUSTER_NAME_FIELD); + const orchestratorResourceId = getFieldValue(doc, ORCHESTRATOR_RESOURCE_ID_FIELD); + const orchestratorNamespace = getFieldValue(doc, ORCHESTRATOR_NAMESPACE_FIELD); + const containerName = getFieldValue(doc, CONTAINER_NAME_FIELD); + const containerId = getFieldValue(doc, CONTAINER_ID_FIELD); + const cloudInstanceId = getFieldValue(doc, CLOUD_INSTANCE_ID_FIELD); + + return { + [SERVICE_NAME_FIELD]: serviceName, + [HOST_NAME_FIELD]: hostName, + [AGENT_NAME_FIELD]: agentName, + [ORCHESTRATOR_CLUSTER_NAME_FIELD]: orchestratorClusterName, + [ORCHESTRATOR_RESOURCE_ID_FIELD]: orchestratorResourceId, + [ORCHESTRATOR_NAMESPACE_FIELD]: orchestratorNamespace, + [CONTAINER_NAME_FIELD]: containerName, + [CONTAINER_ID_FIELD]: containerId, + [CLOUD_INSTANCE_ID_FIELD]: cloudInstanceId, + }; +}; + +/** + * createResourceFields definitions + */ +const AgentIcon = dynamic(() => import('@kbn/custom-icons/src/components/agent_icon')); + +const resourceCustomComponentsMap: Partial< + Record> +> = { + [SERVICE_NAME_FIELD]: ServiceNameBadgeWithActions, +}; + +export interface ResourceFieldDescriptor { + ResourceBadge: React.ComponentType; + Icon?: () => JSX.Element; + name: keyof ResourceFields; + value: string; +} + +export const createResourceFields = ( + row: DataTableRecord, + core: CoreStart, + share?: SharePluginStart +): ResourceFieldDescriptor[] => { + const resourceDoc = getUnformattedResourceFields(row as LogDocument); + + const availableResourceFields = getAvailableResourceFields(resourceDoc); + + const resourceFields = availableResourceFields.map((name) => { + const ResourceBadgeComponent = resourceCustomComponentsMap[name] ?? FieldBadgeWithActions; + const resourceBadgeComponentWithDependencies = (props: FieldBadgeWithActionsProps) => ( + + ); + return { + name, + value: resourceDoc[name] as string, + ResourceBadge: resourceBadgeComponentWithDependencies, + ...(name === SERVICE_NAME_FIELD && { + Icon: () => ( + + ), + }), + }; + }); + + return resourceFields; +}; + +/** + * formatJsonDocumentForContent definitions + */ +export const formatJsonDocumentForContent = (row: DataTableRecord) => { + const flattenedResult: DataTableRecord['flattened'] = {}; + const rawFieldResult: DataTableRecord['raw']['fields'] = {}; + const { raw, flattened } = row; + const { fields } = raw; + + // We need 2 loops here for flattened and raw.fields. Flattened contains all fields, + // whereas raw.fields only contains certain fields excluding _ignored + for (const fieldName in flattened) { + if (isFieldAllowed(fieldName) && flattened[fieldName]) { + flattenedResult[fieldName] = flattened[fieldName]; + } + } + + for (const fieldName in fields) { + if (isFieldAllowed(fieldName) && fields[fieldName]) { + rawFieldResult[fieldName] = fields[fieldName]; + } + } + + return { + ...row, + flattened: flattenedResult, + raw: { + ...raw, + fields: rawFieldResult, + }, + }; +}; + +const isFieldAllowed = (field: string) => + !FILTER_OUT_FIELDS_PREFIXES_FOR_CONTENT.some((prefix) => field.startsWith(prefix)); diff --git a/packages/kbn-discover-contextual-components/src/data_types/logs/components/translations.tsx b/packages/kbn-discover-contextual-components/src/data_types/logs/components/translations.tsx new file mode 100644 index 0000000000000..52e083f8b86b8 --- /dev/null +++ b/packages/kbn-discover-contextual-components/src/data_types/logs/components/translations.tsx @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { i18n } from '@kbn/i18n'; + +export const jsonLabel = i18n.translate('discover.logs.dataTable.header.popover.json', { + defaultMessage: 'JSON', +}); + +export const contentLabel = i18n.translate('discover.logs.dataTable.header.popover.content', { + defaultMessage: 'Content', +}); + +export const resourceLabel = i18n.translate('discover.logs.dataTable.header.popover.resource', { + defaultMessage: 'Resource', +}); + +export const actionFilterForText = (text: string) => + i18n.translate('discover.logs.flyoutDetail.value.hover.filterFor', { + defaultMessage: 'Filter for this {value}', + values: { + value: text, + }, + }); + +export const actionFilterOutText = (text: string) => + i18n.translate('discover.logs.flyoutDetail.value.hover.filterOut', { + defaultMessage: 'Filter out this {value}', + values: { + value: text, + }, + }); + +export const filterOutText = i18n.translate('discover.logs.popoverAction.filterOut', { + defaultMessage: 'Filter out', +}); + +export const filterForText = i18n.translate('discover.logs.popoverAction.filterFor', { + defaultMessage: 'Filter for', +}); + +export const copyValueText = i18n.translate('discover.logs.popoverAction.copyValue', { + defaultMessage: 'Copy value', +}); + +export const copyValueAriaText = (fieldName: string) => + i18n.translate('discover.logs.popoverAction.copyValueAriaText', { + defaultMessage: 'Copy value of {fieldName}', + values: { + fieldName, + }, + }); + +export const openCellActionPopoverAriaText = i18n.translate( + 'discover.logs.popoverAction.openPopover', + { + defaultMessage: 'Open popover', + } +); + +export const closeCellActionPopoverText = i18n.translate( + 'discover.logs.popoverAction.closePopover', + { + defaultMessage: 'Close popover', + } +); diff --git a/packages/kbn-discover-contextual-components/src/index.ts b/packages/kbn-discover-contextual-components/src/index.ts new file mode 100644 index 0000000000000..52ee5931aa4fc --- /dev/null +++ b/packages/kbn-discover-contextual-components/src/index.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { dynamic } from '@kbn/shared-ux-utility'; + +export * from './data_types/logs/components'; + +export const LazySummaryColumn = dynamic( + () => import('./data_types/logs/components/summary_column/summary_column') +); diff --git a/packages/kbn-discover-contextual-components/tsconfig.json b/packages/kbn-discover-contextual-components/tsconfig.json new file mode 100644 index 0000000000000..21d65228b9597 --- /dev/null +++ b/packages/kbn-discover-contextual-components/tsconfig.json @@ -0,0 +1,37 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node", + "@testing-library/jest-dom", + "@testing-library/react" + ] + }, + "include": [ + "**/*.ts", + "**/*.tsx", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/field-formats-plugin", + "@kbn/discover-utils", + "@kbn/router-utils", + "@kbn/management-settings-ids", + "@kbn/share-plugin", + "@kbn/ui-theme", + "@kbn/unified-data-table", + "@kbn/unified-doc-viewer", + "@kbn/react-hooks", + "@kbn/core-lifecycle-browser", + "@kbn/i18n", + "@kbn/unified-doc-viewer-plugin", + "@kbn/core", + "@kbn/shared-ux-utility", + "@kbn/elastic-agent-utils", + "@kbn/custom-icons", + ] +} diff --git a/packages/kbn-discover-utils/index.ts b/packages/kbn-discover-utils/index.ts index ed6d58ca3da8d..7234944783037 100644 --- a/packages/kbn-discover-utils/index.ts +++ b/packages/kbn-discover-utils/index.ts @@ -52,15 +52,17 @@ export { getLogLevelCoalescedValue, getLogLevelCoalescedValueLabel, LogLevelCoalescedValue, - LogLevelBadge, getFieldValue, getVisibleColumns, canPrependTimeFieldColumn, DiscoverFlyouts, dismissAllFlyoutsExceptFor, dismissFlyouts, + LogLevelBadge, } from './src'; export type { LogsContextService } from './src'; export * from './src/types'; + +export * from './src/data_types/logs/constants'; diff --git a/packages/kbn-discover-utils/src/data_types/logs/components/index.ts b/packages/kbn-discover-utils/src/data_types/logs/components/index.tsx similarity index 100% rename from packages/kbn-discover-utils/src/data_types/logs/components/index.ts rename to packages/kbn-discover-utils/src/data_types/logs/components/index.tsx diff --git a/packages/kbn-discover-utils/src/data_types/logs/constants.ts b/packages/kbn-discover-utils/src/data_types/logs/constants.ts new file mode 100644 index 0000000000000..82edebaff0e81 --- /dev/null +++ b/packages/kbn-discover-utils/src/data_types/logs/constants.ts @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { fieldConstants } from '../..'; +import { SmartFieldGridColumnOptions } from './types'; + +export * from '../../field_constants'; + +export const LOGS_EXPLORER_PROFILE_ID = 'logs-explorer'; + +// Virtual column fields +export const CONTENT_FIELD = 'content'; +export const RESOURCE_FIELD = 'resource'; + +// Sizing +export const DATA_GRID_COLUMN_WIDTH_SMALL = 240; +export const DATA_GRID_COLUMN_WIDTH_MEDIUM = 320; +export const ACTIONS_COLUMN_WIDTH = 80; + +export const RESOURCE_FIELD_CONFIGURATION: SmartFieldGridColumnOptions = { + type: 'smart-field', + smartField: RESOURCE_FIELD, + fallbackFields: [fieldConstants.HOST_NAME_FIELD, fieldConstants.SERVICE_NAME_FIELD], + width: DATA_GRID_COLUMN_WIDTH_MEDIUM, +}; + +export const CONTENT_FIELD_CONFIGURATION: SmartFieldGridColumnOptions = { + type: 'smart-field', + smartField: CONTENT_FIELD, + fallbackFields: [fieldConstants.MESSAGE_FIELD], +}; + +export const SMART_FALLBACK_FIELDS = { + [CONTENT_FIELD]: CONTENT_FIELD_CONFIGURATION, + [RESOURCE_FIELD]: RESOURCE_FIELD_CONFIGURATION, +}; + +// UI preferences +export const DEFAULT_COLUMNS = [RESOURCE_FIELD_CONFIGURATION, CONTENT_FIELD_CONFIGURATION]; +export const DEFAULT_ROWS_PER_PAGE = 100; + +// List of prefixes which needs to be filtered out for Display in Content Column +export const FILTER_OUT_FIELDS_PREFIXES_FOR_CONTENT = [ + '_', // Filter fields like '_id', '_score' + '@timestamp', + 'agent.', + 'elastic_agent.', + 'data_stream.', + 'ecs.', + 'host.', + 'container.', + 'cloud.', + 'kubernetes.', + 'orchestrator.', + 'log.', + 'service.', +]; + +export const DEFAULT_ALLOWED_DATA_VIEWS = ['logs', 'auditbeat', 'filebeat', 'winlogbeat']; +export const DEFAULT_ALLOWED_LOGS_DATA_VIEWS = ['logs', 'auditbeat', 'filebeat', 'winlogbeat']; + +export const LOG_LEVEL_FIELDS = ['log.level', 'log_level']; +export const SERVICE_NAME_FIELDS = ['service.name', 'service_name']; +export const AGENT_NAME_FIELD = 'agent.name'; diff --git a/packages/kbn-discover-utils/src/data_types/logs/index.ts b/packages/kbn-discover-utils/src/data_types/logs/index.ts index 7ec996ee31010..30b023b6328bb 100644 --- a/packages/kbn-discover-utils/src/data_types/logs/index.ts +++ b/packages/kbn-discover-utils/src/data_types/logs/index.ts @@ -8,7 +8,7 @@ */ export * from './types'; -export * from './components'; export * from './utils'; export * from './logs_context_service'; +export * from './components'; diff --git a/packages/kbn-discover-utils/src/data_types/logs/types.ts b/packages/kbn-discover-utils/src/data_types/logs/types.ts index 843205d6e8b1e..123ad6c631026 100644 --- a/packages/kbn-discover-utils/src/data_types/logs/types.ts +++ b/packages/kbn-discover-utils/src/data_types/logs/types.ts @@ -86,3 +86,10 @@ export interface StackTraceFields { 'error.exception.stacktrace'?: string; 'error.log.stacktrace'?: string; } + +export interface SmartFieldGridColumnOptions { + type: 'smart-field'; + smartField: 'content' | 'resource'; + fallbackFields: string[]; + width?: number; +} diff --git a/src/plugins/discover/public/utils/get_available_resource_fields.ts b/packages/kbn-discover-utils/src/data_types/logs/utils/get_available_resource_fields.ts similarity index 87% rename from src/plugins/discover/public/utils/get_available_resource_fields.ts rename to packages/kbn-discover-utils/src/data_types/logs/utils/get_available_resource_fields.ts index 588194d2a13ca..e59b7a99c9163 100644 --- a/src/plugins/discover/public/utils/get_available_resource_fields.ts +++ b/packages/kbn-discover-utils/src/data_types/logs/utils/get_available_resource_fields.ts @@ -7,8 +7,8 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import { ResourceFields } from '@kbn/discover-utils/src'; -import * as constants from '../../common/data_types/logs/constants'; +import { ResourceFields } from '../../..'; +import * as constants from '../constants'; export const getAvailableResourceFields = (resourceDoc: ResourceFields) => { const resourceFields: Array = [ diff --git a/packages/kbn-discover-utils/src/data_types/logs/utils/index.ts b/packages/kbn-discover-utils/src/data_types/logs/utils/index.ts index 0b266fa5b4935..365365eb7ac13 100644 --- a/packages/kbn-discover-utils/src/data_types/logs/utils/index.ts +++ b/packages/kbn-discover-utils/src/data_types/logs/utils/index.ts @@ -9,3 +9,4 @@ export * from './get_log_level_color'; export * from './get_log_level_coalesed_value'; +export * from './get_available_resource_fields'; diff --git a/packages/kbn-discover-utils/tsconfig.json b/packages/kbn-discover-utils/tsconfig.json index 90235fada49c5..865603e379eca 100644 --- a/packages/kbn-discover-utils/tsconfig.json +++ b/packages/kbn-discover-utils/tsconfig.json @@ -25,9 +25,9 @@ "@kbn/field-types", "@kbn/i18n", "@kbn/core-ui-settings-browser", - "@kbn/ui-theme", "@kbn/expressions-plugin", "@kbn/logs-data-access-plugin", + "@kbn/ui-theme", "@kbn/i18n-react" ] } diff --git a/src/plugins/discover/common/data_types/logs/constants.ts b/src/plugins/discover/common/data_types/logs/constants.ts index 18259dcc56b28..a9ca3697763f9 100644 --- a/src/plugins/discover/common/data_types/logs/constants.ts +++ b/src/plugins/discover/common/data_types/logs/constants.ts @@ -7,64 +7,4 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import { fieldConstants } from '@kbn/discover-utils'; -import { SmartFieldGridColumnOptions } from './display_options'; - -export * from '@kbn/discover-utils/src/field_constants'; - -export const LOGS_EXPLORER_PROFILE_ID = 'logs-explorer'; - -// Virtual column fields -export const CONTENT_FIELD = 'content'; -export const RESOURCE_FIELD = 'resource'; - -// Sizing -export const DATA_GRID_COLUMN_WIDTH_SMALL = 240; -export const DATA_GRID_COLUMN_WIDTH_MEDIUM = 320; -export const ACTIONS_COLUMN_WIDTH = 80; - -export const RESOURCE_FIELD_CONFIGURATION: SmartFieldGridColumnOptions = { - type: 'smart-field', - smartField: RESOURCE_FIELD, - fallbackFields: [fieldConstants.HOST_NAME_FIELD, fieldConstants.SERVICE_NAME_FIELD], - width: DATA_GRID_COLUMN_WIDTH_MEDIUM, -}; - -export const CONTENT_FIELD_CONFIGURATION: SmartFieldGridColumnOptions = { - type: 'smart-field', - smartField: CONTENT_FIELD, - fallbackFields: [fieldConstants.MESSAGE_FIELD], -}; - -export const SMART_FALLBACK_FIELDS = { - [CONTENT_FIELD]: CONTENT_FIELD_CONFIGURATION, - [RESOURCE_FIELD]: RESOURCE_FIELD_CONFIGURATION, -}; - -// UI preferences -export const DEFAULT_COLUMNS = [RESOURCE_FIELD_CONFIGURATION, CONTENT_FIELD_CONFIGURATION]; -export const DEFAULT_ROWS_PER_PAGE = 100; - -// List of prefixes which needs to be filtered out for Display in Content Column -export const FILTER_OUT_FIELDS_PREFIXES_FOR_CONTENT = [ - '_', // Filter fields like '_id', '_score' - '@timestamp', - 'agent.', - 'elastic_agent.', - 'data_stream.', - 'ecs.', - 'host.', - 'container.', - 'cloud.', - 'kubernetes.', - 'orchestrator.', - 'log.', - 'service.', -]; - -export const DEFAULT_ALLOWED_DATA_VIEWS = ['logs', 'auditbeat', 'filebeat', 'winlogbeat']; -export const DEFAULT_ALLOWED_LOGS_DATA_VIEWS = ['logs', 'auditbeat', 'filebeat', 'winlogbeat']; - -export const LOG_LEVEL_FIELDS = ['log.level', 'log_level']; -export const SERVICE_NAME_FIELDS = ['service.name', 'service_name']; -export const AGENT_NAME_FIELD = 'agent.name'; +export * from '@kbn/discover-utils/src/data_types/logs/constants'; diff --git a/src/plugins/discover/public/components/data_types/logs/service_name_cell.tsx b/src/plugins/discover/public/components/data_types/logs/service_name_cell.tsx index cd94cd609dc69..3d543f7f0c954 100644 --- a/src/plugins/discover/public/components/data_types/logs/service_name_cell.tsx +++ b/src/plugins/discover/public/components/data_types/logs/service_name_cell.tsx @@ -15,9 +15,10 @@ import type { DataGridCellValueElementProps } from '@kbn/unified-data-table'; import { css } from '@emotion/react'; import { getFieldValue } from '@kbn/discover-utils'; import { euiThemeVars } from '@kbn/ui-theme'; +import { ServiceNameBadgeWithActions } from '@kbn/discover-contextual-components'; +import { useDiscoverServices } from '../../../hooks/use_discover_services'; import { CellRenderersExtensionParams } from '../../../context_awareness'; import { AGENT_NAME_FIELD } from '../../../../common/data_types/logs/constants'; -import { ServiceNameBadgeWithActions } from './service_name_badge_with_actions'; const AgentIcon = dynamic(() => import('@kbn/custom-icons/src/components/agent_icon')); const dataTestSubj = 'serviceNameCell'; @@ -28,6 +29,7 @@ const agentIconStyle = css` export const getServiceNameCell = (serviceNameField: string, { actions }: CellRenderersExtensionParams) => (props: DataGridCellValueElementProps) => { + const { core, share } = useDiscoverServices(); const serviceNameValue = getFieldValue(props.row, serviceNameField) as string; const agentName = getFieldValue(props.row, AGENT_NAME_FIELD) as AgentName; @@ -47,6 +49,8 @@ export const getServiceNameCell = icon={getIcon} value={serviceNameValue} property={serviceNameField} + core={core} + share={share} /> ); }; diff --git a/src/plugins/discover/public/components/data_types/logs/summary_column/index.tsx b/src/plugins/discover/public/components/data_types/logs/summary_column/index.tsx index 20fe4380199f3..dbcef4f558b33 100644 --- a/src/plugins/discover/public/components/data_types/logs/summary_column/index.tsx +++ b/src/plugins/discover/public/components/data_types/logs/summary_column/index.tsx @@ -8,13 +8,11 @@ */ import React from 'react'; -import { dynamic } from '@kbn/shared-ux-utility'; import { getShouldShowFieldHandler } from '@kbn/discover-utils'; import { DataView } from '@kbn/data-views-plugin/common'; +import { SummaryColumnProps } from '@kbn/discover-contextual-components'; import { CellRenderersExtensionParams } from '../../../../context_awareness'; -import type { SummaryColumnProps } from './summary_column'; - -const SummaryColumn = dynamic(() => import('./summary_column')); +import { SummaryColumn } from './summary_column'; export type SummaryColumnGetterDeps = CellRenderersExtensionParams; @@ -22,7 +20,7 @@ export const getSummaryColumn = (params: SummaryColumnGetterDeps) => { const { actions, dataView, density, rowHeight } = params; const shouldShowFieldHandler = createGetShouldShowFieldHandler(dataView); - return (props: SummaryColumnProps) => ( + return (props: Omit) => ( { - const { isDetails } = props; - - if (isDetails) { - return ; - } - - return ; +import { AllSummaryColumnProps } from '@kbn/discover-contextual-components'; +import { useDiscoverServices } from '../../../../hooks/use_discover_services'; + +const LazySummaryColumn = dynamic( + () => + import( + '@kbn/discover-contextual-components/src/data_types/logs/components/summary_column/summary_column' + ) +); + +export const SummaryColumn = (props: Omit) => { + const { share, core } = useDiscoverServices(); + return ; }; - -// eslint-disable-next-line import/no-default-export -export default SummaryColumn; - -const SummaryCell = ({ - density: maybeNullishDensity, - rowHeight: maybeNullishRowHeight, - ...props -}: SummaryColumnProps & SummaryColumnFactoryDeps) => { - const { onFilter, row } = props; - - const density = maybeNullishDensity ?? DataGridDensity.COMPACT; - const isCompressed = density === DataGridDensity.COMPACT; - - const rowHeight = maybeNullishRowHeight ?? ROWS_HEIGHT_OPTIONS.single; - const isSingleLine = rowHeight === ROWS_HEIGHT_OPTIONS.single || rowHeight === 1; - - const resourceFields = createResourceFields(row); - const shouldRenderResource = resourceFields.length > 0; - - return isSingleLine ? ( - - {shouldRenderResource && ( - - )} - - - ) : ( - <> - {shouldRenderResource && ( - - )} - - - ); -}; - -const SummaryCellPopover = (props: SummaryColumnProps & SummaryColumnFactoryDeps) => { - const { row, dataView, fieldFormats, onFilter, closePopover } = props; - - const resourceFields = createResourceFields(row); - const shouldRenderResource = resourceFields.length > 0; - - const documentOverview = getLogDocumentOverview(row, { dataView, fieldFormats }); - const { field, value } = getMessageFieldWithFallbacks(documentOverview); - const shouldRenderContent = Boolean(field && value); - - const shouldRenderSource = !shouldRenderContent; - - return ( - - - {shouldRenderResource && ( - - - {resourceLabel} - - - - )} - - - {contentLabel} - - {shouldRenderContent && ( - - - {field} - - - {value} - - - )} - {shouldRenderSource && ( - - - {jsonLabel} - - - - )} - - - ); -}; - -const singleLineResourceCss = { - flexGrow: 0, - lineHeight: 'normal', - marginTop: -1, -}; - -const multiLineResourceCss = { display: 'inline-flex' }; diff --git a/src/plugins/discover/public/components/data_types/logs/summary_column/utils.tsx b/src/plugins/discover/public/components/data_types/logs/summary_column/utils.tsx deleted file mode 100644 index 470ec8a0f86fa..0000000000000 --- a/src/plugins/discover/public/components/data_types/logs/summary_column/utils.tsx +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -import { getFieldValue, LogDocument, ResourceFields } from '@kbn/discover-utils/src'; -import { DataTableRecord } from '@kbn/discover-utils'; -import { dynamic } from '@kbn/shared-ux-utility'; -import React from 'react'; -import { css } from '@emotion/react'; -import { AgentName } from '@kbn/elastic-agent-utils'; -import { euiThemeVars } from '@kbn/ui-theme'; -import { getAvailableResourceFields } from '../../../../utils/get_available_resource_fields'; -import * as constants from '../../../../../common/data_types/logs/constants'; -import { ServiceNameBadgeWithActions } from '../service_name_badge_with_actions'; -import { FieldBadgeWithActions, FieldBadgeWithActionsProps } from '../cell_actions_popover'; - -/** - * getUnformattedResourceFields definitions - */ -export const getUnformattedResourceFields = (doc: LogDocument): ResourceFields => { - const serviceName = getFieldValue(doc, constants.SERVICE_NAME_FIELD); - const hostName = getFieldValue(doc, constants.HOST_NAME_FIELD); - const agentName = getFieldValue(doc, constants.AGENT_NAME_FIELD); - const orchestratorClusterName = getFieldValue(doc, constants.ORCHESTRATOR_CLUSTER_NAME_FIELD); - const orchestratorResourceId = getFieldValue(doc, constants.ORCHESTRATOR_RESOURCE_ID_FIELD); - const orchestratorNamespace = getFieldValue(doc, constants.ORCHESTRATOR_NAMESPACE_FIELD); - const containerName = getFieldValue(doc, constants.CONTAINER_NAME_FIELD); - const containerId = getFieldValue(doc, constants.CONTAINER_ID_FIELD); - const cloudInstanceId = getFieldValue(doc, constants.CLOUD_INSTANCE_ID_FIELD); - - return { - [constants.SERVICE_NAME_FIELD]: serviceName, - [constants.HOST_NAME_FIELD]: hostName, - [constants.AGENT_NAME_FIELD]: agentName, - [constants.ORCHESTRATOR_CLUSTER_NAME_FIELD]: orchestratorClusterName, - [constants.ORCHESTRATOR_RESOURCE_ID_FIELD]: orchestratorResourceId, - [constants.ORCHESTRATOR_NAMESPACE_FIELD]: orchestratorNamespace, - [constants.CONTAINER_NAME_FIELD]: containerName, - [constants.CONTAINER_ID_FIELD]: containerId, - [constants.CLOUD_INSTANCE_ID_FIELD]: cloudInstanceId, - }; -}; - -/** - * createResourceFields definitions - */ -const AgentIcon = dynamic(() => import('@kbn/custom-icons/src/components/agent_icon')); - -const resourceCustomComponentsMap: Partial< - Record> -> = { - [constants.SERVICE_NAME_FIELD]: ServiceNameBadgeWithActions, -}; - -export interface ResourceFieldDescriptor { - ResourceBadge: React.ComponentType; - Icon?: () => JSX.Element; - name: keyof ResourceFields; - value: string; -} - -export const createResourceFields = (row: DataTableRecord): ResourceFieldDescriptor[] => { - const resourceDoc = getUnformattedResourceFields(row as LogDocument); - - const availableResourceFields = getAvailableResourceFields(resourceDoc); - - const resourceFields = availableResourceFields.map((name) => ({ - name, - value: resourceDoc[name] as string, - ResourceBadge: resourceCustomComponentsMap[name] ?? FieldBadgeWithActions, - ...(name === constants.SERVICE_NAME_FIELD && { - Icon: () => ( - - ), - }), - })); - - return resourceFields; -}; - -/** - * formatJsonDocumentForContent definitions - */ -export const formatJsonDocumentForContent = (row: DataTableRecord) => { - const flattenedResult: DataTableRecord['flattened'] = {}; - const rawFieldResult: DataTableRecord['raw']['fields'] = {}; - const { raw, flattened } = row; - const { fields } = raw; - - // We need 2 loops here for flattened and raw.fields. Flattened contains all fields, - // whereas raw.fields only contains certain fields excluding _ignored - for (const fieldName in flattened) { - if (isFieldAllowed(fieldName) && flattened[fieldName]) { - flattenedResult[fieldName] = flattened[fieldName]; - } - } - - for (const fieldName in fields) { - if (isFieldAllowed(fieldName) && fields[fieldName]) { - rawFieldResult[fieldName] = fields[fieldName]; - } - } - - return { - ...row, - flattened: flattenedResult, - raw: { - ...raw, - fields: rawFieldResult, - }, - }; -}; - -const isFieldAllowed = (field: string) => - !constants.FILTER_OUT_FIELDS_PREFIXES_FOR_CONTENT.some((prefix) => field.startsWith(prefix)); diff --git a/src/plugins/discover/public/components/data_types/logs/translations.tsx b/src/plugins/discover/public/components/data_types/logs/translations.tsx deleted file mode 100644 index bbc39022bd503..0000000000000 --- a/src/plugins/discover/public/components/data_types/logs/translations.tsx +++ /dev/null @@ -1,305 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -import React from 'react'; -import { i18n } from '@kbn/i18n'; -import { EuiCode } from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n-react'; - -export const flyoutContentLabel = i18n.translate('discover.logs.flyoutDetail.label.message', { - defaultMessage: 'Content breakdown', -}); - -export const jsonLabel = i18n.translate('discover.logs.dataTable.header.popover.json', { - defaultMessage: 'JSON', -}); - -export const contentLabel = i18n.translate('discover.logs.dataTable.header.popover.content', { - defaultMessage: 'Content', -}); - -export const resourceLabel = i18n.translate('discover.logs.dataTable.header.popover.resource', { - defaultMessage: 'Resource', -}); - -export const actionsLabel = i18n.translate('discover.logs.dataTable.header.popover.actions', { - defaultMessage: 'Actions', -}); - -export const actionsLabelLowerCase = i18n.translate( - 'discover.logs.dataTable.header.popover.actions.lowercase', - { - defaultMessage: 'actions', - } -); - -export const flyoutServiceLabel = i18n.translate('discover.logs.flyoutDetail.label.service', { - defaultMessage: 'Service', -}); - -export const flyoutTraceLabel = i18n.translate('discover.logs.flyoutDetail.label.trace', { - defaultMessage: 'Trace', -}); - -export const flyoutHostNameLabel = i18n.translate('discover.logs.flyoutDetail.label.hostName', { - defaultMessage: 'Host name', -}); - -export const serviceInfraAccordionTitle = i18n.translate( - 'discover.logs.flyoutDetail.accordion.title.serviceInfra', - { - defaultMessage: 'Service & Infrastructure', - } -); - -export const cloudAccordionTitle = i18n.translate( - 'discover.logs.flyoutDetail.accordion.title.cloud', - { - defaultMessage: 'Cloud', - } -); - -export const otherAccordionTitle = i18n.translate( - 'discover.logs.flyoutDetail.accordion.title.other', - { - defaultMessage: 'Other', - } -); - -export const flyoutOrchestratorClusterNameLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.orchestratorClusterName', - { - defaultMessage: 'Orchestrator cluster Name', - } -); - -export const flyoutOrchestratorResourceIdLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.orchestratorResourceId', - { - defaultMessage: 'Orchestrator resource ID', - } -); - -export const flyoutCloudProviderLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.cloudProvider', - { - defaultMessage: 'Cloud provider', - } -); - -export const flyoutCloudRegionLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.cloudRegion', - { - defaultMessage: 'Cloud region', - } -); - -export const flyoutCloudAvailabilityZoneLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.cloudAvailabilityZone', - { - defaultMessage: 'Cloud availability zone', - } -); - -export const flyoutCloudProjectIdLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.cloudProjectId', - { - defaultMessage: 'Cloud project ID', - } -); - -export const flyoutCloudInstanceIdLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.cloudInstanceId', - { - defaultMessage: 'Cloud instance ID', - } -); - -export const flyoutLogPathFileLabel = i18n.translate( - 'discover.logs.flyoutDetail.label.logPathFile', - { - defaultMessage: 'Log path file', - } -); - -export const flyoutNamespaceLabel = i18n.translate('discover.logs.flyoutDetail.label.namespace', { - defaultMessage: 'Namespace', -}); - -export const flyoutDatasetLabel = i18n.translate('discover.logs.flyoutDetail.label.dataset', { - defaultMessage: 'Dataset', -}); - -export const flyoutShipperLabel = i18n.translate('discover.logs.flyoutDetail.label.shipper', { - defaultMessage: 'Shipper', -}); - -export const actionFilterForText = (text: string) => - i18n.translate('discover.logs.flyoutDetail.value.hover.filterFor', { - defaultMessage: 'Filter for this {value}', - values: { - value: text, - }, - }); - -export const actionFilterOutText = (text: string) => - i18n.translate('discover.logs.flyoutDetail.value.hover.filterOut', { - defaultMessage: 'Filter out this {value}', - values: { - value: text, - }, - }); - -export const filterOutText = i18n.translate('discover.logs.popoverAction.filterOut', { - defaultMessage: 'Filter out', -}); - -export const filterForText = i18n.translate('discover.logs.popoverAction.filterFor', { - defaultMessage: 'Filter for', -}); - -export const flyoutHoverActionFilterForFieldPresentText = i18n.translate( - 'discover.logs.flyoutDetail.value.hover.filterForFieldPresent', - { - defaultMessage: 'Filter for field present', - } -); - -export const flyoutHoverActionToggleColumnText = i18n.translate( - 'discover.logs.flyoutDetail.value.hover.toggleColumn', - { - defaultMessage: 'Toggle column in table', - } -); - -export const flyoutHoverActionCopyToClipboardText = i18n.translate( - 'discover.logs.flyoutDetail.value.hover.copyToClipboard', - { - defaultMessage: 'Copy to clipboard', - } -); - -export const copyValueText = i18n.translate('discover.logs.popoverAction.copyValue', { - defaultMessage: 'Copy value', -}); - -export const copyValueAriaText = (fieldName: string) => - i18n.translate('discover.logs.popoverAction.copyValueAriaText', { - defaultMessage: 'Copy value of {fieldName}', - values: { - fieldName, - }, - }); - -export const flyoutAccordionShowMoreText = (count: number) => - i18n.translate('discover.logs.flyoutDetail.section.showMore', { - defaultMessage: '+ {hiddenCount} more', - values: { - hiddenCount: count, - }, - }); - -export const openCellActionPopoverAriaText = i18n.translate( - 'discover.logs.popoverAction.openPopover', - { - defaultMessage: 'Open popover', - } -); - -export const closeCellActionPopoverText = i18n.translate( - 'discover.logs.popoverAction.closePopover', - { - defaultMessage: 'Close popover', - } -); - -export const contentHeaderTooltipParagraph1 = ( - log.level, - message: message, - }} - /> -); - -export const contentHeaderTooltipParagraph2 = i18n.translate( - 'discover.logs.dataTable.header.content.tooltip.paragraph2', - { - defaultMessage: 'When the message field is empty, one of the following is displayed:', - } -); - -export const resourceHeaderTooltipParagraph = i18n.translate( - 'discover.logs.dataTable.header.resource.tooltip.paragraph', - { - defaultMessage: "Fields that provide information on the document's source, such as:", - } -); - -export const actionsHeaderTooltipParagraph = i18n.translate( - 'discover.logs.dataTable.header.actions.tooltip.paragraph', - { - defaultMessage: 'Fields that provide actionable information, such as:', - } -); - -export const actionsHeaderTooltipExpandAction = i18n.translate( - 'discover.logs.dataTable.header.actions.tooltip.expand', - { defaultMessage: 'Expand log details' } -); - -export const actionsHeaderTooltipDegradedAction = ( - - _ignored - - ), - }} - /> -); - -export const actionsHeaderTooltipStacktraceAction = i18n.translate( - 'discover.logs.dataTable.header.actions.tooltip.stacktrace', - { defaultMessage: 'Access to available stacktraces based on:' } -); - -export const degradedDocButtonLabelWhenPresent = i18n.translate( - 'discover.logs.dataTable.controlColumn.actions.button.degradedDocPresent', - { - defaultMessage: - "This document couldn't be parsed correctly. Not all fields are properly populated", - } -); - -export const degradedDocButtonLabelWhenNotPresent = i18n.translate( - 'discover.logs.dataTable.controlColumn.actions.button.degradedDocNotPresent', - { - defaultMessage: 'All fields in this document were parsed correctly', - } -); - -export const stacktraceAvailableControlButton = i18n.translate( - 'discover.logs.dataTable.controlColumn.actions.button.stacktrace.available', - { - defaultMessage: 'Stacktraces available', - } -); - -export const stacktraceNotAvailableControlButton = i18n.translate( - 'discover.logs.dataTable.controlColumn.actions.button.stacktrace.notAvailable', - { - defaultMessage: 'Stacktraces not available', - } -); diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/logs_data_source_profile/accessors/get_cell_renderers.tsx b/src/plugins/discover/public/context_awareness/profile_providers/common/logs_data_source_profile/accessors/get_cell_renderers.tsx index 7e13baf8ddcf9..68349aeefa09a 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/logs_data_source_profile/accessors/get_cell_renderers.tsx +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/logs_data_source_profile/accessors/get_cell_renderers.tsx @@ -8,12 +8,12 @@ */ import { SOURCE_COLUMN } from '@kbn/unified-data-table'; +import { getLogLevelBadgeCell } from '@kbn/discover-contextual-components'; import { getSummaryColumn } from '../../../../../components/data_types/logs/summary_column'; import { LOG_LEVEL_FIELDS, SERVICE_NAME_FIELDS, } from '../../../../../../common/data_types/logs/constants'; -import { getLogLevelBadgeCell } from '../../../../../components/data_types/logs/log_level_badge_cell'; import { getServiceNameCell } from '../../../../../components/data_types/logs/service_name_cell'; import type { DataSourceProfileProvider } from '../../../../profiles'; diff --git a/src/plugins/discover/tsconfig.json b/src/plugins/discover/tsconfig.json index 1f3ed529d804b..197d323d7d221 100644 --- a/src/plugins/discover/tsconfig.json +++ b/src/plugins/discover/tsconfig.json @@ -96,11 +96,9 @@ "@kbn/observability-ai-assistant-plugin", "@kbn/fields-metadata-plugin", "@kbn/security-solution-common", - "@kbn/router-utils", - "@kbn/management-settings-ids", - "@kbn/react-hooks", "@kbn/logs-data-access-plugin", "@kbn/core-lifecycle-browser", + "@kbn/discover-contextual-components", "@kbn/esql-ast" ], "exclude": [ diff --git a/src/plugins/unified_doc_viewer/kibana.jsonc b/src/plugins/unified_doc_viewer/kibana.jsonc index 56ea8951e3a2d..6bd1b738c0ccb 100644 --- a/src/plugins/unified_doc_viewer/kibana.jsonc +++ b/src/plugins/unified_doc_viewer/kibana.jsonc @@ -12,3 +12,4 @@ "optionalPlugins": ["fieldsMetadata"] } } + \ No newline at end of file diff --git a/tsconfig.base.json b/tsconfig.base.json index 783e4c254b89b..02adec454d240 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -764,6 +764,8 @@ "@kbn/dev-utils/*": ["packages/kbn-dev-utils/*"], "@kbn/developer-examples-plugin": ["examples/developer_examples"], "@kbn/developer-examples-plugin/*": ["examples/developer_examples/*"], + "@kbn/discover-contextual-components": ["packages/kbn-discover-contextual-components"], + "@kbn/discover-contextual-components/*": ["packages/kbn-discover-contextual-components/*"], "@kbn/discover-customization-examples-plugin": ["examples/discover_customization_examples"], "@kbn/discover-customization-examples-plugin/*": ["examples/discover_customization_examples/*"], "@kbn/discover-enhanced-plugin": ["x-pack/plugins/discover_enhanced"], diff --git a/x-pack/packages/observability/logs_overview/src/components/discover_link/discover_link.tsx b/x-pack/packages/observability/logs_overview/src/components/discover_link/discover_link.tsx index fe108289985a9..676468c2f4a32 100644 --- a/x-pack/packages/observability/logs_overview/src/components/discover_link/discover_link.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/discover_link/discover_link.tsx @@ -13,11 +13,17 @@ import { i18n } from '@kbn/i18n'; import { getRouterLinkProps } from '@kbn/router-utils'; import type { SharePluginStart } from '@kbn/share-plugin/public'; import React, { useCallback, useMemo } from 'react'; -import type { IndexNameLogsSourceConfiguration } from '../../utils/logs_source'; +import type { ResolvedIndexNameLogsSourceConfiguration } from '../../utils/logs_source'; +interface LinkFilter { + filter: QueryDslQueryContainer; + meta?: { + name?: string; + }; +} export interface DiscoverLinkProps { - documentFilters?: QueryDslQueryContainer[]; - logsSource: IndexNameLogsSourceConfiguration; + documentFilters?: LinkFilter[]; + logsSource: ResolvedIndexNameLogsSourceConfiguration; timeRange: { start: string; end: string; @@ -46,10 +52,10 @@ export const DiscoverLink = React.memo( filters: documentFilters?.map((filter) => buildCustomFilter( logsSource.indexName, - filter, + filter.filter, false, false, - categorizedLogsFilterLabel, + filter.meta?.name ?? categorizedLogsFilterLabel, FilterStateStore.APP_STATE ) ), diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories.tsx index 6204667827281..1ce45ca6b3727 100644 --- a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories.tsx @@ -14,7 +14,12 @@ import { categorizeLogsService, createCategorizeLogsServiceImplementations, } from '../../services/categorize_logs_service'; -import { IndexNameLogsSourceConfiguration } from '../../utils/logs_source'; +import { + categoryDetailsService, + createCategoryDetailsServiceImplementations, +} from '../../services/category_details_service'; +import { LogCategory } from '../../types'; +import { ResolvedIndexNameLogsSourceConfiguration } from '../../utils/logs_source'; import { LogCategoriesErrorContent } from './log_categories_error_content'; import { LogCategoriesLoadingContent } from './log_categories_loading_content'; import { @@ -25,7 +30,7 @@ import { export interface LogCategoriesProps { dependencies: LogCategoriesDependencies; documentFilters?: QueryDslQueryContainer[]; - logsSource: IndexNameLogsSourceConfiguration; + logsSource: ResolvedIndexNameLogsSourceConfiguration; // The time range could be made optional if we want to support an internal // time range picker timeRange: { @@ -61,12 +66,49 @@ export const LogCategories: React.FC = ({ } ); + const [categoryDetailsServiceState, sendToCategoryDetailsService] = useMachine( + categoryDetailsService.provide( + createCategoryDetailsServiceImplementations({ search: dependencies.search }) + ), + { + inspect: consoleInspector, + input: { + index: logsSource.indexName, + startTimestamp: timeRange.start, + endTimestamp: timeRange.end, + timeField: logsSource.timestampField, + messageField: logsSource.messageField, + additionalFilters: documentFilters, + dataView: logsSource.dataView, + }, + } + ); + const cancelOperation = useCallback(() => { sendToCategorizeLogsService({ type: 'cancel', }); }, [sendToCategorizeLogsService]); + const closeFlyout = useCallback(() => { + sendToCategoryDetailsService({ + type: 'setExpandedCategory', + category: null, + rowIndex: null, + }); + }, [sendToCategoryDetailsService]); + + const openFlyout = useCallback( + (category: LogCategory | null, rowIndex: number | null) => { + sendToCategoryDetailsService({ + type: 'setExpandedCategory', + category, + rowIndex, + }); + }, + [sendToCategoryDetailsService] + ); + if (categorizeLogsServiceState.matches('done')) { return ( = ({ logCategories={categorizeLogsServiceState.context.categories} logsSource={logsSource} timeRange={timeRange} + categoryDetailsServiceState={categoryDetailsServiceState} + onCloseFlyout={closeFlyout} + onOpenFlyout={openFlyout} /> ); } else if (categorizeLogsServiceState.matches('failed')) { diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_control_bar.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_control_bar.tsx index 4538b0ec2fd5d..7c13ac1446320 100644 --- a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_control_bar.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_control_bar.tsx @@ -8,13 +8,13 @@ import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import type { SharePluginStart } from '@kbn/share-plugin/public'; -import React from 'react'; -import type { IndexNameLogsSourceConfiguration } from '../../utils/logs_source'; +import React, { useMemo } from 'react'; +import type { ResolvedIndexNameLogsSourceConfiguration } from '../../utils/logs_source'; import { DiscoverLink } from '../discover_link'; export interface LogCategoriesControlBarProps { documentFilters?: QueryDslQueryContainer[]; - logsSource: IndexNameLogsSourceConfiguration; + logsSource: ResolvedIndexNameLogsSourceConfiguration; timeRange: { start: string; end: string; @@ -28,12 +28,17 @@ export interface LogCategoriesControlBarDependencies { export const LogCategoriesControlBar: React.FC = React.memo( ({ dependencies, documentFilters, logsSource, timeRange }) => { + const linkFilters = useMemo( + () => documentFilters?.map((filter) => ({ filter })), + [documentFilters] + ); + return ( diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid.tsx index d9e960685de99..badd316371ec6 100644 --- a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid.tsx @@ -25,10 +25,14 @@ import { logCategoriesGridColumns, renderLogCategoriesGridCell, } from './log_categories_grid_cell'; +import { createLogCategoriesGridControlColumns } from './log_categories_grid_control_columns'; export interface LogCategoriesGridProps { dependencies: LogCategoriesGridDependencies; logCategories: LogCategory[]; + expandedRowIndex: number | null; + onOpenFlyout: (category: LogCategory, rowIndex: number) => void; + onCloseFlyout: () => void; } export type LogCategoriesGridDependencies = LogCategoriesGridCellDependencies; @@ -36,6 +40,9 @@ export type LogCategoriesGridDependencies = LogCategoriesGridCellDependencies; export const LogCategoriesGrid: React.FC = ({ dependencies, logCategories, + expandedRowIndex, + onOpenFlyout, + onCloseFlyout, }) => { const [gridState, dispatchGridEvent] = useMachine(gridStateService, { input: { @@ -93,6 +100,11 @@ export const LogCategoriesGrid: React.FC = ({ onSort: (sortingColumns) => dispatchGridEvent({ type: 'changeSortingColumns', sortingColumns }), }} + leadingControlColumns={createLogCategoriesGridControlColumns({ + expandedRowIndex, + onOpenFlyout, + onCloseFlyout, + })} /> ); }; diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_cell.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_cell.tsx index d6ab4969eaf7b..7e40d192df227 100644 --- a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_cell.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_cell.tsx @@ -83,7 +83,7 @@ export type LogCategoriesGridColumnId = (typeof logCategoriesGridColumns)[number const cellContextKey = 'cellContext'; -const getCellContext = (cellContext: object): LogCategoriesGridCellContext => +export const getCellContext = (cellContext: object): LogCategoriesGridCellContext => (cellContextKey in cellContext ? cellContext[cellContextKey] : {}) as LogCategoriesGridCellContext; diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_control_columns.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_control_columns.tsx new file mode 100644 index 0000000000000..546754ae1cc5b --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_control_columns.tsx @@ -0,0 +1,45 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiScreenReaderOnly } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React from 'react'; +import { LogCategory } from '../../types'; +import { createLogCategoriesGridExpandButton } from './log_categories_grid_expand_button'; + +const DEFAULT_CONTROL_COLUMN_WIDTH = 40; + +interface ControlColumnsProps { + expandedRowIndex: number | null; + onOpenFlyout: (category: LogCategory, rowIndex: number) => void; + onCloseFlyout: () => void; +} + +export const createLogCategoriesGridControlColumns = (props: ControlColumnsProps) => { + const { expandedRowIndex, onOpenFlyout, onCloseFlyout } = props; + + return [ + { + id: 'toggleFlyout', + width: DEFAULT_CONTROL_COLUMN_WIDTH, + headerCellRender: () => ( + + + {i18n.translate('xpack.observabilityLogsOverview.controlColumnHeader', { + defaultMessage: 'Control column', + })} + + + ), + rowCellRender: createLogCategoriesGridExpandButton({ + expandedRowIndex, + onOpenFlyout, + onCloseFlyout, + }), + }, + ]; +}; diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_expand_button.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_expand_button.tsx new file mode 100644 index 0000000000000..34c8e72e2d91a --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_expand_button.tsx @@ -0,0 +1,71 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiButtonIcon, EuiToolTip, RenderCellValue } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React, { useCallback } from 'react'; +import { LogCategory } from '../../types'; +import { getCellContext } from './log_categories_grid_cell'; + +interface CreateLogCategoriesGridExpandButtonProps { + expandedRowIndex: number | null; + onOpenFlyout: (category: LogCategory, rowIndex: number) => void; + onCloseFlyout: () => void; +} + +export const createLogCategoriesGridExpandButton = + ({ + expandedRowIndex, + onOpenFlyout, + onCloseFlyout, + }: CreateLogCategoriesGridExpandButtonProps): RenderCellValue => + (props) => { + const { rowIndex } = props; + const { logCategories } = getCellContext(props); + const logCategory = logCategories[rowIndex]; + const isCurrentRowExpanded = expandedRowIndex === rowIndex; + const onClickHandler = useCallback(() => { + if (isCurrentRowExpanded) { + onCloseFlyout(); + } else { + onOpenFlyout(logCategory, rowIndex); + } + }, [isCurrentRowExpanded, logCategory, rowIndex]); + + return ( + + ); + }; + +interface ExpandButtonProps { + isCurrentRowExpanded: boolean; + onClickHandler: () => void; +} + +const ExpandButton: React.FC = ({ isCurrentRowExpanded, onClickHandler }) => { + return ( + + + + ); +}; + +const buttonLabel = i18n.translate( + 'xpack.observabilityLogsOverview.logCategoriesGrid.controlColumns.toggleFlyout', + { + defaultMessage: 'Toggle flyout with details', + } +); diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_pattern_cell.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_pattern_cell.tsx index d507487a99e3c..7507ab5b23f44 100644 --- a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_pattern_cell.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_grid_pattern_cell.tsx @@ -5,11 +5,11 @@ * 2.0. */ -import { EuiDataGridColumn, useEuiTheme } from '@elastic/eui'; -import { css } from '@emotion/react'; +import { EuiDataGridColumn } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import React, { useMemo } from 'react'; +import React from 'react'; import { LogCategory } from '../../types'; +import { LogCategoryPattern } from '../shared/log_category_pattern'; export const logCategoriesGridPatternColumn = { id: 'pattern' as const, @@ -27,34 +27,5 @@ export interface LogCategoriesGridPatternCellProps { export const LogCategoriesGridPatternCell: React.FC = ({ logCategory, }) => { - const theme = useEuiTheme(); - const { euiTheme } = theme; - const termsList = useMemo(() => logCategory.terms.split(' '), [logCategory.terms]); - - const commonStyle = css` - display: inline-block; - font-family: ${euiTheme.font.familyCode}; - margin-right: ${euiTheme.size.xs}; - `; - - const termStyle = css` - ${commonStyle}; - `; - - const separatorStyle = css` - ${commonStyle}; - color: ${euiTheme.colors.successText}; - `; - - return ( - 
-      
*

-      {termsList.map((term, index) => (
-        
-          
{term}

-          
*

-        
-      ))}
-
- ); + return ; }; diff --git a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_result_content.tsx b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_result_content.tsx index e16bdda7cb44a..c2b1a0989c2ec 100644 --- a/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_result_content.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/log_categories/log_categories_result_content.tsx @@ -9,8 +9,14 @@ import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/type import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import React from 'react'; +import { StateFrom } from 'xstate5'; +import { categoryDetailsService } from '../../services/category_details_service'; import { LogCategory } from '../../types'; -import { IndexNameLogsSourceConfiguration } from '../../utils/logs_source'; +import { ResolvedIndexNameLogsSourceConfiguration } from '../../utils/logs_source'; +import { + LogCategoriesFlyoutDependencies, + LogCategoryDetailsFlyout, +} from '../log_category_details/log_category_details_flyout'; import { LogCategoriesControlBar, LogCategoriesControlBarDependencies, @@ -21,15 +27,19 @@ export interface LogCategoriesResultContentProps { dependencies: LogCategoriesResultContentDependencies; documentFilters?: QueryDslQueryContainer[]; logCategories: LogCategory[]; - logsSource: IndexNameLogsSourceConfiguration; + logsSource: ResolvedIndexNameLogsSourceConfiguration; timeRange: { start: string; end: string; }; + categoryDetailsServiceState: StateFrom; + onCloseFlyout: () => void; + onOpenFlyout: (category: LogCategory, rowIndex: number) => void; } export type LogCategoriesResultContentDependencies = LogCategoriesControlBarDependencies & - LogCategoriesGridDependencies; + LogCategoriesGridDependencies & + LogCategoriesFlyoutDependencies; export const LogCategoriesResultContent: React.FC = ({ dependencies, @@ -37,6 +47,9 @@ export const LogCategoriesResultContent: React.FC { if (logCategories.length === 0) { return ; @@ -52,7 +65,24 @@ export const LogCategoriesResultContent: React.FC - + + {categoryDetailsServiceState.context.expandedCategory && ( + + )} ); diff --git a/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_error_content.tsx b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_error_content.tsx new file mode 100644 index 0000000000000..509d35b0068e5 --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_error_content.tsx @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiCodeBlock, EuiEmptyPrompt } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React from 'react'; + +export interface LogCategoryDetailsErrorContentProps { + error?: Error; + title: string; +} + +export const LogCategoryDetailsErrorContent: React.FC = ({ + error, + title, +}) => { + return ( + {title}} + body={ + +

{error?.stack ?? error?.toString() ?? unknownErrorDescription}

+ + } + layout="vertical" + /> + ); +}; + +const unknownErrorDescription = i18n.translate( + 'xpack.observabilityLogsOverview.logCategoryDetails.unknownErrorDescription', + { + defaultMessage: 'An unspecified error occurred.', + } +); diff --git a/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_flyout.tsx b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_flyout.tsx new file mode 100644 index 0000000000000..2f478c771dbfa --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_flyout.tsx @@ -0,0 +1,139 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + EuiFlexGroup, + EuiFlexItem, + EuiFlyout, + EuiFlyoutBody, + EuiFlyoutHeader, + EuiSpacer, + EuiTitle, + useGeneratedHtmlId, +} from '@elastic/eui'; +import React, { useMemo } from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { StateFrom } from 'xstate5'; +import { i18n } from '@kbn/i18n'; +import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types'; +import { LogCategory } from '../../types'; +import { LogCategoryPattern } from '../shared/log_category_pattern'; +import { categoryDetailsService } from '../../services/category_details_service'; +import { + LogCategoryDocumentExamplesTable, + LogCategoryDocumentExamplesTableDependencies, +} from './log_category_document_examples_table'; +import { type ResolvedIndexNameLogsSourceConfiguration } from '../../utils/logs_source'; +import { LogCategoryDetailsLoadingContent } from './log_category_details_loading_content'; +import { LogCategoryDetailsErrorContent } from './log_category_details_error_content'; +import { DiscoverLink } from '../discover_link'; +import { createCategoryQuery } from '../../services/categorize_logs_service/queries'; + +export type LogCategoriesFlyoutDependencies = LogCategoryDocumentExamplesTableDependencies; + +interface LogCategoryDetailsFlyoutProps { + onCloseFlyout: () => void; + logCategory: LogCategory; + categoryDetailsServiceState: StateFrom; + dependencies: LogCategoriesFlyoutDependencies; + logsSource: ResolvedIndexNameLogsSourceConfiguration; + documentFilters?: QueryDslQueryContainer[]; + timeRange: { + start: string; + end: string; + }; +} + +export const LogCategoryDetailsFlyout: React.FC = ({ + onCloseFlyout, + logCategory, + categoryDetailsServiceState, + dependencies, + logsSource, + documentFilters, + timeRange, +}) => { + const flyoutTitleId = useGeneratedHtmlId({ + prefix: 'flyoutTitle', + }); + + const linkFilters = useMemo(() => { + return [ + ...(documentFilters ? documentFilters.map((filter) => ({ filter })) : []), + { + filter: createCategoryQuery(logsSource.messageField)(logCategory.terms), + meta: { + name: i18n.translate( + 'xpack.observabilityLogsOverview.logCategoryDetailsFlyout.discoverLinkFilterName', + { + defaultMessage: 'Category: {terms}', + values: { + terms: logCategory.terms, + }, + } + ), + }, + }, + ]; + }, [documentFilters, logCategory.terms, logsSource.messageField]); + + return ( + onCloseFlyout()} aria-labelledby={flyoutTitleId}> + + + + +

+ +

+ + + + + + + + + + + {categoryDetailsServiceState.matches({ hasCategory: 'fetchingDocuments' }) ? ( + + ) : categoryDetailsServiceState.matches({ hasCategory: 'error' }) ? ( + + ) : ( + + )} + + + ); +}; diff --git a/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_loading_content.tsx b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_loading_content.tsx new file mode 100644 index 0000000000000..fd6aa50a38221 --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_details_loading_content.tsx @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiEmptyPrompt, EuiLoadingSpinner } from '@elastic/eui'; +import React from 'react'; + +interface LogCategoryDetailsLoadingContentProps { + message: string; +} + +export const LogCategoryDetailsLoadingContent: React.FC = ({ + message, +}) => { + return } title={

{message}

} />; +}; diff --git a/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_document_examples_table.tsx b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_document_examples_table.tsx new file mode 100644 index 0000000000000..6b43fa86fe49e --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/components/log_category_details/log_category_document_examples_table.tsx @@ -0,0 +1,151 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiBasicTable, EuiBasicTableColumn, EuiSpacer, EuiText } from '@elastic/eui'; +import React, { useMemo } from 'react'; +import { i18n } from '@kbn/i18n'; +import { DataGridDensity, ROWS_HEIGHT_OPTIONS } from '@kbn/unified-data-table'; +import moment from 'moment'; +import type { SettingsStart } from '@kbn/core-ui-settings-browser'; +import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public'; +import type { SharePluginStart } from '@kbn/share-plugin/public'; +import { CoreStart } from '@kbn/core-lifecycle-browser'; +import { getLogLevelBadgeCell, LazySummaryColumn } from '@kbn/discover-contextual-components'; +import type { LogCategoryDocument } from '../../services/category_details_service/types'; +import { type ResolvedIndexNameLogsSourceConfiguration } from '../../utils/logs_source'; + +export interface LogCategoryDocumentExamplesTableDependencies { + core: CoreStart; + uiSettings: SettingsStart; + fieldFormats: FieldFormatsStart; + share: SharePluginStart; +} + +export interface LogCategoryDocumentExamplesTableProps { + dependencies: LogCategoryDocumentExamplesTableDependencies; + categoryDocuments: LogCategoryDocument[]; + logsSource: ResolvedIndexNameLogsSourceConfiguration; +} + +const TimestampCell = ({ + dependencies, + timestamp, +}: { + dependencies: LogCategoryDocumentExamplesTableDependencies; + timestamp?: string | number; +}) => { + const dateFormat = useMemo( + () => dependencies.uiSettings.client.get('dateFormat'), + [dependencies.uiSettings.client] + ); + if (!timestamp) return null; + + if (dateFormat) { + return <>{moment(timestamp).format(dateFormat)}; + } else { + return <>{timestamp}; + } +}; + +const LogLevelBadgeCell = getLogLevelBadgeCell('log.level'); + +export const LogCategoryDocumentExamplesTable: React.FC = ({ + categoryDocuments, + dependencies, + logsSource, +}) => { + const columns: Array> = [ + { + field: 'row', + name: 'Timestamp', + width: '25%', + render: (row: any) => { + return ( + + ); + }, + }, + { + field: 'row', + name: 'Log level', + width: '10%', + render: (row: any) => { + return ( + {}} + closePopover={() => {}} + /> + ); + }, + }, + { + field: 'row', + name: 'Summary', + width: '65%', + render: (row: any) => { + return ( + {}} + closePopover={() => {}} + density={DataGridDensity.COMPACT} + rowHeight={ROWS_HEIGHT_OPTIONS.single} + shouldShowFieldHandler={() => false} + core={dependencies.core} + share={dependencies.share} + /> + ); + }, + }, + ]; + return ( + <> + + {i18n.translate( + 'xpack.observabilityLogsOverview.logCategoryDocumentExamplesTable.documentCountText', + { + defaultMessage: 'Displaying the latest {documentsCount} documents.', + values: { + documentsCount: categoryDocuments.length, + }, + } + )} + + + + + ); +}; diff --git a/x-pack/packages/observability/logs_overview/src/components/logs_overview/logs_overview.tsx b/x-pack/packages/observability/logs_overview/src/components/logs_overview/logs_overview.tsx index 988656eb1571e..77535228f7af6 100644 --- a/x-pack/packages/observability/logs_overview/src/components/logs_overview/logs_overview.tsx +++ b/x-pack/packages/observability/logs_overview/src/components/logs_overview/logs_overview.tsx @@ -9,6 +9,7 @@ import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; import { type LogsDataAccessPluginStart } from '@kbn/logs-data-access-plugin/public'; import React from 'react'; import useAsync from 'react-use/lib/useAsync'; +import { DataViewsContract } from '@kbn/data-views-plugin/public'; import { LogsSourceConfiguration, normalizeLogsSource } from '../../utils/logs_source'; import { LogCategories, LogCategoriesDependencies } from '../log_categories'; import { LogsOverviewErrorContent } from './logs_overview_error_content'; @@ -26,6 +27,7 @@ export interface LogsOverviewProps { export type LogsOverviewDependencies = LogCategoriesDependencies & { logsDataAccess: LogsDataAccessPluginStart; + dataViews: DataViewsContract; }; export const LogsOverview: React.FC = React.memo( @@ -36,8 +38,12 @@ export const LogsOverview: React.FC = React.memo( timeRange, }) => { const normalizedLogsSource = useAsync( - () => normalizeLogsSource({ logsDataAccess: dependencies.logsDataAccess })(logsSource), - [dependencies.logsDataAccess, logsSource] + () => + normalizeLogsSource({ + logsDataAccess: dependencies.logsDataAccess, + dataViewsService: dependencies.dataViews, + })(logsSource), + [dependencies.dataViews, dependencies.logsDataAccess, logsSource] ); if (normalizedLogsSource.loading) { diff --git a/x-pack/packages/observability/logs_overview/src/components/shared/log_category_pattern.tsx b/x-pack/packages/observability/logs_overview/src/components/shared/log_category_pattern.tsx new file mode 100644 index 0000000000000..8a8deb5918324 --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/components/shared/log_category_pattern.tsx @@ -0,0 +1,50 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useEuiTheme } from '@elastic/eui'; +import { useMemo } from 'react'; +import { css } from '@emotion/react'; +import React from 'react'; +import { getLogCategoryTerms } from '../../utils/log_category'; +import { LogCategory } from '../../types'; + +interface LogCategoryPatternProps { + logCategory: LogCategory; +} + +export const LogCategoryPattern: React.FC = ({ logCategory }) => { + const theme = useEuiTheme(); + const { euiTheme } = theme; + const termsList = useMemo(() => getLogCategoryTerms(logCategory), [logCategory]); + + const commonStyle = css` + display: inline-block; + font-family: ${euiTheme.font.familyCode}; + margin-right: ${euiTheme.size.xs}; + `; + + const termStyle = css` + ${commonStyle}; + `; + + const separatorStyle = css` + ${commonStyle}; + color: ${euiTheme.colors.successText}; + `; + + return ( + 
+      
*

+      {termsList.map((term, index) => (
+        
+          
{term}

+          
*

+        
+      ))}
+
+ ); +}; diff --git a/x-pack/packages/observability/logs_overview/src/services/category_details_service/category_details_service.ts b/x-pack/packages/observability/logs_overview/src/services/category_details_service/category_details_service.ts new file mode 100644 index 0000000000000..958f717548600 --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/services/category_details_service/category_details_service.ts @@ -0,0 +1,191 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { MachineImplementationsFrom, assign, setup } from 'xstate5'; +import { LogCategory } from '../../types'; +import { getPlaceholderFor } from '../../utils/xstate5_utils'; +import { + CategoryDetailsServiceDependencies, + LogCategoryDocument, + LogCategoryDetailsParams, +} from './types'; +import { getCategoryDocuments } from './category_documents'; + +export const categoryDetailsService = setup({ + types: { + input: {} as LogCategoryDetailsParams, + output: {} as { + categoryDocuments: LogCategoryDocument[] | null; + }, + context: {} as { + parameters: LogCategoryDetailsParams; + error?: Error; + expandedRowIndex: number | null; + expandedCategory: LogCategory | null; + categoryDocuments: LogCategoryDocument[]; + }, + events: {} as + | { + type: 'cancel'; + } + | { + type: 'setExpandedCategory'; + rowIndex: number | null; + category: LogCategory | null; + }, + }, + actors: { + getCategoryDocuments: getPlaceholderFor(getCategoryDocuments), + }, + actions: { + storeCategory: assign( + ({ context, event }, params: { category: LogCategory | null; rowIndex: number | null }) => ({ + expandedCategory: params.category, + expandedRowIndex: params.rowIndex, + }) + ), + storeDocuments: assign( + ({ context, event }, params: { categoryDocuments: LogCategoryDocument[] }) => ({ + categoryDocuments: params.categoryDocuments, + }) + ), + storeError: assign((_, params: { error: unknown }) => ({ + error: params.error instanceof Error ? params.error : new Error(String(params.error)), + })), + }, + guards: { + hasCategory: (_guardArgs, params: { expandedCategory: LogCategory | null }) => + params.expandedCategory !== null, + hasDocumentExamples: ( + _guardArgs, + params: { categoryDocuments: LogCategoryDocument[] | null } + ) => params.categoryDocuments !== null && params.categoryDocuments.length > 0, + }, +}).createMachine({ + /** @xstate-layout N4IgpgJg5mDOIC5QGMCGAXMUD2AnAlgF5gAy2UsAdMtgK4B26+9UAItsrQLZiOwDEEbPTCVmAN2wBrUWkw4CxMhWp1GzNh2690sBBI4Z8wgNoAGALrmLiUAAdssfE2G2QAD0QBmMwA5KACy+AQFmob4AjABMwQBsADQgAJ6IkYEAnJkA7FmxZlERmQGxAL4liXJYeESk5FQ0DEws7Jw8fILCogYy1BhVirUqDerNWm26+vSScsb01iYRNkggDk4u9G6eCD7+QSFhftFxiSkIvgCsWZSxEVlRsbFZ52Zm515lFX0KNcr1ak2aVo6ARCERiKbSWRfapKOqqRoaFraPiTaZGUyWExRJb2RzOWabbx+QLBULhI7FE7eWL+F45GnRPIRZkfECVb6wob-RFjYH8MC4XB4Sh2AA2GAAZnguL15DDBn8EaMgSiDDMMVZLG5VvjXMstjsSftyTFKclEOdzgFKF5zukvA8zBFnl50udWez5b94SNAcjdPw0PRkGBRdZtXj1oTtsS9mTDqaEuaEBF8udKFkIr5fK6olkzOksgEPdCBt6JWB0MgABYaADKqC4YsgAGFS-g4B0wd0oXKBg2m6LW+24OHljqo-rEMzbpQos8-K7fC9CknTrF0rEbbb0oVMoWIgF3eU2e3OVQK1XaywB82IG2+x2BAKhbgReL0FLcDLPf3G3eH36J8x1xNYCSnFNmSuecXhzdJlydTcqQQLJfHSOc0PyLJN3SMxYiPEtH3PShLxret-yHe8RwEIMQzDLVx0jcDQC2GdoIXOCENXZDsyiOcAiiKJ0iiPDLi8V1CKA4jSOvKAACUwC4VBmA0QDvk7UEughHpfxqBSlJUlg1OqUcGNA3UNggrMs347IjzdaIvGQwSvECXI8k3Z43gEiJJI5BUSMrMiWH05T6FU6j+UFYUxUlaVZSksBQsMqBjIIUycRWJi9RY6dIn8KIAjsu1zkc5CAmiG1fBiaIzB8B0QmPT4iICmSNGS8KjMi2jQxArKwJyjw8pswriocqInOTLwIi3ASD1yQpswCd5WXobAIDgNxdPPCMBss3KEAAWjXRBDvTfcLsu9Jlr8r04WGAEkXGeBGL26MBOQzIt2ut4cwmirCt8W6yzhNqbwo4dH0216LOjTMIjnBdYhK1DYgdHjihtZbUIdWIXJuYGflBoLZI6iKoZe8zJwOw9KtGt1kbuTcsmQrwi0oeCQjzZ5blwt1Cek5TKN22GIIKZbAgKC45pyLyeLwtz4Kyabs1QgWAs0kXqaGhBxdcnzpaE2XXmch0MORmaBJeLwjbKMogA */ + id: 'logCategoryDetails', + context: ({ input }) => ({ + expandedCategory: null, + expandedRowIndex: null, + categoryDocuments: [], + parameters: input, + }), + initial: 'idle', + states: { + idle: { + on: { + setExpandedCategory: { + target: 'checkingCategoryState', + actions: [ + { + type: 'storeCategory', + params: ({ event }) => event, + }, + ], + }, + }, + }, + checkingCategoryState: { + always: [ + { + guard: { + type: 'hasCategory', + params: ({ event, context }) => { + return { + expandedCategory: context.expandedCategory, + }; + }, + }, + target: '#hasCategory.fetchingDocuments', + }, + { target: 'idle' }, + ], + }, + hasCategory: { + id: 'hasCategory', + initial: 'fetchingDocuments', + on: { + setExpandedCategory: { + target: 'checkingCategoryState', + actions: [ + { + type: 'storeCategory', + params: ({ event }) => event, + }, + ], + }, + }, + states: { + fetchingDocuments: { + invoke: { + src: 'getCategoryDocuments', + id: 'fetchCategoryDocumentExamples', + input: ({ context }) => ({ + ...context.parameters, + categoryTerms: context.expandedCategory!.terms, + }), + onDone: [ + { + guard: { + type: 'hasDocumentExamples', + params: ({ event }) => { + return event.output; + }, + }, + target: 'hasData', + actions: [ + { + type: 'storeDocuments', + params: ({ event }) => { + return event.output; + }, + }, + ], + }, + { + target: 'noData', + actions: [ + { + type: 'storeDocuments', + params: ({ event }) => { + return { categoryDocuments: [] }; + }, + }, + ], + }, + ], + onError: { + target: 'error', + actions: [ + { + type: 'storeError', + params: ({ event }) => ({ error: event.error }), + }, + ], + }, + }, + }, + hasData: {}, + noData: {}, + error: {}, + }, + }, + }, + output: ({ context }) => ({ + categoryDocuments: context.categoryDocuments, + }), +}); + +export const createCategoryDetailsServiceImplementations = ({ + search, +}: CategoryDetailsServiceDependencies): MachineImplementationsFrom< + typeof categoryDetailsService +> => ({ + actors: { + getCategoryDocuments: getCategoryDocuments({ search }), + }, +}); diff --git a/x-pack/packages/observability/logs_overview/src/services/category_details_service/category_documents.ts b/x-pack/packages/observability/logs_overview/src/services/category_details_service/category_documents.ts new file mode 100644 index 0000000000000..b513fa79fc686 --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/services/category_details_service/category_documents.ts @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ISearchGeneric } from '@kbn/search-types'; +import { fromPromise } from 'xstate5'; +import { lastValueFrom } from 'rxjs'; +import { flattenHit } from '@kbn/data-service'; +import { LogCategoryDocument, LogCategoryDocumentsParams } from './types'; +import { createGetLogCategoryDocumentsRequestParams } from './queries'; + +export const getCategoryDocuments = ({ search }: { search: ISearchGeneric }) => + fromPromise< + { + categoryDocuments: LogCategoryDocument[]; + }, + LogCategoryDocumentsParams + >( + async ({ + input: { + index, + endTimestamp, + startTimestamp, + timeField, + messageField, + categoryTerms, + additionalFilters = [], + dataView, + }, + signal, + }) => { + const requestParams = createGetLogCategoryDocumentsRequestParams({ + index, + timeField, + messageField, + startTimestamp, + endTimestamp, + additionalFilters, + categoryTerms, + }); + + const { rawResponse } = await lastValueFrom( + search({ params: requestParams }, { abortSignal: signal }) + ); + + const categoryDocuments: LogCategoryDocument[] = + rawResponse.hits?.hits.map((hit) => { + return { + row: { + raw: hit._source, + flattened: flattenHit(hit, dataView), + }, + }; + }) ?? []; + + return { + categoryDocuments, + }; + } + ); diff --git a/x-pack/packages/observability/logs_overview/src/services/category_details_service/index.ts b/x-pack/packages/observability/logs_overview/src/services/category_details_service/index.ts new file mode 100644 index 0000000000000..5df79dbab2cbd --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/services/category_details_service/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './category_details_service'; diff --git a/x-pack/packages/observability/logs_overview/src/services/category_details_service/queries.ts b/x-pack/packages/observability/logs_overview/src/services/category_details_service/queries.ts new file mode 100644 index 0000000000000..cd1053077c334 --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/services/category_details_service/queries.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; +import { createCategoryQuery } from '../categorize_logs_service/queries'; + +export const createGetLogCategoryDocumentsRequestParams = ({ + index, + timeField, + messageField, + startTimestamp, + endTimestamp, + additionalFilters = [], + categoryTerms = '', + documentCount = 20, +}: { + startTimestamp: string; + endTimestamp: string; + index: string; + timeField: string; + messageField: string; + additionalFilters?: QueryDslQueryContainer[]; + categoryTerms?: string; + documentCount?: number; +}) => { + return { + index, + size: documentCount, + track_total_hits: false, + sort: [{ [timeField]: { order: 'desc' } }], + query: { + bool: { + filter: [ + { + exists: { + field: messageField, + }, + }, + { + range: { + [timeField]: { + gte: startTimestamp, + lte: endTimestamp, + format: 'strict_date_time', + }, + }, + }, + createCategoryQuery(messageField)(categoryTerms), + ...additionalFilters, + ], + }, + }, + }; +}; diff --git a/x-pack/packages/observability/logs_overview/src/services/category_details_service/types.ts b/x-pack/packages/observability/logs_overview/src/services/category_details_service/types.ts new file mode 100644 index 0000000000000..72369275578e3 --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/services/category_details_service/types.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; +import { ISearchGeneric } from '@kbn/search-types'; +import { type DataView } from '@kbn/data-views-plugin/common'; +import type { DataTableRecord } from '@kbn/discover-utils'; + +export interface LogCategoryDocument { + row: Pick; +} + +export interface LogCategoryDetailsParams { + additionalFilters: QueryDslQueryContainer[]; + endTimestamp: string; + index: string; + messageField: string; + startTimestamp: string; + timeField: string; + dataView: DataView; +} + +export interface CategoryDetailsServiceDependencies { + search: ISearchGeneric; +} + +export type LogCategoryDocumentsParams = LogCategoryDetailsParams & { categoryTerms: string }; diff --git a/x-pack/packages/observability/logs_overview/src/utils/log_category.ts b/x-pack/packages/observability/logs_overview/src/utils/log_category.ts new file mode 100644 index 0000000000000..3a5e72522d78e --- /dev/null +++ b/x-pack/packages/observability/logs_overview/src/utils/log_category.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { LogCategory } from '../types'; + +export const getLogCategoryTerms = (logCategory: LogCategory) => { + return logCategory.terms.split(' '); +}; diff --git a/x-pack/packages/observability/logs_overview/src/utils/logs_source.ts b/x-pack/packages/observability/logs_overview/src/utils/logs_source.ts index 0c8767c8702d4..15c318766be0e 100644 --- a/x-pack/packages/observability/logs_overview/src/utils/logs_source.ts +++ b/x-pack/packages/observability/logs_overview/src/utils/logs_source.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { type AbstractDataView } from '@kbn/data-views-plugin/common'; +import { type DataViewsContract, type DataView } from '@kbn/data-views-plugin/common'; import { LogsDataAccessPluginStart } from '@kbn/logs-data-access-plugin/public'; export type LogsSourceConfiguration = @@ -28,33 +28,68 @@ export interface IndexNameLogsSourceConfiguration { export interface DataViewLogsSourceConfiguration { type: 'data_view'; - dataView: AbstractDataView; + dataView: DataView; messageField?: string; } +export type ResolvedIndexNameLogsSourceConfiguration = IndexNameLogsSourceConfiguration & { + dataView: DataView; +}; + export const normalizeLogsSource = - ({ logsDataAccess }: { logsDataAccess: LogsDataAccessPluginStart }) => - async (logsSource: LogsSourceConfiguration): Promise => { + ({ + logsDataAccess, + dataViewsService, + }: { + logsDataAccess: LogsDataAccessPluginStart; + dataViewsService: DataViewsContract; + }) => + async ( + logsSource: LogsSourceConfiguration + ): Promise => { switch (logsSource.type) { case 'index_name': - return logsSource; + return { + ...logsSource, + dataView: await getDataViewForLogSource(logsSource, dataViewsService), + }; case 'shared_setting': const logSourcesFromSharedSettings = await logsDataAccess.services.logSourcesService.getLogSources(); - return { - type: 'index_name', + const sharedSettingLogsSource = { + type: 'index_name' as const, indexName: logSourcesFromSharedSettings .map((logSource) => logSource.indexPattern) .join(','), timestampField: logsSource.timestampField ?? '@timestamp', messageField: logsSource.messageField ?? 'message', }; - case 'data_view': return { - type: 'index_name', + ...sharedSettingLogsSource, + dataView: await getDataViewForLogSource(sharedSettingLogsSource, dataViewsService), + }; + case 'data_view': + const dataViewLogsSource = { + type: 'index_name' as const, indexName: logsSource.dataView.getIndexPattern(), timestampField: logsSource.dataView.timeFieldName ?? '@timestamp', messageField: logsSource.messageField ?? 'message', }; + return { + ...dataViewLogsSource, + dataView: logsSource.dataView, + }; } }; + +// Ad-hoc Data View +const getDataViewForLogSource = async ( + logSourceConfiguration: IndexNameLogsSourceConfiguration, + dataViewsService: DataViewsContract +) => { + const dataView = await dataViewsService.create({ + title: logSourceConfiguration.indexName, + timeFieldName: logSourceConfiguration.timestampField, + }); + return dataView; +}; diff --git a/x-pack/packages/observability/logs_overview/tsconfig.json b/x-pack/packages/observability/logs_overview/tsconfig.json index 886062ae8855f..29595ce0162fe 100644 --- a/x-pack/packages/observability/logs_overview/tsconfig.json +++ b/x-pack/packages/observability/logs_overview/tsconfig.json @@ -31,9 +31,15 @@ "@kbn/ml-random-sampler-utils", "@kbn/zod", "@kbn/calculate-auto", - "@kbn/discover-plugin", "@kbn/es-query", "@kbn/router-utils", "@kbn/share-plugin", + "@kbn/field-formats-plugin", + "@kbn/data-service", + "@kbn/discover-utils", + "@kbn/discover-plugin", + "@kbn/unified-data-table", + "@kbn/discover-contextual-components", + "@kbn/core-lifecycle-browser", ] } diff --git a/x-pack/plugins/observability_solution/logs_shared/kibana.jsonc b/x-pack/plugins/observability_solution/logs_shared/kibana.jsonc index 10c8fe32cfe9c..f5e9f76c2ace6 100644 --- a/x-pack/plugins/observability_solution/logs_shared/kibana.jsonc +++ b/x-pack/plugins/observability_solution/logs_shared/kibana.jsonc @@ -11,6 +11,7 @@ "requiredPlugins": [ "charts", "data", + "fieldFormats", "dataViews", "discoverShared", "logsDataAccess", @@ -21,7 +22,7 @@ "optionalPlugins": [ "observabilityAIAssistant", ], - "requiredBundles": ["kibanaUtils", "kibanaReact"], + "requiredBundles": ["kibanaUtils", "kibanaReact", "unifiedDocViewer"], "extraPublicDirs": ["common"] } } diff --git a/x-pack/plugins/observability_solution/logs_shared/public/plugin.ts b/x-pack/plugins/observability_solution/logs_shared/public/plugin.tsx similarity index 97% rename from x-pack/plugins/observability_solution/logs_shared/public/plugin.ts rename to x-pack/plugins/observability_solution/logs_shared/public/plugin.tsx index fc17e9b17cc82..0321651607ed1 100644 --- a/x-pack/plugins/observability_solution/logs_shared/public/plugin.ts +++ b/x-pack/plugins/observability_solution/logs_shared/public/plugin.tsx @@ -61,6 +61,7 @@ export class LogsSharedPlugin implements LogsSharedClientPluginClass { logsDataAccess, observabilityAIAssistant, share, + fieldFormats, } = plugins; const logViews = this.logViews.start({ @@ -71,11 +72,14 @@ export class LogsSharedPlugin implements LogsSharedClientPluginClass { }); const LogsOverview = createLogsOverview({ + core, charts, logsDataAccess, search: data.search.search, uiSettings: settings, share, + dataViews, + fieldFormats, }); if (!observabilityAIAssistant) { diff --git a/x-pack/plugins/observability_solution/logs_shared/public/types.ts b/x-pack/plugins/observability_solution/logs_shared/public/types.ts index 4237c28c621b8..e2435fa1f4915 100644 --- a/x-pack/plugins/observability_solution/logs_shared/public/types.ts +++ b/x-pack/plugins/observability_solution/logs_shared/public/types.ts @@ -14,6 +14,7 @@ import type { LogsDataAccessPluginStart } from '@kbn/logs-data-access-plugin/pub import type { ObservabilityAIAssistantPublicStart } from '@kbn/observability-ai-assistant-plugin/public'; import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public'; import type { UiActionsStart } from '@kbn/ui-actions-plugin/public'; +import { FieldFormatsStart } from '@kbn/field-formats-plugin/public'; import type { LogsSharedLocators } from '../common/locators'; import type { LogAIAssistantProps } from './components/log_ai_assistant/log_ai_assistant'; import type { SelfContainedLogsOverview } from './components/logs_overview'; @@ -44,6 +45,7 @@ export interface LogsSharedClientStartDeps { observabilityAIAssistant?: ObservabilityAIAssistantPublicStart; share: SharePluginStart; uiActions: UiActionsStart; + fieldFormats: FieldFormatsStart; } export type LogsSharedClientCoreSetup = CoreSetup< diff --git a/x-pack/plugins/observability_solution/logs_shared/tsconfig.json b/x-pack/plugins/observability_solution/logs_shared/tsconfig.json index 788f55c9b6fc5..f171c79afccd0 100644 --- a/x-pack/plugins/observability_solution/logs_shared/tsconfig.json +++ b/x-pack/plugins/observability_solution/logs_shared/tsconfig.json @@ -48,5 +48,6 @@ "@kbn/observability-logs-overview", "@kbn/charts-plugin", "@kbn/core-ui-settings-common", + "@kbn/field-formats-plugin", ] } diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 66e89113c6323..dc00787a579c6 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -2480,45 +2480,10 @@ "discover.localMenu.saveTitle": "Enregistrer", "discover.localMenu.shareSearchDescription": "Partager la recherche", "discover.localMenu.shareTitle": "Partager", - "discover.logs.dataTable.controlColumn.actions.button.degradedDoc": "Accès à un document dégradé avec le champ {ignoredProperty}", - "discover.logs.dataTable.controlColumn.actions.button.degradedDocNotPresent": "Tous les champs de ce document ont été analysés correctement", - "discover.logs.dataTable.controlColumn.actions.button.degradedDocPresent": "Ce document n'a pas pu être analysé correctement. Tous les champs n'ont pas été remplis correctement", - "discover.logs.dataTable.controlColumn.actions.button.stacktrace.available": "Traces d'appel disponibles", - "discover.logs.dataTable.controlColumn.actions.button.stacktrace.notAvailable": "Traces d'appel indisponibles", - "discover.logs.dataTable.header.actions.tooltip.expand": "Développer les détails du log", - "discover.logs.dataTable.header.actions.tooltip.paragraph": "Les champs fournissant des informations exploitables, comme :", - "discover.logs.dataTable.header.actions.tooltip.stacktrace": "L'accès aux traces d'appel disponibles est basé sur :", - "discover.logs.dataTable.header.content.tooltip.paragraph1": "Affiche le {logLevel} du document et les champs {message}.", - "discover.logs.dataTable.header.content.tooltip.paragraph2": "Lorsque le champ de message est vide, l'une des informations suivantes s'affiche :", - "discover.logs.dataTable.header.popover.actions": "Actions", - "discover.logs.dataTable.header.popover.actions.lowercase": "actions", "discover.logs.dataTable.header.popover.content": "Contenu", "discover.logs.dataTable.header.popover.resource": "Ressource", - "discover.logs.dataTable.header.resource.tooltip.paragraph": "Les champs fournissant des informations sur la source du document, comme :", - "discover.logs.flyoutDetail.accordion.title.cloud": "Cloud", - "discover.logs.flyoutDetail.accordion.title.other": "Autre", - "discover.logs.flyoutDetail.accordion.title.serviceInfra": "Service et Infrastructure", - "discover.logs.flyoutDetail.label.cloudAvailabilityZone": "Zone de disponibilité du cloud", - "discover.logs.flyoutDetail.label.cloudInstanceId": "ID d'instance du cloud", - "discover.logs.flyoutDetail.label.cloudProjectId": "ID de projet du cloud", - "discover.logs.flyoutDetail.label.cloudProvider": "Fournisseur cloud", - "discover.logs.flyoutDetail.label.cloudRegion": "Région du cloud", - "discover.logs.flyoutDetail.label.dataset": "Ensemble de données", - "discover.logs.flyoutDetail.label.hostName": "Nom d'hôte", - "discover.logs.flyoutDetail.label.logPathFile": "Fichier de chemin d'accès au log", - "discover.logs.flyoutDetail.label.message": "Répartition du contenu", - "discover.logs.flyoutDetail.label.namespace": "Espace de nom", - "discover.logs.flyoutDetail.label.orchestratorClusterName": "Nom de cluster de l'orchestrateur", - "discover.logs.flyoutDetail.label.orchestratorResourceId": "ID de ressource de l'orchestrateur", - "discover.logs.flyoutDetail.label.service": "Service", - "discover.logs.flyoutDetail.label.shipper": "Agent de transfert", - "discover.logs.flyoutDetail.label.trace": "Trace", - "discover.logs.flyoutDetail.section.showMore": "+ {hiddenCount} autres", - "discover.logs.flyoutDetail.value.hover.copyToClipboard": "Copier dans le presse-papiers", "discover.logs.flyoutDetail.value.hover.filterFor": "Filtrer sur cette {value}", - "discover.logs.flyoutDetail.value.hover.filterForFieldPresent": "Filtrer sur le champ", "discover.logs.flyoutDetail.value.hover.filterOut": "Exclure cette {value}", - "discover.logs.flyoutDetail.value.hover.toggleColumn": "Afficher/Masquer la colonne dans le tableau", "discover.logs.popoverAction.closePopover": "Fermer la fenêtre contextuelle", "discover.logs.popoverAction.copyValue": "Copier la valeur", "discover.logs.popoverAction.copyValueAriaText": "Copier la valeur de {fieldName}", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 9911ab62dc00b..8345a6b36ae8f 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -2479,45 +2479,10 @@ "discover.localMenu.saveTitle": "保存", "discover.localMenu.shareSearchDescription": "検索を共有します", "discover.localMenu.shareTitle": "共有", - "discover.logs.dataTable.controlColumn.actions.button.degradedDoc": "{ignoredProperty}フィールドの劣化したドキュメントにアクセス", - "discover.logs.dataTable.controlColumn.actions.button.degradedDocNotPresent": "このドキュメントのすべてのフィールドは正しく解析されました", - "discover.logs.dataTable.controlColumn.actions.button.degradedDocPresent": "このドキュメントを正しく解析できませんでした。一部のフィールドが正しく入力されていません", - "discover.logs.dataTable.controlColumn.actions.button.stacktrace.available": "スタックトレースがあります", - "discover.logs.dataTable.controlColumn.actions.button.stacktrace.notAvailable": "スタックトレースがありません", - "discover.logs.dataTable.header.actions.tooltip.expand": "ログの詳細を展開", - "discover.logs.dataTable.header.actions.tooltip.paragraph": "次のようなアクショナブルな情報を提供するフィールド:", - "discover.logs.dataTable.header.actions.tooltip.stacktrace": "次に基づいて使用可能なスタックトレースにアクセス:", - "discover.logs.dataTable.header.content.tooltip.paragraph1": "ドキュメントの{logLevel}と{message}フィールドを表示します。", - "discover.logs.dataTable.header.content.tooltip.paragraph2": "メッセージフィールドが空のときには、次のいずれかが表示されます。", - "discover.logs.dataTable.header.popover.actions": "アクション", - "discover.logs.dataTable.header.popover.actions.lowercase": "アクション", "discover.logs.dataTable.header.popover.content": "コンテンツ", "discover.logs.dataTable.header.popover.resource": "リソース", - "discover.logs.dataTable.header.resource.tooltip.paragraph": "次のようなドキュメントのソースに関する情報を提供するフィールド:", - "discover.logs.flyoutDetail.accordion.title.cloud": "クラウド", - "discover.logs.flyoutDetail.accordion.title.other": "Other", - "discover.logs.flyoutDetail.accordion.title.serviceInfra": "サービスとインフラストラクチャー", - "discover.logs.flyoutDetail.label.cloudAvailabilityZone": "クラウドアベイラビリティゾーン", - "discover.logs.flyoutDetail.label.cloudInstanceId": "クラウドインスタンスID", - "discover.logs.flyoutDetail.label.cloudProjectId": "クラウドプロジェクトID", - "discover.logs.flyoutDetail.label.cloudProvider": "クラウドプロバイダー", - "discover.logs.flyoutDetail.label.cloudRegion": "クラウドリージョン", - "discover.logs.flyoutDetail.label.dataset": "データセット", - "discover.logs.flyoutDetail.label.hostName": "ホスト名", - "discover.logs.flyoutDetail.label.logPathFile": "ログパスファイル", - "discover.logs.flyoutDetail.label.message": "コンテンツの内訳", - "discover.logs.flyoutDetail.label.namespace": "名前空間", - "discover.logs.flyoutDetail.label.orchestratorClusterName": "オーケストレータークラスター名", - "discover.logs.flyoutDetail.label.orchestratorResourceId": "オーケストレーターリソースID", - "discover.logs.flyoutDetail.label.service": "サービス", - "discover.logs.flyoutDetail.label.shipper": "シッパー", - "discover.logs.flyoutDetail.label.trace": "トレース", - "discover.logs.flyoutDetail.section.showMore": "+ その他{hiddenCount}件", - "discover.logs.flyoutDetail.value.hover.copyToClipboard": "クリップボードにコピー", "discover.logs.flyoutDetail.value.hover.filterFor": "この{value}でフィルターを適用", - "discover.logs.flyoutDetail.value.hover.filterForFieldPresent": "フィールド表示のフィルター", "discover.logs.flyoutDetail.value.hover.filterOut": "この{value}を除外", - "discover.logs.flyoutDetail.value.hover.toggleColumn": "表の列を切り替える", "discover.logs.popoverAction.closePopover": "ポップオーバーを閉じる", "discover.logs.popoverAction.copyValue": "値をコピー", "discover.logs.popoverAction.copyValueAriaText": "{fieldName}の値をコピー", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index c4f165450b5ac..38fa5dab8a44a 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -2481,45 +2481,10 @@ "discover.localMenu.saveTitle": "保存", "discover.localMenu.shareSearchDescription": "共享搜索", "discover.localMenu.shareTitle": "共享", - "discover.logs.dataTable.controlColumn.actions.button.degradedDoc": "包含 {ignoredProperty} 字段的已降级文档的访问权限", - "discover.logs.dataTable.controlColumn.actions.button.degradedDocNotPresent": "此文档中的所有字段均进行了正确解析", - "discover.logs.dataTable.controlColumn.actions.button.degradedDocPresent": "无法正确解析此文档。并非所有字段都进行了正确填充", - "discover.logs.dataTable.controlColumn.actions.button.stacktrace.available": "堆栈跟踪可用", - "discover.logs.dataTable.controlColumn.actions.button.stacktrace.notAvailable": "堆栈跟踪不可用", - "discover.logs.dataTable.header.actions.tooltip.expand": "展开日志详情", - "discover.logs.dataTable.header.actions.tooltip.paragraph": "提供可操作信息的字段,例如:", - "discover.logs.dataTable.header.actions.tooltip.stacktrace": "基于以下项访问可用堆栈跟踪:", - "discover.logs.dataTable.header.content.tooltip.paragraph1": "显示该文档的 {logLevel} 和 {message} 字段。", - "discover.logs.dataTable.header.content.tooltip.paragraph2": "消息字段为空时,将显示以下项之一:", - "discover.logs.dataTable.header.popover.actions": "操作", - "discover.logs.dataTable.header.popover.actions.lowercase": "操作", "discover.logs.dataTable.header.popover.content": "内容", "discover.logs.dataTable.header.popover.resource": "资源", - "discover.logs.dataTable.header.resource.tooltip.paragraph": "提供有关文档来源信息的字段,例如:", - "discover.logs.flyoutDetail.accordion.title.cloud": "云", - "discover.logs.flyoutDetail.accordion.title.other": "其他", - "discover.logs.flyoutDetail.accordion.title.serviceInfra": "服务和基础设施", - "discover.logs.flyoutDetail.label.cloudAvailabilityZone": "云可用区", - "discover.logs.flyoutDetail.label.cloudInstanceId": "云实例 ID", - "discover.logs.flyoutDetail.label.cloudProjectId": "云项目 ID", - "discover.logs.flyoutDetail.label.cloudProvider": "云服务提供商", - "discover.logs.flyoutDetail.label.cloudRegion": "云区域", - "discover.logs.flyoutDetail.label.dataset": "数据集", - "discover.logs.flyoutDetail.label.hostName": "主机名", - "discover.logs.flyoutDetail.label.logPathFile": "日志路径文件", - "discover.logs.flyoutDetail.label.message": "内容细目", - "discover.logs.flyoutDetail.label.namespace": "命名空间", - "discover.logs.flyoutDetail.label.orchestratorClusterName": "Orchestrator 集群名称", - "discover.logs.flyoutDetail.label.orchestratorResourceId": "Orchestrator 资源 ID", - "discover.logs.flyoutDetail.label.service": "服务", - "discover.logs.flyoutDetail.label.shipper": "采集器", - "discover.logs.flyoutDetail.label.trace": "跟踪", - "discover.logs.flyoutDetail.section.showMore": "+ 另外 {hiddenCount} 个", - "discover.logs.flyoutDetail.value.hover.copyToClipboard": "复制到剪贴板", "discover.logs.flyoutDetail.value.hover.filterFor": "筛留此 {value}", - "discover.logs.flyoutDetail.value.hover.filterForFieldPresent": "筛留存在的字段", "discover.logs.flyoutDetail.value.hover.filterOut": "筛除此 {value}", - "discover.logs.flyoutDetail.value.hover.toggleColumn": "在表中切换列", "discover.logs.popoverAction.closePopover": "关闭弹出框", "discover.logs.popoverAction.copyValue": "复制值", "discover.logs.popoverAction.copyValueAriaText": "复制 {fieldName} 的值", diff --git a/yarn.lock b/yarn.lock index d02e89fcda226..c59fb7f412fe5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4793,6 +4793,10 @@ version "0.0.0" uid "" +"@kbn/discover-contextual-components@link:packages/kbn-discover-contextual-components": + version "0.0.0" + uid "" + "@kbn/discover-customization-examples-plugin@link:examples/discover_customization_examples": version "0.0.0" uid "" From 77ce0fcbcf18805d2ae1ac2d21a449c03deec022 Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Thu, 24 Oct 2024 16:52:13 +0200 Subject: [PATCH 49/99] [OAS] Removing staging files (#197455) ## Summary Removing staging files for now. We can always revert this if it turns out we need them. ## Reviewers * I might be missing something in removing these, but right now I think they are making commit noise and not really serving a purpose * I moved the `final_merge` step to after the OAS snapshot capture --- .buildkite/scripts/steps/checks.sh | 2 - .../steps/checks/capture_oas_snapshot.sh | 3 + .../steps/openapi_bundling/final_merge.sh | 3 +- oas_docs/makefile | 9 +- .../output/kibana.serverless.staging.yaml | 52238 ------------- oas_docs/output/kibana.staging.yaml | 60612 ---------------- oas_docs/scripts/merge_ess_oas_staging.js | 41 - .../scripts/merge_serverless_oas_staging.js | 39 - 8 files changed, 6 insertions(+), 112941 deletions(-) delete mode 100644 oas_docs/output/kibana.serverless.staging.yaml delete mode 100644 oas_docs/output/kibana.staging.yaml delete mode 100644 oas_docs/scripts/merge_ess_oas_staging.js delete mode 100644 oas_docs/scripts/merge_serverless_oas_staging.js diff --git a/.buildkite/scripts/steps/checks.sh b/.buildkite/scripts/steps/checks.sh index d6c4f1b80569f..8d62a305dd535 100755 --- a/.buildkite/scripts/steps/checks.sh +++ b/.buildkite/scripts/steps/checks.sh @@ -12,6 +12,4 @@ fi .buildkite/scripts/steps/checks/saved_objects_definition_change.sh .buildkite/scripts/steps/code_generation/elastic_assistant_codegen.sh .buildkite/scripts/steps/code_generation/security_solution_codegen.sh -.buildkite/scripts/steps/openapi_bundling/security_solution_openapi_bundling.sh .buildkite/scripts/steps/code_generation/osquery_codegen.sh -.buildkite/scripts/steps/openapi_bundling/final_merge.sh diff --git a/.buildkite/scripts/steps/checks/capture_oas_snapshot.sh b/.buildkite/scripts/steps/checks/capture_oas_snapshot.sh index 98a825919f077..0c0f7ac996bba 100755 --- a/.buildkite/scripts/steps/checks/capture_oas_snapshot.sh +++ b/.buildkite/scripts/steps/checks/capture_oas_snapshot.sh @@ -23,3 +23,6 @@ run_check() { retry 5 15 run_check check_for_changed_files "$cmd" true + +.buildkite/scripts/steps/openapi_bundling/security_solution_openapi_bundling.sh +.buildkite/scripts/steps/openapi_bundling/final_merge.sh diff --git a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh index bd9de3c966d8d..83dba04c350d2 100755 --- a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh +++ b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh @@ -7,6 +7,5 @@ source .buildkite/scripts/common/util.sh echo --- Merge Kibana OpenAPI specs (cd oas_docs && make api-docs && make api-docs-lint) -(cd oas_docs && make api-docs-staging && make api-docs-lint) -check_for_changed_files "make api-docs && make api-docs-staging" true +check_for_changed_files "make api-docs" true diff --git a/oas_docs/makefile b/oas_docs/makefile index ce24aa5b7b8b7..85ab06e0c2c73 100644 --- a/oas_docs/makefile +++ b/oas_docs/makefile @@ -18,11 +18,6 @@ api-docs: ## Generate Serverless and ESS Kibana OpenAPI bundles with kbn-openapi @node scripts/merge_serverless_oas.js @node scripts/merge_ess_oas.js -.PHONY: api-docs-staging -api-docs-staging: ## Generate Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler - @node scripts/merge_serverless_oas_staging.js - @node scripts/merge_ess_oas_staging.js - .PHONY: api-docs-stateful api-docs-stateful: ## Generate only kibana.yaml @node scripts/merge_ess_oas.js @@ -30,9 +25,9 @@ api-docs-stateful: ## Generate only kibana.yaml .PHONY: api-docs-serverless api-docs-serverless: ## Generate only kibana.serverless.yaml @node scripts/merge_serverless_oas.js - + .PHONY: api-docs-lint -api-docs-lint: ## Run spectral API docs linter +api-docs-lint: ## Run spectral API docs linter @npx @stoplight/spectral-cli lint "output/*.yaml" --ruleset ".spectral.yaml" .PHONY: api-docs-lint-errs diff --git a/oas_docs/output/kibana.serverless.staging.yaml b/oas_docs/output/kibana.serverless.staging.yaml deleted file mode 100644 index 05f614ede3df7..0000000000000 --- a/oas_docs/output/kibana.serverless.staging.yaml +++ /dev/null @@ -1,52238 +0,0 @@ -openapi: 3.0.3 -info: - contact: - name: Kibana Team - description: > - **Technical preview** - - This functionality is in technical preview and may be changed or removed in - a future release. - - Elastic will work to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - - - The Kibana REST APIs for Elastic serverless enable you to manage resources - - such as connectors, data views, and saved objects. The API calls are - - stateless. Each request that you make happens in isolation from other calls - - and must include all of the necessary information for Kibana to fulfill the - - request. API requests return JSON output, which is a format that is - - machine-readable and works well for automation. - - - To interact with Kibana APIs, use the following operations: - - - - GET: Fetches the information. - - - POST: Adds new information. - - - PUT: Updates the existing information. - - - DELETE: Removes the information. - - - You can prepend any Kibana API endpoint with `kbn:` and run the request in - - **Dev Tools → Console**. For example: - - - ``` - - GET kbn:/api/data_views - - ``` - - - ## Documentation source and versions - - - This documentation is derived from the `main` branch of the - [kibana](https://github.com/elastic/kibana) repository. - - It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 - International](https://creativecommons.org/licenses/by-nc-nd/4.0/). - title: Kibana Serverless APIs - version: 1.0.2 - x-doc-license: - name: Attribution-NonCommercial-NoDerivatives 4.0 International - url: https://creativecommons.org/licenses/by-nc-nd/4.0/ - x-feedbackLink: - label: Feedback - url: >- - https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ -servers: - - url: http://{kibana_host}:{port} - variables: - kibana_host: - default: localhost - port: - default: '5601' - - url: http://localhost:5622 - - url: https://{kibana_url} - variables: - kibana_url: - default: localhost:5601 - - url: / - - description: local - url: http://localhost:5601 -paths: - /api/actions: - get: - deprecated: true - operationId: '%2Fapi%2Factions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/action: - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionTypeId: - description: The connector type identifier. - type: string - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - actionTypeId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - /api/actions/action/{id}: - delete: - deprecated: true - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - put: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - /api/actions/action/{id}/_execute: - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connector_types: - get: - description: You do not need any Kibana feature privileges to run this API. - operationId: '%2Fapi%2Factions%2Fconnector_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - required: false - schema: - type: string - responses: {} - summary: Get connector types - tags: - - connectors - /api/actions/connector/{id}: - delete: - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - post: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - connector_type_id: - description: The type of connector. - type: string - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - connector_type_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - put: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - /api/actions/connector/{id}/_execute: - post: - description: >- - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connectors: - get: - operationId: '%2Fapi%2Factions%2Fconnectors#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/list_action_types: - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Flist_action_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get connector types - tags: - - connectors - /api/alerting/rule/{id}: - delete: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Delete a rule - tags: - - alerting - get: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Get rule details - tags: - - alerting - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. - type: string - enabled: - default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. - items: - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - rule_type_id - - consumer - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '409': - description: Indicates that the rule id is already in use. - summary: Create a rule - tags: - - alerting - put: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update a rule - tags: - - alerting - /api/alerting/rule/{id}/_disable: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Disable a rule - tags: - - alerting - /api/alerting/rule/{id}/_enable: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Enable a rule - tags: - - alerting - /api/alerting/rule/{id}/_mute_all: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Mute all alerts - tags: - - alerting - /api/alerting/rule/{id}/_unmute_all: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Unmute all alerts - tags: - - alerting - /api/alerting/rule/{id}/_update_api_key: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update the API key for a rule - tags: - - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute: - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Mute an alert - tags: - - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute: - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Unmute an alert - tags: - - alerting - /api/alerting/rules/_find: - get: - operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The number of rules to return per page. - in: query - name: per_page - required: false - schema: - default: 10 - minimum: 0 - type: number - - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. - in: query - name: search - required: false - schema: - type: string - - description: The default operator to use for the simple_query_string. - in: query - name: default_search_operator - required: false - schema: - default: OR - enum: - - OR - - AND - type: string - - description: The fields to perform the simple_query_string parsed query against. - in: query - name: search_fields - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order. - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - required: false - schema: - additionalProperties: false - nullable: true - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - in: query - name: fields - required: false - schema: - items: - description: The fields to return in the `attributes` key of the response. - type: string - type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - required: false - schema: - type: string - - in: query - name: filter_consumers - required: false - schema: - items: - description: List of consumers to filter. - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - summary: Get information about rules - tags: - - alerting - /api/apm/agent_keys: - post: - description: Create a new agent key for APM. - operationId: createAgentKey - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - privileges: - items: - enum: - - event:write - - config_agent:read - type: string - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: - type: string - description: Agent key created successfully - summary: Create an APM agent key - tags: - - APM agent keys - /api/apm/services/{serviceName}/annotation: - post: - description: Create a new annotation for a specific service. - operationId: createAnnotation - parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - '@timestamp': - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - version: - type: string - tags: - items: - type: string - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _id: - type: string - _index: - type: string - _source: - type: object - properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array - description: Annotation created successfully - summary: Create a service annotation - tags: - - APM annotations - /api/apm/services/{serviceName}/annotation/search: - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation - parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start - required: false - schema: - type: string - - description: The end date for the search - in: query - name: end - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - annotations: - items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string - type: array - description: Successful response - summary: Search for annotations - tags: - - APM annotations - /api/asset_criticality: - delete: - description: Delete the asset criticality record for a specific entity. - operationId: DeleteAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - - description: If 'wait_for' the request will wait for the index refresh. - in: query - name: refresh - required: false - schema: - enum: - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - description: >- - True if the record was deleted or false if the record did - not exist. - type: boolean - record: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: The deleted record if it existed. - required: - - deleted - description: Successful response - '400': - description: Invalid request - summary: Delete an asset criticality record - tags: - - Security Entity Analytics API - get: - description: Get the asset criticality record for a specific entity. - operationId: GetAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - '404': - description: Criticality record not found - summary: Get an asset criticality record - tags: - - Security Entity Analytics API - post: - description: > - Create or update an asset criticality record for a specific entity. - - - If a record already exists for the specified entity, that record is - overwritten with the specified value. If a record doesn't exist for the - specified entity, a new record is created. - operationId: CreateAssetCriticalityRecord - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. - enum: - - wait_for - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - summary: Upsert an asset criticality record - tags: - - Security Entity Analytics API - /api/asset_criticality/bulk: - post: - description: > - Bulk upsert up to 1000 asset criticality records. - - - If asset criticality records already exist for the specified entities, - those records are overwritten with the specified values. If asset - criticality records don't exist for the specified entities, new records - are created. - operationId: BulkUpsertAssetCriticalityRecords - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 - type: object - properties: - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - maxItems: 1000 - minItems: 1 - type: array - required: - - records - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem - type: array - stats: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats - required: - - errors - - stats - description: Bulk upload successful - '413': - description: File too large - summary: Bulk upsert asset criticality records - tags: - - Security Entity Analytics API - /api/asset_criticality/list: - get: - description: List asset criticality records, paging, sorting and filtering as needed. - operationId: FindAssetCriticalityRecords - parameters: - - description: The field to sort by. - in: query - name: sort_field - required: false - schema: - enum: - - id_value - - id_field - - criticality_level - - \@timestamp - type: string - - description: The order to sort by. - in: query - name: sort_direction - required: false - schema: - enum: - - asc - - desc - type: string - - description: The page number to return. - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of records to return per page. - in: query - name: per_page - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: The kuery to filter by. - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Bulk upload successful - summary: List asset criticality records - tags: - - Security Entity Analytics API - /api/data_views: - get: - operationId: getAllDataViewsDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' - schema: - type: object - properties: - data_view: - items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views - tags: - - data views - /api/data_views/data_view: - post: - operationId: createDataViewDefaultw - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view - tags: - - data views - /api/data_views/data_view/{viewId}: - delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view - tags: - - data views - get: - operationId: getDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view - tags: - - data views - post: - operationId: updateDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view - tags: - - data views - /api/data_views/data_view/{viewId}/fields: - post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' - schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata - tags: - - data views - /api/data_views/data_view/{viewId}/runtime_field: - post: - operationId: createRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - summary: Create a runtime field - tags: - - data views - put: - operationId: createUpdateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field - tags: - - data views - /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: - delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view - tags: - - data views - get: - operationId: getRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' - schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field - tags: - - data views - post: - operationId: updateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' - schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField - required: true - responses: - '200': - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field - tags: - - data views - /api/data_views/default: - get: - operationId: getDefaultDataViewDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response - schema: - type: object - properties: - data_view_id: - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view - tags: - - data views - post: - operationId: setDefaultDatailViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' - schema: - type: object - properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - nullable: true - type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean - required: - - data_view_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view - tags: - - data views - /api/data_views/swap_references: - post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Swap saved object references - tags: - - data views - /api/data_views/swap_references/_preview: - post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Preview a saved object reference swap - tags: - - data views - /api/detection_engine/privileges: - get: - description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - - space and index privileges, which determine if the user can create an - - index for the Elastic Security alerts generated by - - detection engine rules. - operationId: ReadPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Returns user privileges for the Kibana space - tags: - - Security Detections API - - Privileges API - /api/detection_engine/rules: - delete: - description: Delete a detection rule using the `rule_id` or `id` field. - operationId: DeleteRule - parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Delete a detection rule - tags: - - Security Detections API - - Rules API - get: - description: Retrieve a detection rule using the `rule_id` or `id` field. - operationId: ReadRule - parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Retrieve a detection rule - tags: - - Security Detections API - - Rules API - patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. - operationId: PatchRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Patch a detection rule - tags: - - Security Detections API - - Rules API - post: - description: Create a new detection rule. - operationId: CreateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Create a detection rule - tags: - - Security Detections API - - Rules API - put: - description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` or `rule_id` values. - operationId: UpdateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Update a detection rule - tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_bulk_action: - post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. - operationId: PerformRulesBulkAction - parameters: - - description: Enables dry run mode for the request call. - in: query - name: dry_run - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDisableRules - - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Detections_API_BulkManualRuleRun - - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResponse - - $ref: >- - #/components/schemas/Security_Detections_API_BulkExportActionResponse - description: OK - summary: Apply a bulk action to detection rules - tags: - - Security Detections API - - Bulk API - /api/detection_engine/rules/_export: - post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - - - Actions - - - Exception lists - - > info - - > You cannot export prebuilt rules. - operationId: ExportRules - parameters: - - description: Determines whether a summary of the exported rules is returned. - in: query - name: exclude_export_details - required: false - schema: - default: false - type: boolean - - description: File name for saving the exported rules. - in: query - name: file_name - required: false - schema: - default: export.ndjson - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - nullable: true - type: object - properties: - objects: - description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. - items: - type: object - properties: - rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId - required: - - rule_id - type: array - required: - - objects - required: false - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: An `.ndjson` file containing the returned rules. - format: binary - type: string - description: Indicates a successful call. - summary: Export detection rules - tags: - - Security Detections API - - Import/Export API - /api/detection_engine/rules/_find: - get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. - operationId: FindRules - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Rules per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RuleResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - summary: List all detection rules - tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_import: - post: - description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: - - - The `Content-Type: multipart/form-data` HTTP header. - - - A link to the `.ndjson` file containing the rules. - operationId: ImportRules - parameters: - - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. - in: query - name: overwrite_action_connectors - required: false - schema: - default: false - type: boolean - - description: Generates a new list ID for each imported exception list. - in: query - name: as_new_list - required: false - schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: The `.ndjson` file containing the rules. - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action_connectors_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: - items: - $ref: >- - #/components/schemas/Security_Detections_API_WarningSchema - type: array - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer - success: - type: boolean - success_count: - minimum: 0 - type: integer - required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count - description: Indicates a successful call. - summary: Import detection rules - tags: - - Security Detections API - - Import/Export API - /api/detection_engine/rules/{id}/exceptions: - post: - description: Create exception items that apply to a single detection rule. - operationId: CreateRuleExceptionListItems - parameters: - - description: Detection rule's identifier - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_RuleId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps - type: array - required: - - items - description: Rule exception list items - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create rule exception list items - tags: - - Security Exceptions API - /api/detection_engine/rules/preview: - post: - operationId: RulePreview - parameters: - - description: >- - Enables logging and returning in response ES queries, performed - during rule execution - in: query - name: enable_logged_requests - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - discriminator: - propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - isAborted: - type: boolean - logs: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLogs - type: array - previewId: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString - required: - - logs - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Preview rule alerts generated on specified time range - tags: - - Security Detections API - - Rule preview API - /api/detection_engine/signals/assignees: - post: - description: | - Assign users to detection alerts, and unassign them from alerts. - > info - > You cannot add and remove the same assignee in the same request. - operationId: SetAlertAssignees - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - assignees: - $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' - description: Details about the assignees to assign and unassign. - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. - required: - - assignees - - ids - required: true - responses: - '200': - description: Indicates a successful call. - '400': - description: Invalid request. - summary: Assign and unassign users from detection alerts - tags: - - Security Detections API - /api/detection_engine/signals/search: - post: - description: Find and/or aggregate detection alerts that match the given query. - operationId: SearchAlerts - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - description: Elasticsearch query and aggregation request - type: object - properties: - _source: - oneOf: - - type: boolean - - type: string - - items: - type: string - type: array - aggs: - additionalProperties: true - type: object - fields: - items: - type: string - type: array - query: - additionalProperties: true - type: object - runtime_mappings: - additionalProperties: true - type: object - size: - minimum: 0 - type: integer - sort: - $ref: '#/components/schemas/Security_Detections_API_AlertsSort' - track_total_hits: - type: boolean - description: Search and/or aggregation query - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch search response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Find and/or aggregate detection alerts - tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/status: - post: - description: Set the status of one or more detection alerts. - operationId: SetAlertsStatus - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Set a detection alert status - tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/tags: - post: - description: | - And tags to detection alerts, and remove them from alerts. - > info - > You cannot add and remove the same alert tag in the same request. - operationId: SetAlertTags - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - tags: - $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' - required: - - ids - - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Add and remove detection alert tags - tags: - - Security Detections API - - Alerts API - /api/detection_engine/tags: - get: - description: List all unique tags from all detection rules. - operationId: ReadTags - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - description: Indicates a successful call - summary: List all detection rule tags - tags: - - Security Detections API - - Tags API - /api/endpoint_list: - post: - description: >- - Create an endpoint exception list, which groups endpoint exception list - items. If an endpoint exception list already exists, an empty response - is returned. - operationId: CreateEndpointList - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Create an endpoint exception list - tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items: - delete: - description: >- - Delete an endpoint exception list item using the `id` or `item_id` - field. - operationId: DeleteEndpointListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Delete an endpoint exception list item - tags: - - Security Endpoint Exceptions API - get: - description: >- - Get the details of an endpoint exception list item using the `id` or - `item_id` field. - operationId: ReadEndpointListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Get an endpoint exception list item - tags: - - Security Endpoint Exceptions API - post: - description: >- - Create an endpoint exception list item, and associate it with the - endpoint exception list. - operationId: CreateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item already exists - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Create an endpoint exception list item - tags: - - Security Endpoint Exceptions API - put: - description: >- - Update an endpoint exception list item using the `id` or `item_id` - field. - operationId: UpdateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Update an endpoint exception list item - tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items/_find: - get: - description: Get a list of all endpoint exception list items. - operationId: FindEndpointListItems - parameters: - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Get endpoint exception list items - tags: - - Security Endpoint Exceptions API - /api/endpoint/action: - get: - description: Get a list of all response actions. - operationId: EndpointGetActionsList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get response actions - tags: - - Security Endpoint Management API - /api/endpoint/action_log/{agent_id}: - get: - deprecated: true - description: Get an action request log for the specified agent ID. - operationId: EndpointGetActionLog - parameters: - - in: path - name: agent_id - required: true - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an action request log - tags: - - Security Endpoint Management API - /api/endpoint/action_status: - get: - description: Get the status of response actions for the specified agent IDs. - operationId: EndpointGetActionsStatus - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agent_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse - description: OK - summary: Get response actions status - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}: - get: - description: Get the details of a response action using the action ID. - operationId: EndpointGetActionsDetails - parameters: - - in: path - name: action_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get action details - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}: - get: - description: Get information for the specified file using the file ID. - operationId: EndpointFileInfo - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get file information - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}/download: - get: - description: Download a file from an endpoint. - operationId: EndpointFileDownload - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Download a file - tags: - - Security Endpoint Management API - /api/endpoint/action/execute: - post: - description: Run a shell command on an endpoint. - operationId: EndpointExecuteAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Run a command - tags: - - Security Endpoint Management API - /api/endpoint/action/get_file: - post: - description: Get a file from an endpoint. - operationId: EndpointGetFileAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a file - tags: - - Security Endpoint Management API - /api/endpoint/action/isolate: - post: - description: >- - Isolate an endpoint from the network. The endpoint remains isolated - until it's released. - operationId: EndpointIsolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Isolate an endpoint - tags: - - Security Endpoint Management API - /api/endpoint/action/kill_process: - post: - description: Terminate a running process on an endpoint. - operationId: EndpointKillProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Terminate a process - tags: - - Security Endpoint Management API - /api/endpoint/action/running_procs: - post: - description: Get a list of all processes running on an endpoint. - operationId: EndpointGetProcessesAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get running processes - tags: - - Security Endpoint Management API - /api/endpoint/action/scan: - post: - description: Scan a specific file or directory on an endpoint for malware. - operationId: EndpointScanAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Scan a file or directory - tags: - - Security Endpoint Management API - /api/endpoint/action/state: - get: - description: >- - Get a response actions state, which reports whether encryption is - enabled. - operationId: EndpointGetActionsState - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse - description: OK - summary: Get actions state - tags: - - Security Endpoint Management API - /api/endpoint/action/suspend_process: - post: - description: Suspend a running process on an endpoint. - operationId: EndpointSuspendProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Suspend a process - tags: - - Security Endpoint Management API - /api/endpoint/action/unisolate: - post: - description: Release an isolated endpoint, allowing it to rejoin a network. - operationId: EndpointUnisolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Release an isolated endpoint - tags: - - Security Endpoint Management API - /api/endpoint/action/upload: - post: - description: Upload a file to an endpoint. - operationId: EndpointUploadAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Upload a file - tags: - - Security Endpoint Management API - /api/endpoint/metadata: - get: - operationId: GetEndpointMetadataList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a metadata list - tags: - - Security Endpoint Management API - /api/endpoint/metadata/{id}: - get: - operationId: GetEndpointMetadata - parameters: - - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata - tags: - - Security Endpoint Management API - /api/endpoint/metadata/transforms: - get: - deprecated: true - operationId: GetEndpointMetadataTransform - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata transforms - tags: - - Security Endpoint Management API - /api/endpoint/policy_response: - get: - operationId: GetPolicyResponse - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agentId: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a policy response - tags: - - Security Endpoint Management API - /api/endpoint/policy/summaries: - get: - deprecated: true - operationId: GetAgentPolicySummary - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - package_name: - type: string - policy_id: - nullable: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an agent policy summary - tags: - - Security Endpoint Management API - /api/endpoint/protection_updates_note/{package_policy_id}: - get: - operationId: GetProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Get a protection updates note - tags: - - Security Endpoint Management API - post: - operationId: CreateUpdateProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - note: - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Create or update a protection updates note - tags: - - Security Endpoint Management API - /api/endpoint/suggestions/{suggestion_type}: - post: - deprecated: true - operationId: GetEndpointSuggestions - parameters: - - in: path - name: suggestion_type - required: true - schema: - enum: - - eventFilters - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - field: - type: string - fieldMeta: {} - filters: {} - query: - type: string - required: - - parameters - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get suggestions - tags: - - Security Endpoint Management API - /api/entity_store/engines: - get: - operationId: ListEntityEngines - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - count: - type: integer - engines: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - type: array - description: Successful response - summary: List the Entity Engines - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}: - delete: - operationId: DeleteEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - - description: Control flag to also delete the entity data. - in: query - name: data - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - type: boolean - description: Successful response - summary: Delete the Entity Engine - tags: - - Security Entity Analytics API - get: - operationId: GetEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Get an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/init: - post: - operationId: InitEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - description: Schema for the engine initialization - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Initialize an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/start: - post: - operationId: StartEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - started: - type: boolean - description: Successful response - summary: Start an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stats: - post: - operationId: GetEntityEngineStats - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - indices: - items: - type: object - type: array - status: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineStatus - transforms: - items: - type: object - type: array - type: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityType - description: Successful response - summary: Get Entity Engine stats - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stop: - post: - operationId: StopEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - stopped: - type: boolean - description: Successful response - summary: Stop an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/apply_dataview_indices: - post: - operationId: ApplyEntityEngineDataviewIndices - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Successful response - '207': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - items: - type: string - type: array - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Partial successful response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Error response - summary: Apply DataView indices to all installed engines - tags: - - Security Entity Analytics API - /api/entity_store/entities/list: - get: - description: List entities records, paging, sorting and filtering as needed. - operationId: ListEntities - parameters: - - in: query - name: sort_field - required: false - schema: - type: string - - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - in: query - name: per_page - required: false - schema: - maximum: 10000 - minimum: 1 - type: integer - - description: An ES query to filter by. - in: query - name: filterQuery - required: false - schema: - type: string - - in: query - name: entities_types - required: true - schema: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - inspect: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_InspectQuery - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_Entity - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Entities returned successfully - summary: List Entity Store Entities - tags: - - Security Entity Analytics API - /api/exception_lists: - delete: - description: Delete an exception list using the `id` or `list_id` field. - operationId: DeleteExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Delete an exception list - tags: - - Security Exceptions API - get: - description: Get the details of an exception list using the `id` or `list_id` field. - operationId: ReadExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception list details - tags: - - Security Exceptions API - post: - description: > - An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. - operationId: CreateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion - default: 1 - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create an exception list - tags: - - Security Exceptions API - put: - description: Update an exception list using the `id` or `list_id` field. - operationId: UpdateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Update an exception list - tags: - - Security Exceptions API - /api/exception_lists/_duplicate: - post: - description: Duplicate an existing exception list. - operationId: DuplicateExceptionList - parameters: - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list to duplicate not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Duplicate an exception list - tags: - - Security Exceptions API - /api/exception_lists/_export: - post: - description: Export an exception list and its associated items to an NDJSON file. - operationId: ExportExceptionList - parameters: - - description: Exception list's identifier - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: >- - A `.ndjson` file containing specified exception list and its - items - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Export an exception list - tags: - - Security Exceptions API - /api/exception_lists/_find: - get: - description: Get a list of all exception lists. - operationId: FindExceptionLists - parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: - - - - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of exception lists to return per page - in: query - name: per_page - required: false - schema: - minimum: 1 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionList - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception lists - tags: - - Security Exceptions API - /api/exception_lists/_import: - post: - description: Import an exception list and its associated items from an NDJSON file. - operationId: ImportExceptionList - parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false - schema: - default: false - type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - - list and its items are overwritten. - in: query - name: as_new_list - required: false - schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Import an exception list - tags: - - Security Exceptions API - /api/exception_lists/items: - delete: - description: Delete an exception list item using the `id` or `item_id` field. - operationId: DeleteExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Delete an exception list item - tags: - - Security Exceptions API - get: - description: >- - Get the details of an exception list item using the `id` or `item_id` - field. - operationId: ReadExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list item - tags: - - Security Exceptions API - post: - description: > - Create an exception item and associate it with the specified exception - list. - - > info - - > Before creating exception items, you must create an exception list. - operationId: CreateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType - required: - - list_id - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create an exception list item - tags: - - Security Exceptions API - put: - description: Update an exception list item using the `id` or `item_id` field. - operationId: UpdateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Update an exception list item - tags: - - Security Exceptions API - /api/exception_lists/items/_find: - get: - description: Get a list of all exception list items in the specified list. - operationId: FindExceptionListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - type: array - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - default: [] - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter - type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array - - in: query - name: search - required: false - schema: - type: string - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception list items - tags: - - Security Exceptions API - /api/exception_lists/summary: - get: - description: Get a summary of the specified exception list. - operationId: ReadExceptionListSummary - parameters: - - description: Exception list's identifier generated upon creation - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - - description: Search filter clause - in: query - name: filter - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list summary - tags: - - Security Exceptions API - /api/exceptions/shared: - post: - description: > - An exception list groups exception items and can be associated with - detection rules. A shared exception list can apply to multiple detection - rules. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. - operationId: CreateSharedExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - required: - - name - - description - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create a shared exception list - tags: - - Security Exceptions API - /api/fleet/agent_download_sources: - get: - description: List agent binary download sources - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - post: - description: Create agent binary download source - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true - type: string - required: - - name - - host - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - /api/fleet/agent_download_sources/{sourceId}: - delete: - description: Delete agent binary download source by ID - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources%2F%7BsourceId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - get: - description: Get agent binary download source by ID - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources%2F%7BsourceId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - put: - description: Update agent binary download source by ID - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources%2F%7BsourceId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true - type: string - required: - - name - - host - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - /api/fleet/agent_policies: - get: - description: List agent policies - operationId: '%2Fapi%2Ffleet%2Fagent_policies#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - description: use withAgentCount instead - in: query - name: noAgentCount - required: false - schema: - deprecated: true - type: boolean - - description: get policies with agent count - in: query - name: withAgentCount - required: false - schema: - type: boolean - - description: get full policies with package policies populated - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - post: - description: Create an agent policy - operationId: '%2Fapi%2Ffleet%2Fagent_policies#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: sys_monitoring - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: - post: - description: Bulk get agent policies - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F_bulk_get#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}: - get: - description: Get an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - put: - description: Update an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/copy: - post: - description: Copy an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Fcopy#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - description: - type: string - name: - minLength: 1 - type: string - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/download: - get: - description: Download an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Fdownload#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/full: - get: - description: Get a full agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Ffull#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - download: - additionalProperties: false - type: object - properties: - sourceURI: - type: string - required: - - sourceURI - features: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - type: object - monitoring: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - protection: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - signing_key: - type: string - uninstall_token_hash: - type: string - required: - - enabled - - uninstall_token_hash - - signing_key - required: - - monitoring - - download - - features - fleet: - anyOf: - - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - required: - - hosts - - proxy_headers - - additionalProperties: false - type: object - properties: - kibana: - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - required: - - hosts - - protocol - required: - - kibana - id: - type: string - inputs: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - namespaces: - items: - type: string - type: array - output_permissions: - additionalProperties: - additionalProperties: {} - type: object - type: object - outputs: - additionalProperties: - additionalProperties: true - type: object - properties: - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - type: - type: string - required: - - type - - proxy_headers - type: object - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - signed: - additionalProperties: false - type: object - properties: - data: - type: string - signature: - type: string - required: - - data - - signature - required: - - id - - outputs - - inputs - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/outputs: - get: - description: Get list of outputs associated with agent policy by policy id - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Foutputs#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/delete: - post: - description: Delete agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2Fdelete#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean - required: - - agentPolicyId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/outputs: - post: - description: Get list of outputs associated with agent policies - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2Foutputs#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - description: Get agent status summary - operationId: '%2Fapi%2Ffleet%2Fagent_status#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - deprecated: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - results: - additionalProperties: false - type: object - properties: - active: - type: number - all: - type: number - error: - type: number - events: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - other: - type: number - total: - deprecated: true - type: number - unenrolled: - type: number - updating: - type: number - required: - - events - - total - - online - - error - - offline - - other - - updating - - inactive - - unenrolled - - all - - active - required: - - results - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - description: Get incoming agent data - operationId: '%2Fapi%2Ffleet%2Fagent_status%2Fdata#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: agentsIds - required: true - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: previewData - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - dataPreview: - items: {} - type: array - items: - items: - additionalProperties: - additionalProperties: false - type: object - properties: - data: - type: boolean - required: - - data - type: object - type: array - required: - - items - - dataPreview - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agent-status: - get: - operationId: '%2Fapi%2Ffleet%2Fagent-status#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - deprecated: true - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/agents: - get: - description: List agents - operationId: '%2Fapi%2Ffleet%2Fagents#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false - schema: - default: false - type: boolean - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean - - in: query - name: showUpgradeable - required: false - schema: - default: false - type: boolean - - in: query - name: getStatusSummary - required: false - schema: - default: false - type: boolean - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - type: array - page: - type: number - perPage: - type: number - statusSummary: - additionalProperties: - type: number - type: object - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - post: - description: List agents by action ids - operationId: '%2Fapi%2Ffleet%2Fagents#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionIds: - items: - type: string - type: array - required: - - actionIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/{agentId}: - delete: - description: Delete agent by ID - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - get: - description: Get agent by ID - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentId - required: true - schema: - type: string - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - put: - description: Update agent by ID - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - tags: - items: - type: string - type: array - user_provided_metadata: - additionalProperties: {} - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/{agentId}/actions: - post: - description: Create agent action - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Factions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - anyOf: - - additionalProperties: false - type: object - properties: - ack_data: {} - data: {} - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - required: - - type - - data - - ack_data - - additionalProperties: false - type: object - properties: - data: - additionalProperties: false - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - required: - - log_level - type: - enum: - - SETTINGS - type: string - required: - - type - - data - required: - - action - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/reassign: - post: - description: Reassign agent - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Freassign#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - put: - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Freassign#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/agents/{agentId}/request_diagnostics: - post: - description: Request agent diagnostics - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Frequest_diagnostics#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/unenroll: - post: - description: Unenroll agent - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Funenroll#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - revoke: - type: boolean - responses: {} - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/upgrade: - post: - description: Upgrade agent - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Fupgrade#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - skipRateLimitCheck: - type: boolean - source_uri: - type: string - version: - type: string - required: - - version - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/uploads: - get: - description: List agent uploads - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Fuploads#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - createTime: - type: string - error: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - EXPIRED - - IN_PROGRESS - - FAILED - type: string - required: - - id - - name - - filePath - - createTime - - status - - actionId - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/action_status: - get: - description: Get agent action status - operationId: '%2Fapi%2Ffleet%2Fagents%2Faction_status#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 0 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: date - required: false - schema: - type: string - - in: query - name: latest - required: false - schema: - type: number - - in: query - name: errorSize - required: false - schema: - default: 5 - type: number - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - hasRolloutPeriod: - type: boolean - latestErrors: - items: - additionalProperties: false - description: >- - latest errors that happened when the agents - executed the action - type: object - properties: - agentId: - type: string - error: - type: string - hostname: - type: string - timestamp: - type: string - required: - - agentId - - error - - timestamp - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: number - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - UPGRADE - - UNENROLL - - SETTINGS - - POLICY_REASSIGN - - CANCEL - - FORCE_UNENROLL - - REQUEST_DIAGNOSTICS - - UPDATE_TAGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - type - - nbAgentsActioned - - status - - creationTime - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/actions/{actionId}/cancel: - post: - description: Cancel agent action - operationId: '%2Fapi%2Ffleet%2Fagents%2Factions%2F%7BactionId%7D%2Fcancel#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: actionId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/available_versions: - get: - description: Get available agent versions - operationId: '%2Fapi%2Ffleet%2Fagents%2Favailable_versions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/bulk_reassign: - post: - description: Bulk reassign agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_reassign#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - policy_id: - type: string - required: - - policy_id - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_request_diagnostics: - post: - description: Bulk request diagnostics from agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_request_diagnostics#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - type: array - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_unenroll: - post: - description: Bulk unenroll agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_unenroll#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - description: KQL query string, leave empty to action all agents - type: string - type: array - - description: list of agent IDs - type: string - batchSize: - type: number - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_update_agent_tags: - post: - description: Bulk update agent tags - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_update_agent_tags#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_upgrade: - post: - description: Bulk upgrade agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_upgrade#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - force: - type: boolean - includeInactive: - default: false - type: boolean - rollout_duration_seconds: - minimum: 600 - type: number - skipRateLimitCheck: - type: boolean - source_uri: - type: string - start_time: - type: string - version: - type: string - required: - - agents - - version - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/files/{fileId}: - delete: - description: Delete file uploaded by agent - operationId: '%2Fapi%2Ffleet%2Fagents%2Ffiles%2F%7BfileId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: fileId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - deleted: - type: boolean - id: - type: string - required: - - id - - deleted - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/files/{fileId}/{fileName}: - get: - description: Get file uploaded by agent - operationId: '%2Fapi%2Ffleet%2Fagents%2Ffiles%2F%7BfileId%7D%2F%7BfileName%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/setup: - get: - description: Get agent setup info - operationId: '%2Fapi%2Ffleet%2Fagents%2Fsetup#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: >- - A summary of the agent setup status. `isReady` indicates - whether the setup is ready. If the setup is not ready, - `missing_requirements` lists which requirements are missing. - type: object - properties: - is_secrets_storage_enabled: - type: boolean - is_space_awareness_enabled: - type: boolean - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - security_required - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - post: - description: Initiate agent setup - operationId: '%2Fapi%2Ffleet%2Fagents%2Fsetup#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/tags: - get: - description: List agent tags - operationId: '%2Fapi%2Ffleet%2Fagents%2Ftags#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/check-permissions: - get: - description: Check permissions - operationId: '%2Fapi%2Ffleet%2Fcheck-permissions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: fleetServerSetup - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - error: - enum: - - MISSING_SECURITY - - MISSING_PRIVILEGES - - MISSING_FLEET_SERVER_SETUP_PRIVILEGES - type: string - success: - type: boolean - required: - - success - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/data_streams: - get: - description: List data streams - operationId: '%2Fapi%2Ffleet%2Fdata_streams#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - data_streams: - items: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - title: - type: string - required: - - id - - title - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - serviceDetails: - additionalProperties: false - nullable: true - type: object - properties: - environment: - type: string - serviceName: - type: string - required: - - environment - - serviceName - size_in_bytes: - type: number - size_in_bytes_formatted: - anyOf: - - type: number - - type: string - type: - type: string - required: - - index - - dataset - - namespace - - type - - package - - package_version - - last_activity_ms - - size_in_bytes - - size_in_bytes_formatted - - dashboards - - serviceDetails - type: array - required: - - data_streams - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Data streams - /api/fleet/enrollment_api_keys: - get: - description: List enrollment API keys - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - - list - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - post: - description: Create enrollment API key - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - expiration: - type: string - name: - type: string - policy_id: - type: string - required: - - policy_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - created - type: string - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - - action - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - /api/fleet/enrollment_api_keys/{keyId}: - delete: - description: Revoke enrollment API key by ID by marking it as inactive - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys%2F%7BkeyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - get: - description: Get enrollment API key by ID - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys%2F%7BkeyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - /api/fleet/enrollment-api-keys: - get: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: {} - summary: '' - tags: [] - post: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - expiration: - type: string - name: - type: string - policy_id: - type: string - required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/enrollment-api-keys/{keyId}: - delete: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys%2F%7BkeyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - get: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys%2F%7BkeyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/epm/bulk_assets: - post: - description: Bulk get assets - operationId: '%2Fapi%2Ffleet%2Fepm%2Fbulk_assets#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - assetIds: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - id - - type - type: array - required: - - assetIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - appLink: - type: string - attributes: - additionalProperties: false - type: object - properties: - description: - type: string - service: - type: string - title: - type: string - id: - type: string - type: - type: string - updatedAt: - type: string - required: - - id - - type - - attributes - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: - get: - description: List package categories - operationId: '%2Fapi%2Ffleet%2Fepm%2Fcategories#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: include_policy_templates - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - additionalProperties: false - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/custom_integrations: - post: - description: Create custom integration - operationId: '%2Fapi%2Ffleet%2Fepm%2Fcustom_integrations#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - datasets: - items: - additionalProperties: false - type: object - properties: - name: - type: string - type: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - required: - - name - - type - type: array - force: - type: boolean - integrationName: - type: string - required: - - integrationName - - datasets - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/data_streams: - get: - description: List data streams - operationId: '%2Fapi%2Ffleet%2Fepm%2Fdata_streams#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: type - required: false - schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: datasetQuery - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - default: asc - enum: - - asc - - desc - type: string - - in: query - name: uncategorisedOnly - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Data streams - /api/fleet/epm/packages: - get: - description: List packages - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: category - required: false - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: excludeInstallStatus - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array - response: - items: - additionalProperties: true - deprecated: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - post: - description: Install package by upload - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - responses: - '200': - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: - post: - description: Bulk install packages - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F_bulk#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - name: - type: string - prerelease: - type: boolean - version: - type: string - required: - - name - - version - minItems: 1 - type: array - required: - - packages - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgkey}: - delete: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#3' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: {} - summary: '' - tags: [] - get: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: withMetadata - required: false - schema: - default: false - type: boolean - responses: {} - summary: '' - tags: [] - post: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: {} - summary: '' - tags: [] - put: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate - responses: {} - summary: '' - tags: [] - /api/fleet/epm/packages/{pkgName}/{pkgVersion}: - delete: - description: Delete package - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#3' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - get: - description: Get package - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: withMetadata - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - metadata: - additionalProperties: false - type: object - properties: - has_policies: - type: boolean - required: - - has_policies - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - post: - description: Install package from registry - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - default: false - type: boolean - ignore_constraints: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - put: - description: Update package settings - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}: - get: - description: Get package file - operationId: >- - %2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D%2F%7BfilePath*%7D#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: - post: - description: Authorize transforms - operationId: >- - %2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D%2Ftransforms%2Fauthorize#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - transforms: - items: - additionalProperties: false - type: object - properties: - transformId: - type: string - required: - - transformId - type: array - required: - - transforms - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - error: - nullable: true - success: - type: boolean - transformId: - type: string - required: - - transformId - - success - - error - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/stats: - get: - description: Get package stats - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2Fstats#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - response: - additionalProperties: false - type: object - properties: - agent_policy_count: - type: number - required: - - agent_policy_count - required: - - response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/installed: - get: - description: Get installed packages - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2Finstalled#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: dataStreamType - required: false - schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: showOnlyActiveDataStreams - required: false - schema: - type: boolean - - in: query - name: nameQuery - required: false - schema: - type: string - - in: query - name: searchAfter - required: false - schema: - items: - anyOf: - - type: string - - type: number - type: array - - in: query - name: perPage - required: false - schema: - default: 15 - type: number - - in: query - name: sortOrder - required: false - schema: - default: asc - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - dataStreams: - items: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - required: - - name - - title - type: array - description: - type: string - icons: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - name: - type: string - status: - type: string - title: - type: string - version: - type: string - required: - - name - - version - - status - - dataStreams - type: array - searchAfter: - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: [] - nullable: true - - {} - type: array - total: - type: number - required: - - items - - total - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/limited: - get: - description: Get limited package list - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2Flimited#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - response: - deprecated: true - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: - get: - description: Get inputs template - operationId: >- - %2Fapi%2Ffleet%2Fepm%2Ftemplates%2F%7BpkgName%7D%2F%7BpkgVersion%7D%2Finputs#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - default: json - enum: - - json - - yml - - yaml - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - inputs: - items: - additionalProperties: false - type: object - properties: - id: - type: string - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - required: - - id - - type - type: array - required: - - inputs - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/verification_key_id: - get: - description: Get a package signature verification key ID - operationId: '%2Fapi%2Ffleet%2Fepm%2Fverification_key_id#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - nullable: true - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/fleet_server_hosts: - get: - description: List Fleet Server hosts - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - post: - description: Create Fleet Server host - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - name - - host_urls - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - /api/fleet/fleet_server_hosts/{itemId}: - delete: - description: Delete Fleet Server host by ID - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts%2F%7BitemId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - get: - description: Get Fleet Server host by ID - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts%2F%7BitemId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - put: - description: Update Fleet Server host by ID - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts%2F%7BitemId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - proxy_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - /api/fleet/health_check: - post: - description: Check Fleet Server health - operationId: '%2Fapi%2Ffleet%2Fhealth_check#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - required: - - id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - deprecated: true - type: string - host_id: - type: string - name: - type: string - status: - type: string - required: - - status - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/kubernetes: - get: - description: Get full K8s agent manifest - operationId: '%2Fapi%2Ffleet%2Fkubernetes#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - type: string - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/kubernetes/download: - get: - operationId: '%2Fapi%2Ffleet%2Fkubernetes%2Fdownload#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/logstash_api_keys: - post: - description: Generate Logstash API key - operationId: '%2Fapi%2Ffleet%2Flogstash_api_keys#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - api_key: - type: string - required: - - api_key - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/message_signing_service/rotate_key_pair: - post: - description: Rotate fleet message signing key pair - operationId: '%2Fapi%2Ffleet%2Fmessage_signing_service%2Frotate_key_pair#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: acknowledge - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Message Signing Service - /api/fleet/outputs: - get: - description: List outputs - operationId: '%2Fapi%2Ffleet%2Foutputs#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - post: - description: Create output - operationId: '%2Fapi%2Ffleet%2Foutputs#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}: - delete: - description: Delete output by ID - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - get: - description: Get output by ID - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - put: - description: Update output by ID - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - compression_level - - connection_type - - username - - password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}/health: - get: - description: Get latest output health - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D%2Fhealth#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - required: - - state - - message - - timestamp - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/package_policies: - get: - description: List package policies - operationId: '%2Fapi%2Ffleet%2Fpackage_policies#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - - in: query - name: withAgentCount - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - post: - description: Create package policy - operationId: '%2Fapi%2Ffleet%2Fpackage_policies#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - description: >- - Force package policy creation even if package is not - verified, or if the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - required: - - name - - inputs - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - description: >- - You should use inputs as an object and not use the deprecated - inputs array. - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: - post: - description: Bulk get package policies - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F_bulk_get#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/{packagePolicyId}: - delete: - description: Delete package policy by ID - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F%7BpackagePolicyId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - get: - description: Get package policy by ID - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F%7BpackagePolicyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet package policies - put: - description: Update package policy by ID - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F%7BpackagePolicyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - type: boolean - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - version: - type: string - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - description: Bulk delete package policies - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2Fdelete#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Use `policy_ids` instead - nullable: true - type: string - policy_ids: - items: - type: string - type: array - statusCode: - type: number - success: - type: boolean - required: - - id - - success - - policy_ids - - package - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - description: Upgrade package policy to a newer package version - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2Fupgrade#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - statusCode: - type: number - success: - type: boolean - required: - - id - - success - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - description: Dry run package policy upgrade - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2Fupgrade%2Fdryrun#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: - type: string - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - agent_diff: - items: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - required: - - package - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - type: array - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - diff: - items: - anyOf: - - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default - to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are - available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - revision - - updated_at - - updated_by - - created_at - - created_by - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - errors: - items: - additionalProperties: false - type: object - properties: - key: - type: string - message: - type: string - required: - - message - type: array - force: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - type: array - is_managed: - type: boolean - missingVars: - items: - type: string - type: array - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - name - - enabled - - inputs - type: array - hasErrors: - type: boolean - name: - type: string - statusCode: - type: number - required: - - hasErrors - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/proxies: - get: - description: List proxies - operationId: '%2Fapi%2Ffleet%2Fproxies#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - post: - description: Create proxy - operationId: '%2Fapi%2Ffleet%2Fproxies#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - url - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - /api/fleet/proxies/{itemId}: - delete: - description: Delete proxy by ID - operationId: '%2Fapi%2Ffleet%2Fproxies%2F%7BitemId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - get: - description: Get proxy by ID - operationId: '%2Fapi%2Ffleet%2Fproxies%2F%7BitemId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - put: - description: Update proxy by ID - operationId: '%2Fapi%2Ffleet%2Fproxies%2F%7BitemId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - proxy_headers - - certificate_authorities - - certificate - - certificate_key - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - description: Create a service token - operationId: '%2Fapi%2Ffleet%2Fservice_tokens#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - remote: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - name: - type: string - value: - type: string - required: - - name - - value - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet service tokens - /api/fleet/service-tokens: - post: - description: Create a service token - operationId: '%2Fapi%2Ffleet%2Fservice-tokens#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/settings: - get: - description: Get settings - operationId: '%2Fapi%2Ffleet%2Fsettings#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - put: - description: Update settings - operationId: '%2Fapi%2Ffleet%2Fsettings#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - additional_yaml_config: - type: string - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - format: uri - type: string - type: array - has_seen_add_data_notice: - type: boolean - kibana_ca_sha256: - type: string - kibana_urls: - items: - format: uri - type: string - type: array - prerelease_integrations_enabled: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/setup: - post: - description: Initiate Fleet setup - operationId: '%2Fapi%2Ffleet%2Fsetup#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Internal Server Error - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/uninstall_tokens: - get: - description: List metadata for latest uninstall tokens per agent policy - operationId: '%2Fapi%2Ffleet%2Funinstall_tokens#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Partial match filtering for policy IDs - in: query - name: policyId - required: false - schema: - maxLength: 50 - type: string - - in: query - name: search - required: false - schema: - maxLength: 50 - type: string - - description: The number of items to return - in: query - name: perPage - required: false - schema: - minimum: 5 - type: number - - in: query - name: page - required: false - schema: - minimum: 1 - type: number - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet uninstall tokens - /api/fleet/uninstall_tokens/{uninstallTokenId}: - get: - description: Get one decrypted uninstall token by its ID - operationId: '%2Fapi%2Ffleet%2Funinstall_tokens%2F%7BuninstallTokenId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: uninstallTokenId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - token: - type: string - required: - - id - - policy_id - - created_at - - token - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet uninstall tokens - /api/lists: - delete: - description: | - Delete a list using the list ID. - > info - > When you delete a list, all of its list items are also deleted. - operationId: DeleteList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query - name: deleteReferences - required: false - schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list - tags: - - Security Lists API - get: - description: Get the details of a list using the list ID. - operationId: ReadList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list details - tags: - - Security Lists API - patch: - description: Update specific fields of an existing list using the list ID. - operationId: PatchList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list - tags: - - Security Lists API - post: - description: Create a new list. - operationId: CreateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list - tags: - - Security Lists API - put: - description: > - Update a list using the list ID. The original list is replaced, and all - unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - - name - - description - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list - tags: - - Security Lists API - /api/lists/_find: - get: - description: >- - Get a paginated subset of lists. By default, the first page is returned, - with 20 results per page. - operationId: FindLists - parameters: - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get lists - tags: - - Security Lists API - /api/lists/index: - delete: - description: Delete the `.lists` and `.items` data streams. - operationId: DeleteListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete list data streams - tags: - - Security Lists API - get: - description: Verify that `.lists` and `.items` data streams exist. - operationId: ReadListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream(s) not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get status of list data streams - tags: - - Security Lists API - post: - description: Create `.lists` and `.items` data streams in the relevant space. - operationId: CreateListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create list data streams - tags: - - Security Lists API - /api/lists/items: - delete: - description: Delete a list item using its `id`, or its `list_id` and `value` fields. - operationId: DeleteListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list item - tags: - - Security Lists API - get: - description: Get the details of a list item. - operationId: ReadListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get a list item - tags: - - Security Lists API - patch: - description: Update specific fields of an existing list item using the list item ID. - operationId: PatchListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list item - tags: - - Security Lists API - post: - description: > - Create a list item and associate it with the specified list. - - - All list items in the same list must be the same type. For example, each - list item in an `ip` list must define a specific IP address. - - > info - - > Before creating a list item, you must create a list. - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list item - tags: - - Security Lists API - put: - description: > - Update a list item using the list item ID. The original list item is - replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list item - tags: - - Security Lists API - /api/lists/items/_export: - post: - description: Export list item values from the specified list. - operationId: ExportListItems - parameters: - - description: List's id to export - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Export list items - tags: - - Security Lists API - /api/lists/items/_find: - get: - description: Get all list items in the specified list. - operationId: FindListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor - data: - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list items - tags: - - Security Lists API - /api/lists/items/_import: - post: - description: > - Import list items from a TXT or CSV file. The maximum file size is 9 - million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems - parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListType' - - in: query - name: serializer - required: false - schema: - type: string - - in: query - name: deserializer - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - enum: - - 'true' - - 'false' - - wait_for - type: string - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Import list items - tags: - - Security Lists API - /api/lists/privileges: - get: - operationId: ReadListPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' - required: - - lists - - listItems - - is_authenticated - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list privileges - tags: - - Security Lists API - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync machine learning saved objects - tags: - - ml - /api/note: - delete: - description: Delete a note from a Timeline using the note ID. - operationId: DeleteNote - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds - description: The ID of the note to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - description: Indicates the note was successfully deleted. - summary: Delete a note - tags: - - Security Timeline API - - access:securitySolution - get: - description: Get all notes for a given document. - operationId: GetNotes - parameters: - - in: query - name: documentIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - - in: query - name: savedObjectIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' - - in: query - name: page - schema: - nullable: true - type: string - - in: query - name: perPage - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: sortField - schema: - nullable: true - type: string - - in: query - name: sortOrder - schema: - nullable: true - type: string - - in: query - name: filter - schema: - nullable: true - type: string - - in: query - name: userFilter - schema: - nullable: true - type: string - - in: query - name: associatedFilter - schema: - $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' - - type: object - description: Indicates the requested notes were returned. - summary: Get notes - tags: - - Security Timeline API - - access:securitySolution - patch: - description: Add a note to a Timeline or update an existing note. - operationId: PersistNoteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true - type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - noteId: - nullable: true - type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true - type: string - required: - - note - description: The note to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote - required: - - persistNote - required: - - data - description: Indicates the note was successfully created. - summary: Add or update a note - tags: - - Security Timeline API - - access:securitySolution - /api/osquery/live_queries: - get: - description: Get a list of all live queries. - operationId: OsqueryFindLiveQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live queries - tags: - - Security Osquery API - post: - description: Create and run a live query. - operationId: OsqueryCreateLiveQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Osquery API - /api/osquery/live_queries/{id}: - get: - description: Get the details of a live query using the query ID. - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - schema: - additionalProperties: true - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details - tags: - - Security Osquery API - /api/osquery/live_queries/{id}/results/{actionId}: - get: - description: Get the results of a live query using the query action ID. - operationId: OsqueryGetLiveQueryResults - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: path - name: actionId - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Osquery API - /api/osquery/packs: - get: - description: Get a list of all query packs. - operationId: OsqueryFindPacks - parameters: - - in: query - name: query - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs - tags: - - Security Osquery API - post: - description: Create a query pack. - operationId: OsqueryCreatePacks - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a pack - tags: - - Security Osquery API - /api/osquery/packs/{id}: - delete: - description: Delete a query pack using the pack ID. - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a pack - tags: - - Security Osquery API - get: - description: Get the details of a query pack using the pack ID. - operationId: OsqueryGetPacksDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get pack details - tags: - - Security Osquery API - put: - description: | - Update a query pack using the pack ID. - > info - > You cannot update a prebuilt pack. - operationId: OsqueryUpdatePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a pack - tags: - - Security Osquery API - /api/osquery/saved_queries: - get: - description: Get a list of all saved queries. - operationId: OsqueryFindSavedQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved queries - tags: - - Security Osquery API - post: - description: Create and run a saved query. - operationId: OsqueryCreateSavedQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Osquery API - /api/osquery/saved_queries/{id}: - delete: - description: Delete a saved query using the query ID. - operationId: OsqueryDeleteSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a saved query - tags: - - Security Osquery API - get: - description: Get the details of a saved query using the query ID. - operationId: OsqueryGetSavedQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Osquery API - put: - description: | - Update a saved query using the query ID. - > info - > You cannot update a prebuilt saved query. - operationId: OsqueryUpdateSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a saved query - tags: - - Security Osquery API - /api/pinned_event: - patch: - description: Pin an event to an existing Timeline. - operationId: PersistPinnedEventRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse - required: - - persistPinnedEventOnTimeline - required: - - data - description: Indicates the event was successfully pinned to the Timeline. - summary: Pin an event - tags: - - Security Timeline API - - access:securitySolution - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse - description: Unexpected error - summary: Cleanup the Risk Engine - tags: - - Security Entity Analytics API - /api/risk_score/engine/schedule_now: - post: - description: >- - Schedule the risk scoring engine to run as soon as possible. You can use - this to recalculate entity risk scores after updating their asset - criticality. - operationId: ScheduleRiskEngineNow - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: {} - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse - description: Unexpected error - summary: Run the risk scoring engine - tags: - - Security Entity Analytics API - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to anonymization fields - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: - get: - description: Get a list of all anonymization fields. - operationId: FindAnonymizationFields - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get anonymization fields - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a model response - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Get a list of all conversations for the current user. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get conversations - tags: - - Security AI Assistant API - - Conversations API - /api/security_ai_assistant/current_user/conversations/{id}: - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Delete a conversation - tags: - - Security AI Assistant API - - Conversation API - get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get a conversation - tags: - - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Update a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to prompts - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: - get: - description: Get a list of all prompts. - operationId: FindPrompts - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get prompts - tags: - - Security AI Assistant API - - Prompts API - /api/security/role: - get: - operationId: '%2Fapi%2Fsecurity%2Frole#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: {} - summary: Get all roles - tags: - - roles - /api/security/role/{name}: - delete: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - minLength: 1 - type: string - responses: {} - summary: Delete a role - tags: - - roles - get: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: name - required: true - schema: - minLength: 1 - type: string - - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: {} - summary: Get a role - tags: - - roles - put: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - maxLength: 1024 - minLength: 1 - type: string - - in: query - name: createOnly - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - description: - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - clusters: - items: - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - type: string - type: array - - items: - type: string - type: array - feature: - additionalProperties: - items: - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - responses: {} - summary: Create or update a role - tags: - - roles - /api/security/roles: - post: - operationId: '%2Fapi%2Fsecurity%2Froles#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - clusters: - items: - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - type: string - type: array - - items: - type: string - type: array - feature: - additionalProperties: - items: - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object - required: - - roles - responses: {} - summary: Create or update roles - tags: - - roles - /api/spaces/space: - get: - operationId: '%2Fapi%2Fspaces%2Fspace#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: - '200': - description: Indicates a successful call. - summary: Get all spaces - tags: - - spaces - post: - operationId: '%2Fapi%2Fspaces%2Fspace#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Create a space - tags: - - spaces - /api/spaces/space/{id}: - delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '404': - description: Indicates that the request failed. - summary: Delete a space - tags: - - spaces - get: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - description: Indicates a successful call. - summary: Get a space - tags: - - spaces - put: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Update a space - tags: - - spaces - /api/status: - get: - operationId: '%2Fapi%2Fstatus#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /api/timeline: - delete: - description: Delete one or more Timelines or Timeline templates. - operationId: DeleteTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - savedObjectIds: - items: - type: string - type: array - searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines - items: - type: string - type: array - required: - - savedObjectIds - description: The IDs of the Timelines or Timeline templates to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline - required: - - data - description: Indicates the Timeline was successfully deleted. - summary: Delete Timelines or Timeline templates - tags: - - Security Timeline API - - access:securitySolution - get: - description: Get the details of an existing saved Timeline or Timeline template. - operationId: GetTimeline - parameters: - - description: The ID of the template timeline to retrieve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the Timeline to retrieve. - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - required: - - getOneTimeline - required: - - data - - additionalProperties: false - type: object - description: Indicates that the (template) Timeline was found and returned. - summary: Get Timeline or Timeline template details - tags: - - Security Timeline API - - access:securitySolution - patch: - description: >- - Update an existing Timeline. You can update the title, description, date - range, pinned events, pinned queries, and/or pinned saved queries of an - existing Timeline. - operationId: PatchTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - timelineId - - version - - timeline - description: The Timeline updates, along with the Timeline ID and version. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates that the user does not have the required access to create - a draft Timeline. - summary: Update a Timeline - tags: - - Security Timeline API - - access:securitySolution - post: - description: Create a new Timeline or Timeline template. - operationId: CreateTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - status: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - version: - nullable: true - type: string - required: - - timeline - description: >- - The required Timeline fields used to create a new Timeline, along with - optional fields that will be created if not provided. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates the Timeline was successfully created. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that there was an error in the Timeline creation. - summary: Create a Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_copy: - get: - description: | - Copies and returns a timeline or timeline template. - operationId: CopyTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineIdToCopy: - type: string - required: - - timeline - - timelineIdToCopy - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the timeline has been successfully copied. - summary: Copies timeline or timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_draft: - get: - description: >- - Get the details of the draft Timeline or Timeline template for the - current user. If the user doesn't have a draft Timeline, an empty - Timeline is returned. - operationId: GetDraftTimelines - parameters: - - in: query - name: timelineType - required: true - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the draft Timeline was successfully retrieved. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - If a draft Timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft Timeline. - '409': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - This should never happen, but if a draft Timeline was not found and - we attempted to create one, it indicates that there is already a - draft Timeline with the given `timelineId`. - summary: Get draft Timeline or Timeline template details - tags: - - Security Timeline API - - access:securitySolution - post: - description: > - Create a clean draft Timeline or Timeline template for the current user. - - > info - - > If the user already has a draft Timeline, the existing draft Timeline - is cleared and returned. - operationId: CleanDraftTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - required: - - timelineType - description: >- - The type of Timeline to create. Valid values are `default` and - `template`. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft Timeline. - '409': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that there is already a draft Timeline with the given - `timelineId`. - summary: Create a clean draft Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_export: - post: - description: Export Timelines as an NDJSON file. - operationId: ExportTimelines - parameters: - - description: The name of the file to export - in: query - name: file_name - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array - description: The IDs of the Timelines to export. - required: true - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: NDJSON of the exported Timelines - type: string - description: Indicates the Timelines were successfully exported. - '400': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that the export size limit was exceeded. - summary: Export Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_favorite: - patch: - description: Favorite a Timeline or Timeline template for the current user. - operationId: PersistFavoriteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType - description: The required fields used to favorite a (template) Timeline. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistFavorite: - $ref: >- - #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse - required: - - persistFavorite - required: - - data - description: Indicates the favorite status was successfully updated. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. - summary: Favorite a Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_import: - post: - description: Import Timelines. - operationId: ImportTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: {} - isImmutable: - enum: - - 'true' - - 'false' - type: string - required: - - file - description: The Timelines to import as a readable stream. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the import of Timelines was successful. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: >- - Indicates the import of Timelines was unsuccessful because of an - invalid file extension. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - statusCode: - type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: Indicates the import of Timelines was unsuccessful. - summary: Import Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_prepackaged: - post: - description: Install or update prepackaged Timelines. - operationId: InstallPrepackedTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject - nullable: true - type: array - timelinesToInstall: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - timelinesToUpdate: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines - description: The Timelines to install or update. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the installation of prepackaged Timelines was successful. - '500': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the installation of prepackaged Timelines was - unsuccessful. - summary: Install prepackaged Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/resolve: - get: - operationId: ResolveTimeline - parameters: - - description: The ID of the template timeline to resolve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to resolve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Timeline_API_ResolvedTimeline - required: - - data - - additionalProperties: false - type: object - description: The (template) Timeline has been found - '400': - description: The request is missing parameters - '404': - description: The (template) Timeline was not found - summary: Get an existing saved Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timelines: - get: - description: Get a list of all saved Timelines or Timeline templates. - operationId: GetTimelines - parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. - in: query - name: only_user_favorite - schema: - enum: - - 'true' - - 'false' - nullable: true - type: string - - in: query - name: timeline_type - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - - in: query - name: sort_field - schema: - $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' - - in: query - name: sort_order - schema: - enum: - - asc - - desc - type: string - - in: query - name: page_size - schema: - nullable: true - type: string - - in: query - name: page_index - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: status - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - customTemplateTimelineCount: - type: number - defaultTimelineCount: - type: number - elasticTemplateTimelineCount: - type: number - favoriteCount: - type: number - templateTimelineCount: - type: number - timeline: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - type: array - totalCount: - type: number - required: - - timeline - - totalCount - description: Indicates that the (template) Timelines were found and returned. - '400': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Bad request. The user supplied invalid data. - summary: Get Timelines or Timeline templates - tags: - - Security Timeline API - - access:securitySolution - /s/{spaceId}/api/observability/slos: - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: The page to use for pagination, must be greater or equal than 1 - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs - tags: - - slo - post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - servers: - - url: https://localhost:5601 - summary: Create an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/_delete_instances: - post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - servers: - - url: https://localhost:5601 - summary: Batch delete rollup and summary data - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}: - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO - tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/_reset: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/disable: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/enable: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO - tags: - - slo -components: - examples: - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: emit(doc['shape_name'].value) - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: emit(doc["foo"].value) - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: $0,0.00 - products.base_unit_price: - id: number - params: - pattern: $0,0.00 - products.min_price: - id: number - params: - pattern: $0,0.00 - products.price: - id: number - params: - pattern: $0,0.00 - products.taxful_price: - id: number - params: - pattern: $0,0.00 - products.taxless_price: - id: number - params: - pattern: $0,0.00 - taxful_total_price: - id: number - params: - pattern: $0,0.[00] - taxless_total_price: - id: number - params: - pattern: $0,0.00 - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category - type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name - type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name - type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name - type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer - type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer - type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name - type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: $0,0.[00] - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: emit(doc["bar"].value) - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Serverless_saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Serverless_saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Serverless_saved_objects_import_objects_request: - value: - file: file.ndjson - Serverless_saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - parameters: - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Serverless_saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - schemas: - Data_views_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: - type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: - data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: - type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd - type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. - type: object - properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: - type: object - properties: - source: - description: Script for the runtime field. - type: string - type: - description: Mapping type of the runtime field. - type: string - required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object - properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. - type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. - type: string - toId: - description: New saved object reference value to replace the old value. - type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: The timestamp field name, which you use for time-based data views. - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: When set to `rollup`, identifies the rollup data views. - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request - type: object - properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean - required: - - data_view - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. - type: object - properties: - status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall - required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. - type: object - properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. - type: string - version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional - type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. - type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. - type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date - required: - - name - - uuid - - version - - status - - metrics - Machine_learning_APIs_mlSync200Response: - properties: - datafeedsAdded: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. - type: object - datafeedsRemoved: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. - type: object - savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated - savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted - title: Successful sync API response - type: object - Machine_learning_APIs_mlSync4xxResponse: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful sync API response - type: object - Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for anomaly detection jobs - type: object - Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for datafeeds - type: object - Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for data frame analytics jobs - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: If saved objects are missing for trained models, they are created. - type: object - title: Sync API response for created saved objects - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. - type: object - title: Sync API response for deleted saved objects - type: object - Machine_learning_APIs_mlSyncResponseSuccess: - description: The success or failure of the synchronization. - type: boolean - Machine_learning_APIs_mlSyncResponseTrainedModels: - description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for trained models - type: object - Security_AI_Assistant_API_AnonymizationFieldCreateProps: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - field: - type: string - required: - - field - Security_AI_Assistant_API_AnonymizationFieldDetailsInError: - type: object - properties: - id: - type: string - name: - type: string - required: - - id - Security_AI_Assistant_API_AnonymizationFieldResponse: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - createdAt: - type: string - createdBy: - type: string - field: - type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - namespace: - description: Kibana space - type: string - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: - type: string - updatedBy: - type: string - required: - - id - - field - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason: - enum: - - ANONYMIZATION_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult: - type: object - properties: - id: - type: string - name: - type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason - required: - - id - - skip_reason - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse: - type: object - properties: - anonymization_fields_count: - type: integer - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: - type: string - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults: - type: object - properties: - created: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult - type: array - updated: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_AnonymizationFieldUpdateProps: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - id: - type: string - required: - - id - Security_AI_Assistant_API_ApiConfig: - type: object - properties: - actionTypeId: - description: action type id - type: string - connectorId: - description: connector id - type: string - defaultSystemPromptId: - description: defaultSystemPromptId - type: string - model: - description: model - type: string - provider: - $ref: '#/components/schemas/Security_AI_Assistant_API_Provider' - description: Provider - required: - - connectorId - - actionTypeId - Security_AI_Assistant_API_BulkCrudActionSummary: - type: object - properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer - required: - - failed - - skipped - - succeeded - - total - Security_AI_Assistant_API_ChatCompleteProps: - type: object - properties: - connectorId: - type: string - conversationId: - type: string - isStream: - type: boolean - langSmithApiKey: - type: string - langSmithProject: - type: string - messages: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessage' - type: array - model: - type: string - persist: - type: boolean - promptId: - type: string - responseLanguage: - type: string - required: - - messages - - persist - - connectorId - Security_AI_Assistant_API_ChatMessage: - description: AI assistant message. - type: object - properties: - content: - description: Message content. - type: string - data: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageData' - description: ECS object to attach to the context of the message. - fields_to_anonymize: - items: - type: string - type: array - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessageRole' - description: Message role. - required: - - role - Security_AI_Assistant_API_ChatMessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_ConversationCategory: - description: The conversation category. - enum: - - assistant - - insights - type: string - Security_AI_Assistant_API_ConversationConfidence: - description: The conversation confidence. - enum: - - low - - medium - - high - type: string - Security_AI_Assistant_API_ConversationCreateProps: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - description: The conversation id. - type: string - isDefault: - description: Is default conversation. - type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - title: - description: The conversation title. - type: string - required: - - title - Security_AI_Assistant_API_ConversationResponse: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - createdAt: - description: The last time conversation was updated. - type: string - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - description: Is default conversation. - type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - namespace: - description: Kibana space - type: string - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - title: - description: The conversation title. - type: string - updatedAt: - description: The last time conversation was updated. - type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id - - title - - createdAt - - users - - namespace - - category - Security_AI_Assistant_API_ConversationSummary: - type: object - properties: - confidence: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationConfidence - description: >- - How confident you are about this being a correct and useful - learning. - content: - description: Summary text of the conversation over time. - type: string - public: - description: Define if summary is marked as publicly available. - type: boolean - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp summary was updated. - Security_AI_Assistant_API_ConversationUpdateProps: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - title: - description: The conversation title. - type: string - required: - - id - Security_AI_Assistant_API_FindAnonymizationFieldsSortField: - enum: - - created_at - - anonymized - - allowed - - field - - updated_at - type: string - Security_AI_Assistant_API_FindConversationsSortField: - enum: - - created_at - - is_default - - title - - updated_at - type: string - Security_AI_Assistant_API_FindPromptsSortField: - enum: - - created_at - - is_default - - name - - updated_at - type: string - Security_AI_Assistant_API_Message: - description: AI assistant conversation message. - type: object - properties: - content: - description: Message content. - type: string - isError: - description: Is error message. - type: boolean - reader: - $ref: '#/components/schemas/Security_AI_Assistant_API_Reader' - description: Message content. - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageRole' - description: Message role. - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp message was sent or received. - traceData: - $ref: '#/components/schemas/Security_AI_Assistant_API_TraceData' - description: trace Data - required: - - timestamp - - content - - role - Security_AI_Assistant_API_MessageData: - additionalProperties: true - type: object - Security_AI_Assistant_API_MessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_AI_Assistant_API_NormalizedAnonymizationFieldError: - type: object - properties: - anonymization_fields: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError - type: array - err_code: - type: string - message: - type: string - status_code: - type: integer - required: - - message - - status_code - - anonymization_fields - Security_AI_Assistant_API_NormalizedPromptError: - type: object - properties: - err_code: - type: string - message: - type: string - prompts: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError - type: array - status_code: - type: integer - required: - - message - - status_code - - prompts - Security_AI_Assistant_API_PromptCreateProps: - type: object - properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - name: - type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' - required: - - name - - content - - promptType - Security_AI_Assistant_API_PromptDetailsInError: - type: object - properties: - id: - type: string - name: - type: string - required: - - id - Security_AI_Assistant_API_PromptResponse: - type: object - properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - createdAt: - type: string - createdBy: - type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - name: - type: string - namespace: - description: Kibana space - type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: - type: string - updatedBy: - type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id - - name - - promptType - - content - Security_AI_Assistant_API_PromptsBulkActionSkipReason: - enum: - - PROMPT_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_PromptsBulkActionSkipResult: - type: object - properties: - id: - type: string - name: - type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason - required: - - id - - skip_reason - Security_AI_Assistant_API_PromptsBulkCrudActionResponse: - type: object - properties: - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: - type: string - prompts_count: - type: integer - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_AI_Assistant_API_PromptsBulkCrudActionResults: - type: object - properties: - created: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult - type: array - updated: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_PromptType: - description: Prompt type - enum: - - system - - quick - type: string - Security_AI_Assistant_API_PromptUpdateProps: - type: object - properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - id: - type: string - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - required: - - id - Security_AI_Assistant_API_Provider: - description: Provider - enum: - - OpenAI - - Azure OpenAI - - Other - type: string - Security_AI_Assistant_API_Reader: - additionalProperties: true - type: object - Security_AI_Assistant_API_Replacements: - additionalProperties: - type: string - description: Replacements object used to anonymize/deanomymize messsages - type: object - Security_AI_Assistant_API_SortOrder: - enum: - - asc - - desc - type: string - Security_AI_Assistant_API_TraceData: - description: trace Data - type: object - properties: - traceId: - description: Could be any string, not necessarily a UUID - type: string - transactionId: - description: Could be any string, not necessarily a UUID - type: string - Security_AI_Assistant_API_User: - description: Could be any string, not necessarily a UUID - type: object - properties: - id: - description: User id - type: string - name: - description: User name - type: string - Security_Detections_API_AlertAssignees: - type: object - properties: - add: - description: A list of users ids to assign. - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - remove: - description: A list of users ids to unassign. - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - required: - - add - - remove - Security_Detections_API_AlertIds: - description: A list of alerts ids. - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - minItems: 1 - type: array - Security_Detections_API_AlertsIndex: - deprecated: true - description: (deprecated) Has no effect. - type: string - Security_Detections_API_AlertsIndexNamespace: - description: Has no effect. - type: string - Security_Detections_API_AlertsSort: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - - items: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsSortCombinations - type: array - Security_Detections_API_AlertsSortCombinations: - anyOf: - - type: string - - additionalProperties: true - type: object - Security_Detections_API_AlertStatus: - enum: - - open - - closed - - acknowledged - - in-progress - type: string - Security_Detections_API_AlertSuppression: - type: object - properties: - duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration - group_by: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' - missing_fields_strategy: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy - required: - - group_by - Security_Detections_API_AlertSuppressionDuration: - type: object - properties: - unit: - enum: - - s - - m - - h - type: string - value: - minimum: 1 - type: integer - required: - - value - - unit - Security_Detections_API_AlertSuppressionGroupBy: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Detections_API_AlertSuppressionMissingFieldsStrategy: - description: >- - Describes how alerts will be generated for documents with missing - suppress by fields: - - doNotSuppress - per each document a separate alert will be created - - suppress - only alert will be created per suppress by bucket - enum: - - doNotSuppress - - suppress - type: string - Security_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - Security_Detections_API_AlertTags: - items: - $ref: '#/components/schemas/Security_Detections_API_AlertTag' - type: array - Security_Detections_API_AnomalyThreshold: - description: Anomaly threshold - minimum: 0 - type: integer - Security_Detections_API_BuildingBlockType: - description: >- - Determines if the rule acts as a building block. By default, - building-block alerts are not displayed in the UI. These rules are used - as a foundation for other rules that do generate alerts. Its value must - be default. - type: string - Security_Detections_API_BulkActionEditPayload: - anyOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule - Security_Detections_API_BulkActionEditPayloadIndexPatterns: - type: object - properties: - overwrite_data_views: - type: boolean - type: - enum: - - add_index_patterns - - delete_index_patterns - - set_index_patterns - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadInvestigationFields: - type: object - properties: - type: - enum: - - add_investigation_fields - - delete_investigation_fields - - set_investigation_fields - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadRuleActions: - type: object - properties: - type: - enum: - - add_rule_actions - - set_rule_actions - type: string - value: - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleAction - type: array - throttle: - $ref: >- - #/components/schemas/Security_Detections_API_ThrottleForBulkActions - required: - - actions - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadSchedule: - type: object - properties: - type: - enum: - - set_schedule - type: string - value: - type: object - properties: - interval: - description: >- - Interval in which the rule runs. For example, `"1h"` means the - rule runs every hour. - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - lookback: - description: Lookback time for the rule - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - required: - - interval - - lookback - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadTags: - type: object - properties: - type: - enum: - - add_tags - - delete_tags - - set_tags - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadTimeline: - type: object - properties: - type: - enum: - - set_timeline - type: string - value: - type: object - properties: - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - required: - - timeline_id - - timeline_title - required: - - type - - value - Security_Detections_API_BulkActionsDryRunErrCode: - enum: - - IMMUTABLE - - MACHINE_LEARNING_AUTH - - MACHINE_LEARNING_INDEX_PATTERN - - ESQL_INDEX_PATTERN - - MANUAL_RULE_RUN_FEATURE - - MANUAL_RULE_RUN_DISABLED_RULE - type: string - Security_Detections_API_BulkActionSkipResult: - type: object - properties: - id: - type: string - name: - type: string - skip_reason: - $ref: '#/components/schemas/Security_Detections_API_BulkEditSkipReason' - required: - - id - - skip_reason - Security_Detections_API_BulkDeleteRules: - type: object - properties: - action: - enum: - - delete - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkDisableRules: - type: object - properties: - action: - enum: - - disable - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkDuplicateRules: - type: object - properties: - action: - enum: - - duplicate - type: string - duplicate: - type: object - properties: - include_exceptions: - description: Whether to copy exceptions from the original rule - type: boolean - include_expired_exceptions: - description: Whether to copy expired exceptions from the original rule - type: boolean - required: - - include_exceptions - - include_expired_exceptions - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkEditActionResponse: - type: object - properties: - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleError - type: array - results: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResults - summary: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionSummary - required: - - results - - summary - message: - type: string - rules_count: - type: integer - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_Detections_API_BulkEditActionResults: - type: object - properties: - created: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - deleted: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - skipped: - items: - $ref: '#/components/schemas/Security_Detections_API_BulkActionSkipResult' - type: array - updated: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - required: - - updated - - created - - deleted - - skipped - Security_Detections_API_BulkEditActionSummary: - type: object - properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer - required: - - failed - - skipped - - succeeded - - total - Security_Detections_API_BulkEditRules: - type: object - properties: - action: - enum: - - edit - type: string - edit: - description: Array of objects containing the edit operations - items: - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload' - minItems: 1 - type: array - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - - edit - Security_Detections_API_BulkEditSkipReason: - enum: - - RULE_NOT_MODIFIED - type: string - Security_Detections_API_BulkEnableRules: - type: object - properties: - action: - enum: - - enable - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkExportActionResponse: - type: string - Security_Detections_API_BulkExportRules: - type: object - properties: - action: - enum: - - export - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkManualRuleRun: - type: object - properties: - action: - enum: - - run - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - run: - type: object - properties: - end_date: - description: End date of the manual rule run - type: string - start_date: - description: Start date of the manual rule run - type: string - required: - - start_date - required: - - action - - run - Security_Detections_API_ConcurrentSearches: - minimum: 1 - type: integer - Security_Detections_API_DataViewId: - type: string - Security_Detections_API_DefaultParams: - type: object - properties: - command: - enum: - - isolate - type: string - comment: - type: string - required: - - command - Security_Detections_API_EcsMapping: - additionalProperties: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array - type: object - Security_Detections_API_EndpointResponseAction: - type: object - properties: - action_type_id: - enum: - - .endpoint - type: string - params: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_DefaultParams' - - $ref: '#/components/schemas/Security_Detections_API_ProcessesParams' - required: - - action_type_id - - params - Security_Detections_API_EqlOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - event_category_override: - $ref: '#/components/schemas/Security_Detections_API_EventCategoryOverride' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - tiebreaker_field: - $ref: '#/components/schemas/Security_Detections_API_TiebreakerField' - timestamp_field: - $ref: '#/components/schemas/Security_Detections_API_TimestampField' - Security_Detections_API_EqlQueryLanguage: - enum: - - eql - type: string - Security_Detections_API_EqlRequiredFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' - description: Query language to use - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type - enum: - - eql - type: string - required: - - type - - query - - language - Security_Detections_API_EqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' - Security_Detections_API_EqlRuleCreateFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' - Security_Detections_API_EqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' - Security_Detections_API_EqlRulePatchFields: - allOf: - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' - description: Query language to use - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type - enum: - - eql - type: string - - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' - Security_Detections_API_EqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' - Security_Detections_API_EqlRuleResponseFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' - Security_Detections_API_EqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' - Security_Detections_API_ErrorSchema: - additionalProperties: false - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message - id: - type: string - item_id: - minLength: 1 - type: string - list_id: - minLength: 1 - type: string - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - required: - - error - Security_Detections_API_EsqlQueryLanguage: - enum: - - esql - type: string - Security_Detections_API_EsqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' - Security_Detections_API_EsqlRuleCreateFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' - Security_Detections_API_EsqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' - Security_Detections_API_EsqlRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - Security_Detections_API_EsqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - language: - $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: ESQL query to execute - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - type: - description: Rule type - enum: - - esql - type: string - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' - Security_Detections_API_EsqlRuleRequiredFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: ESQL query to execute - type: - description: Rule type - enum: - - esql - type: string - required: - - type - - language - - query - Security_Detections_API_EsqlRuleResponseFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' - Security_Detections_API_EsqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' - Security_Detections_API_EventCategoryOverride: - type: string - Security_Detections_API_ExceptionListType: - description: The exception type - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Detections_API_ExternalRuleSource: - description: >- - Type of rule source for externally sourced rules, i.e. rules that have - an external source, such as the Elastic Prebuilt rules repo. - type: object - properties: - is_customized: - $ref: >- - #/components/schemas/Security_Detections_API_IsExternalRuleCustomized - type: - enum: - - external - type: string - required: - - type - - is_customized - Security_Detections_API_FindRulesSortField: - enum: - - created_at - - createdAt - - enabled - - execution_summary.last_execution.date - - execution_summary.last_execution.metrics.execution_gap_duration_s - - execution_summary.last_execution.metrics.total_indexing_duration_ms - - execution_summary.last_execution.metrics.total_search_duration_ms - - execution_summary.last_execution.status - - name - - risk_score - - riskScore - - severity - - updated_at - - updatedAt - type: string - Security_Detections_API_HistoryWindowStart: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - Security_Detections_API_IndexPatternArray: - items: - type: string - type: array - Security_Detections_API_InternalRuleSource: - description: >- - Type of rule source for internally sourced rules, i.e. created within - the Kibana apps. - type: object - properties: - type: - enum: - - internal - type: string - required: - - type - Security_Detections_API_InvestigationFields: - description: > - Schema for fields relating to investigation fields. These are user - defined fields we use to highlight - - in various features in the UI such as alert details flyout and - exceptions auto-population from alert. - - Added in PR #163235 - - Right now we only have a single field but anticipate adding more related - fields to store various - - configuration states such as `override` - where a user might say if they - want only these fields to - - display, or if they want these fields + the fields we select. When - expanding this field, it may look - - something like: - - ```typescript - - const investigationFields = z.object({ - field_names: NonEmptyArray(NonEmptyString), - override: z.boolean().optional(), - }); - - ``` - type: object - properties: - field_names: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - minItems: 1 - type: array - required: - - field_names - Security_Detections_API_InvestigationGuide: - description: Notes to help investigate alerts produced by the rule. - type: string - Security_Detections_API_IsExternalRuleCustomized: - description: >- - Determines whether an external/prebuilt rule has been customized by the - user (i.e. any of its fields have been modified and diverged from the - base value). - type: boolean - Security_Detections_API_IsRuleEnabled: - description: Determines whether the rule is enabled. - type: boolean - Security_Detections_API_IsRuleImmutable: - deprecated: true - description: >- - This field determines whether the rule is a prebuilt Elastic rule. It - will be replaced with the `rule_source` field. - type: boolean - Security_Detections_API_ItemsPerSearch: - minimum: 1 - type: integer - Security_Detections_API_KqlQueryLanguage: - enum: - - kuery - - lucene - type: string - Security_Detections_API_MachineLearningJobId: - description: Machine learning job ID - oneOf: - - type: string - - items: - type: string - minItems: 1 - type: array - Security_Detections_API_MachineLearningRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields - Security_Detections_API_MachineLearningRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields - Security_Detections_API_MachineLearningRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields - Security_Detections_API_MachineLearningRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - Security_Detections_API_MachineLearningRulePatchFields: - allOf: - - type: object - properties: - anomaly_threshold: - $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' - machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningJobId - type: - description: Rule type - enum: - - machine_learning - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields - Security_Detections_API_MachineLearningRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields - Security_Detections_API_MachineLearningRuleRequiredFields: - type: object - properties: - anomaly_threshold: - $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' - machine_learning_job_id: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' - type: - description: Rule type - enum: - - machine_learning - type: string - required: - - type - - machine_learning_job_id - - anomaly_threshold - Security_Detections_API_MachineLearningRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields - Security_Detections_API_MachineLearningRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields - Security_Detections_API_MaxSignals: - minimum: 1 - type: integer - Security_Detections_API_NewTermsFields: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Detections_API_NewTermsRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields - Security_Detections_API_NewTermsRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields - Security_Detections_API_NewTermsRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields - Security_Detections_API_NewTermsRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_NewTermsRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - Security_Detections_API_NewTermsRulePatchFields: - allOf: - - type: object - properties: - history_window_start: - $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' - new_terms_fields: - $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields - Security_Detections_API_NewTermsRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' - Security_Detections_API_NewTermsRuleRequiredFields: - type: object - properties: - history_window_start: - $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' - new_terms_fields: - $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string - required: - - type - - query - - new_terms_fields - - history_window_start - Security_Detections_API_NewTermsRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_NewTermsRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields - Security_Detections_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Detections_API_NormalizedRuleAction: - additionalProperties: false - type: object - properties: - alerts_filter: - $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' - frequency: - $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' - group: - $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleActionId' - params: - $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' - required: - - id - - params - Security_Detections_API_NormalizedRuleError: - type: object - properties: - err_code: - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode - message: - type: string - rules: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleDetailsInError' - type: array - status_code: - type: integer - required: - - message - - status_code - - rules - Security_Detections_API_OsqueryParams: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Detections_API_EcsMapping' - pack_id: - type: string - queries: - items: - $ref: '#/components/schemas/Security_Detections_API_OsqueryQuery' - type: array - query: - type: string - saved_query_id: - type: string - timeout: - type: number - Security_Detections_API_OsqueryQuery: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Detections_API_EcsMapping' - id: - description: Query ID - type: string - platform: - type: string - query: - description: Query to run - type: string - removed: - type: boolean - snapshot: - type: boolean - version: - description: Query version - type: string - required: - - id - - query - Security_Detections_API_OsqueryResponseAction: - type: object - properties: - action_type_id: - enum: - - .osquery - type: string - params: - $ref: '#/components/schemas/Security_Detections_API_OsqueryParams' - required: - - action_type_id - - params - Security_Detections_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Detections_API_ProcessesParams: - type: object - properties: - command: - enum: - - kill-process - - suspend-process - type: string - comment: - type: string - config: - type: object - properties: - field: - description: Field to use instead of process.pid - type: string - overwrite: - default: true - description: Whether to overwrite field with process.pid - type: boolean - required: - - field - required: - - command - - config - Security_Detections_API_QueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' - Security_Detections_API_QueryRuleCreateFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields - Security_Detections_API_QueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' - Security_Detections_API_QueryRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - Security_Detections_API_QueryRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - Security_Detections_API_QueryRulePatchFields: - allOf: - - type: object - properties: - type: - description: Rule type - enum: - - query - type: string - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields - Security_Detections_API_QueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' - Security_Detections_API_QueryRuleRequiredFields: - type: object - properties: - type: - description: Rule type - enum: - - query - type: string - required: - - type - Security_Detections_API_QueryRuleResponseFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - required: - - query - - language - Security_Detections_API_QueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' - Security_Detections_API_RelatedIntegration: - description: > - Related integration is a potential dependency of a rule. It's assumed - that if the user installs - - one of the related integrations of a rule, the rule might start to work - properly because it will - - have source events (generated by this integration) potentially matching - the rule's query. - - - NOTE: Proper work is not guaranteed, because a related integration, if - installed, can be - - configured differently or generate data that is not necessarily relevant - for this rule. - - - Related integration is a combination of a Fleet package and (optionally) - one of the - - package's "integrations" that this package contains. It is represented - by 3 properties: - - - - `package`: name of the package (required, unique id) - - - `version`: version of the package (required, semver-compatible) - - - `integration`: name of the integration of this package (optional, id - within the package) - - - There are Fleet packages like `windows` that contain only one - integration; in this case, - - `integration` should be unspecified. There are also packages like `aws` - and `azure` that contain - - several integrations; in this case, `integration` should be specified. - - - @example - - const x: RelatedIntegration = { - package: 'windows', - version: '1.5.x', - }; - - - @example - - const x: RelatedIntegration = { - package: 'azure', - version: '~1.1.6', - integration: 'activitylogs', - }; - type: object - properties: - integration: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - package: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - version: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - package - - version - Security_Detections_API_RelatedIntegrationArray: - items: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' - type: array - Security_Detections_API_RequiredField: - description: > - Describes an Elasticsearch field that is needed for the rule to - function. - - - Almost all types of Security rules check source event documents for a - match to some kind of - - query or filter. If a document has certain field with certain values, - then it's a match and - - the rule will generate an alert. - - - Required field is an event field that must be present in the source - indices of a given rule. - - - @example - - const standardEcsField: RequiredField = { - name: 'event.action', - type: 'keyword', - ecs: true, - }; - - - @example - - const nonEcsField: RequiredField = { - name: 'winlog.event_data.AttributeLDAPDisplayName', - type: 'keyword', - ecs: false, - }; - type: object - properties: - ecs: - description: Whether the field is an ECS field - type: boolean - name: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Type of the Elasticsearch field - required: - - name - - type - - ecs - Security_Detections_API_RequiredFieldArray: - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredField' - type: array - Security_Detections_API_RequiredFieldInput: - description: >- - Input parameters to create a RequiredField. Does not include the `ecs` - field, because `ecs` is calculated on the backend based on the field - name and type. - type: object - properties: - name: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Type of an Elasticsearch field - required: - - name - - type - Security_Detections_API_ResponseAction: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_OsqueryResponseAction' - - $ref: '#/components/schemas/Security_Detections_API_EndpointResponseAction' - Security_Detections_API_ResponseFields: - type: object - properties: - created_at: - format: date-time - type: string - created_by: - type: string - execution_summary: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - immutable: - $ref: '#/components/schemas/Security_Detections_API_IsRuleImmutable' - required_fields: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldArray' - revision: - minimum: 0 - type: integer - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_source: - $ref: '#/components/schemas/Security_Detections_API_RuleSource' - updated_at: - format: date-time - type: string - updated_by: - type: string - required: - - id - - rule_id - - immutable - - rule_source - - updated_at - - updated_by - - created_at - - created_by - - revision - - related_integrations - - required_fields - Security_Detections_API_RiskScore: - description: Risk score (0 to 100) - maximum: 100 - minimum: 0 - type: integer - Security_Detections_API_RiskScoreMapping: - description: >- - Overrides generated alerts' risk_score with a value from the source - event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - value: - type: string - required: - - field - - operator - - value - type: array - Security_Detections_API_RuleAction: - type: object - properties: - action_type_id: - description: The action type used for sending notifications. - type: string - alerts_filter: - $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' - frequency: - $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' - group: - $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleActionId' - params: - $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' - uuid: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - action_type_id - - id - - params - Security_Detections_API_RuleActionAlertsFilter: - additionalProperties: true - type: object - Security_Detections_API_RuleActionFrequency: - description: >- - The action frequency defines when the action runs (for example, only on - rule execution or at specific time intervals). - type: object - properties: - notifyWhen: - $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' - summary: - description: >- - Action summary indicates whether we will send a summary notification - about all the generate alerts or notification per individual alert - type: boolean - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - nullable: true - required: - - summary - - notifyWhen - - throttle - Security_Detections_API_RuleActionGroup: - description: >- - Optionally groups actions by use cases. Use `default` for alert - notifications. - type: string - Security_Detections_API_RuleActionId: - description: The connector ID. - type: string - Security_Detections_API_RuleActionNotifyWhen: - description: >- - The condition for throttling the notification: `onActionGroupChange`, - `onActiveAlert`, or `onThrottleInterval` - enum: - - onActiveAlert - - onThrottleInterval - - onActionGroupChange - type: string - Security_Detections_API_RuleActionParams: - additionalProperties: true - description: >- - Object containing the allowed connector fields, which varies according - to the connector type. - type: object - Security_Detections_API_RuleActionThrottle: - description: Defines how often rule actions are taken. - oneOf: - - enum: - - no_actions - - rule - type: string - - description: Time interval in seconds, minutes, hours, or days. - example: 1h - pattern: ^[1-9]\d*[smhd]$ - type: string - Security_Detections_API_RuleAuthorArray: - items: - type: string - type: array - Security_Detections_API_RuleCreateProps: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' - discriminator: - propertyName: type - Security_Detections_API_RuleDescription: - minLength: 1 - type: string - Security_Detections_API_RuleDetailsInError: - type: object - properties: - id: - type: string - name: - type: string - required: - - id - Security_Detections_API_RuleExceptionList: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: ID of the exception container - list_id: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: List ID of the exception container - namespace_type: - description: Determines the exceptions validity in rule's Kibana space - enum: - - agnostic - - single - type: string - type: - $ref: '#/components/schemas/Security_Detections_API_ExceptionListType' - required: - - id - - list_id - - type - - namespace_type - Security_Detections_API_RuleExecutionMetrics: - type: object - properties: - execution_gap_duration_s: - description: Duration in seconds of execution gap - minimum: 0 - type: integer - total_enrichment_duration_ms: - description: >- - Total time spent enriching documents during current rule execution - cycle - minimum: 0 - type: integer - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during current rule execution - cycle - minimum: 0 - type: integer - total_search_duration_ms: - description: >- - Total time spent performing ES searches as measured by Kibana; - includes network latency and time spent serializing/deserializing - request/response - minimum: 0 - type: integer - Security_Detections_API_RuleExecutionStatus: - description: >- - Custom execution status of Security rules that is different from the - status used in the Alerting Framework. We merge our custom status with - the Framework's status to determine the resulting status of a rule. - - - going to run - @deprecated Replaced by the 'running' status but left - for backwards compatibility with rule execution events already written - to Event Log in the prior versions of Kibana. Don't use when writing - rule status changes. - - - running - Rule execution started but not reached any intermediate or - final status. - - - partial failure - Rule can partially fail for various reasons either - in the middle of an execution (in this case we update its status right - away) or in the end of it. So currently this status can be both - intermediate and final at the same time. A typical reason for a partial - failure: not all the indices that the rule searches over actually exist. - - - failed - Rule failed to execute due to unhandled exception or a reason - defined in the business logic of its executor function. - - - succeeded - Rule executed successfully without any issues. Note: this - status is just an indication of a rule's "health". The rule might or - might not generate any alerts despite of it. - enum: - - going to run - - running - - partial failure - - failed - - succeeded - type: string - Security_Detections_API_RuleExecutionStatusOrder: - type: integer - Security_Detections_API_RuleExecutionSummary: - type: object - properties: - last_execution: - type: object - properties: - date: - description: Date of the last execution - format: date-time - type: string - message: - type: string - metrics: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionMetrics - status: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' - description: Status of the last execution - status_order: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder - required: - - date - - status - - status_order - - message - - metrics - required: - - last_execution - Security_Detections_API_RuleFalsePositiveArray: - items: - type: string - type: array - Security_Detections_API_RuleFilterArray: - items: {} - type: array - Security_Detections_API_RuleInterval: - description: >- - Frequency of rule execution, using a date math range. For example, "1h" - means the rule runs every hour. Defaults to 5m (5 minutes). - type: string - Security_Detections_API_RuleIntervalFrom: - description: >- - Time from which data is analyzed each time the rule runs, using a date - math range. For example, now-4200s means the rule analyzes data from 70 - minutes before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). - format: date-math - type: string - Security_Detections_API_RuleIntervalTo: - type: string - Security_Detections_API_RuleLicense: - description: The rule's license. - type: string - Security_Detections_API_RuleMetadata: - additionalProperties: true - type: object - Security_Detections_API_RuleName: - minLength: 1 - type: string - Security_Detections_API_RuleNameOverride: - description: Sets the source field for the alert's signal.rule.name value - type: string - Security_Detections_API_RuleObjectId: - $ref: '#/components/schemas/Security_Detections_API_UUID' - Security_Detections_API_RulePatchProps: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' - - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps - - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' - Security_Detections_API_RulePreviewLoggedRequest: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - duration: - type: integer - request: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - request - Security_Detections_API_RulePreviewLogs: - type: object - properties: - duration: - description: Execution duration in milliseconds - type: integer - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - requests: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest - type: array - startedAt: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - warnings: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - required: - - errors - - warnings - - duration - Security_Detections_API_RulePreviewParams: - type: object - properties: - invocationCount: - type: integer - timeframeEnd: - format: date-time - type: string - required: - - invocationCount - - timeframeEnd - Security_Detections_API_RuleQuery: - type: string - Security_Detections_API_RuleReferenceArray: - items: - type: string - type: array - Security_Detections_API_RuleResponse: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRule' - - $ref: '#/components/schemas/Security_Detections_API_QueryRule' - - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule' - - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule' - - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule' - - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule' - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRule' - discriminator: - propertyName: type - Security_Detections_API_RuleSignatureId: - description: Could be any string, not necessarily a UUID - type: string - Security_Detections_API_RuleSource: - description: >- - Discriminated union that determines whether the rule is internally - sourced (created within the Kibana app) or has an external source, such - as the Elastic Prebuilt rules repo. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' - - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' - Security_Detections_API_RuleTagArray: - description: >- - String array containing words and phrases to help categorize, filter, - and search rules. Defaults to an empty array. - items: - type: string - type: array - Security_Detections_API_RuleUpdateProps: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' - discriminator: - propertyName: type - Security_Detections_API_RuleVersion: - description: The rule's version number. - minimum: 1 - type: integer - Security_Detections_API_SavedObjectResolveAliasPurpose: - enum: - - savedObjectConversion - - savedObjectImport - type: string - Security_Detections_API_SavedObjectResolveAliasTargetId: - type: string - Security_Detections_API_SavedObjectResolveOutcome: - enum: - - exactMatch - - aliasMatch - - conflict - type: string - Security_Detections_API_SavedQueryId: - type: string - Security_Detections_API_SavedQueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields - Security_Detections_API_SavedQueryRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields - Security_Detections_API_SavedQueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields - Security_Detections_API_SavedQueryRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_SavedQueryRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - Security_Detections_API_SavedQueryRulePatchFields: - allOf: - - type: object - properties: - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - type: - description: Rule type - enum: - - saved_query - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields - Security_Detections_API_SavedQueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields - Security_Detections_API_SavedQueryRuleRequiredFields: - type: object - properties: - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - type: - description: Rule type - enum: - - saved_query - type: string - required: - - type - - saved_id - Security_Detections_API_SavedQueryRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_SavedQueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields - Security_Detections_API_SetAlertsStatusByIds: - type: object - properties: - signal_ids: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - minItems: 1 - type: array - status: - $ref: '#/components/schemas/Security_Detections_API_AlertStatus' - required: - - signal_ids - - status - Security_Detections_API_SetAlertsStatusByQuery: - type: object - properties: - conflicts: - default: abort - enum: - - abort - - proceed - type: string - query: - additionalProperties: true - type: object - status: - $ref: '#/components/schemas/Security_Detections_API_AlertStatus' - required: - - query - - status - Security_Detections_API_SetAlertTags: - type: object - properties: - tags_to_add: - $ref: '#/components/schemas/Security_Detections_API_AlertTags' - tags_to_remove: - $ref: '#/components/schemas/Security_Detections_API_AlertTags' - required: - - tags_to_add - - tags_to_remove - Security_Detections_API_SetupGuide: - type: string - Security_Detections_API_Severity: - description: Severity of the rule - enum: - - low - - medium - - high - - critical - type: string - Security_Detections_API_SeverityMapping: - description: Overrides generated alerts' severity with values from the source event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - value: - type: string - required: - - field - - operator - - severity - - value - type: array - Security_Detections_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Detections_API_SortOrder: - enum: - - asc - - desc - type: string - Security_Detections_API_Threat: - type: object - properties: - framework: - description: Relevant attack framework - type: string - tactic: - $ref: '#/components/schemas/Security_Detections_API_ThreatTactic' - technique: - description: Array containing information on the attack techniques (optional) - items: - $ref: '#/components/schemas/Security_Detections_API_ThreatTechnique' - type: array - required: - - framework - - tactic - Security_Detections_API_ThreatArray: - items: - $ref: '#/components/schemas/Security_Detections_API_Threat' - type: array - Security_Detections_API_ThreatFilters: - items: - description: >- - Query and filter context array used to filter documents from the - Elasticsearch index containing the threat values - type: array - Security_Detections_API_ThreatIndex: - items: - type: string - type: array - Security_Detections_API_ThreatIndicatorPath: - description: >- - Defines the path to the threat indicator in the indicator documents - (optional) - type: string - Security_Detections_API_ThreatMapping: - items: - type: object - properties: - entries: - items: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: - enum: - - mapping - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - field - - type - - value - type: array - required: - - entries - minItems: 1 - type: array - Security_Detections_API_ThreatMatchRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields - Security_Detections_API_ThreatMatchRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields - Security_Detections_API_ThreatMatchRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields - Security_Detections_API_ThreatMatchRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_ThreatMatchRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - concurrent_searches: - $ref: '#/components/schemas/Security_Detections_API_ConcurrentSearches' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - items_per_search: - $ref: '#/components/schemas/Security_Detections_API_ItemsPerSearch' - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - threat_filters: - $ref: '#/components/schemas/Security_Detections_API_ThreatFilters' - threat_indicator_path: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndicatorPath' - threat_language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_ThreatMatchRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' - type: - description: Rule type - enum: - - threat_match - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields - Security_Detections_API_ThreatMatchRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields - Security_Detections_API_ThreatMatchRuleRequiredFields: - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' - type: - description: Rule type - enum: - - threat_match - type: string - required: - - type - - query - - threat_query - - threat_mapping - - threat_index - Security_Detections_API_ThreatMatchRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_ThreatMatchRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields - Security_Detections_API_ThreatQuery: - description: Query to run - type: string - Security_Detections_API_ThreatSubtechnique: - type: object - properties: - id: - description: Subtechnique ID - type: string - name: - description: Subtechnique name - type: string - reference: - description: Subtechnique reference - type: string - required: - - id - - name - - reference - Security_Detections_API_ThreatTactic: - type: object - properties: - id: - description: Tactic ID - type: string - name: - description: Tactic name - type: string - reference: - description: Tactic reference - type: string - required: - - id - - name - - reference - Security_Detections_API_ThreatTechnique: - type: object - properties: - id: - description: Technique ID - type: string - name: - description: Technique name - type: string - reference: - description: Technique reference - type: string - subtechnique: - description: Array containing more specific information on the attack technique - items: - $ref: '#/components/schemas/Security_Detections_API_ThreatSubtechnique' - type: array - required: - - id - - name - - reference - Security_Detections_API_Threshold: - type: object - properties: - cardinality: - $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality' - field: - $ref: '#/components/schemas/Security_Detections_API_ThresholdField' - value: - $ref: '#/components/schemas/Security_Detections_API_ThresholdValue' - required: - - field - - value - Security_Detections_API_ThresholdAlertSuppression: - type: object - properties: - duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration - required: - - duration - Security_Detections_API_ThresholdCardinality: - items: - type: object - properties: - field: - type: string - value: - minimum: 0 - type: integer - required: - - field - - value - type: array - Security_Detections_API_ThresholdField: - description: Field to aggregate on - oneOf: - - type: string - - items: - type: string - type: array - Security_Detections_API_ThresholdRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields - Security_Detections_API_ThresholdRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields - Security_Detections_API_ThresholdRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields - Security_Detections_API_ThresholdRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_ThresholdRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdAlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - Security_Detections_API_ThresholdRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields - Security_Detections_API_ThresholdRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRulePatchFields - Security_Detections_API_ThresholdRuleRequiredFields: - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string - required: - - type - - query - - threshold - Security_Detections_API_ThresholdRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_ThresholdRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields - Security_Detections_API_ThresholdValue: - description: Threshold value - minimum: 1 - type: integer - Security_Detections_API_ThrottleForBulkActions: - description: >- - The condition for throttling the notification: 'rule', 'no_actions', or - time duration - enum: - - rule - - 1h - - 1d - - 7d - type: string - Security_Detections_API_TiebreakerField: - description: Sets a secondary field for sorting events - type: string - Security_Detections_API_TimelineTemplateId: - description: Timeline template ID - type: string - Security_Detections_API_TimelineTemplateTitle: - description: Timeline template title - type: string - Security_Detections_API_TimestampField: - description: Contains the event timestamp used for sorting a sequence of events - type: string - Security_Detections_API_TimestampOverride: - description: Sets the time field used to query indices - type: string - Security_Detections_API_TimestampOverrideFallbackDisabled: - description: Disables the fallback to the event's @timestamp field - type: boolean - Security_Detections_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Detections_API_WarningSchema: - type: object - properties: - actionPath: - type: string - buttonLabel: - type: string - message: - type: string - type: - type: string - required: - - type - - message - - actionPath - Security_Endpoint_Exceptions_API_EndpointList: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' - - additionalProperties: false - type: object - Security_Endpoint_Exceptions_API_EndpointListItem: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' - Security_Endpoint_Exceptions_API_ExceptionList: - type: object - properties: - _version: - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId - immutable: - type: boolean - list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType - updated_at: - format: date-time - type: string - updated_by: - type: string - version: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion - required: - - id - - list_id - - type - - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Endpoint_Exceptions_API_ExceptionListDescription: - type: string - Security_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` - Security_Endpoint_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItem: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - updated_at: - format: date-time - type: string - updated_by: - type: string - required: - - id - - item_id - - list_id - - type - - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Endpoint_Exceptions_API_ExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - created_at: - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - updated_at: - format: date-time - type: string - updated_by: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - required: - - id - - comment - - created_at - - created_by - Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Endpoint_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - exists - type: string - required: - - type - - field - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryList: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - list - type: string - required: - - type - - field - - list - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match - type: string - value: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any - type: string - value: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - minItems: 1 - type: array - required: - - type - - field - - value - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard - type: string - value: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested: - type: object - properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - type: - enum: - - nested - type: string - required: - - type - - field - - entries - Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemTags: - items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Endpoint_Exceptions_API_ExceptionListMeta: - additionalProperties: true - type: object - Security_Endpoint_Exceptions_API_ExceptionListName: - type: string - Security_Endpoint_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Endpoint_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Endpoint_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Endpoint_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Endpoint_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Endpoint_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Endpoint_Exceptions_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Endpoint_Exceptions_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Endpoint_Management_API_ActionLogRequestQuery: - type: object - properties: - end_date: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - page_size: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' - start_date: - $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' - Security_Endpoint_Management_API_ActionStateSuccessResponse: - type: object - properties: - body: - type: object - properties: - data: - type: object - properties: - canEncrypt: - type: boolean - required: - - data - required: - - body - Security_Endpoint_Management_API_ActionStatusSuccessResponse: - type: object - properties: - body: - type: object - properties: - data: - type: object - properties: - agent_id: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AgentId - pending_actions: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema - required: - - agent_id - - pending_actions - required: - - data - required: - - body - Security_Endpoint_Management_API_AgentId: - description: Agent ID - type: string - Security_Endpoint_Management_API_AgentIds: - minLength: 1 - oneOf: - - items: - minLength: 1 - type: string - maxItems: 50 - minItems: 1 - type: array - - minLength: 1 - type: string - Security_Endpoint_Management_API_AgentTypes: - enum: - - endpoint - - sentinel_one - - crowdstrike - type: string - Security_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' - minItems: 1 - type: array - Security_Endpoint_Management_API_CaseIds: - description: Case IDs to be updated (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Endpoint_Management_API_Command: - description: The command to be executed (cannot be an empty string) - enum: - - isolate - - unisolate - - kill-process - - suspend-process - - running-processes - - get-file - - execute - - upload - - scan - minLength: 1 - type: string - Security_Endpoint_Management_API_Commands: - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' - type: array - Security_Endpoint_Management_API_Comment: - description: Optional comment - type: string - Security_Endpoint_Management_API_EndDate: - description: End date - type: string - Security_Endpoint_Management_API_EndpointIds: - description: List of endpoint IDs (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Endpoint_Management_API_EntityId: - type: object - properties: - entity_id: - minLength: 1 - type: string - Security_Endpoint_Management_API_ExecuteRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - command: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Command - timeout: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Timeout - required: - - command - required: - - parameters - Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: - type: object - properties: - agentIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' - agentTypes: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - commands: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' - endDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' - types: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' - userIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' - withOutputs: - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' - Security_Endpoint_Management_API_GetFileRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Endpoint_Management_API_GetProcessesRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema - Security_Endpoint_Management_API_IsolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema - Security_Endpoint_Management_API_KillProcessRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId - - type: object - properties: - process_name: - description: Valid for SentinelOne agent type only - minLength: 1 - type: string - required: - - parameters - Security_Endpoint_Management_API_ListRequestQuery: - type: object - properties: - hostStatuses: - items: - enum: - - healthy - - offline - - updating - - inactive - - unenrolled - type: string - type: array - kuery: - nullable: true - type: string - page: - default: 0 - description: Page number - minimum: 0 - type: integer - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - sortDirection: - enum: - - asc - - desc - nullable: true - type: string - sortField: - enum: - - enrolled_at - - metadata.host.hostname - - host_status - - metadata.Endpoint.policy.applied.name - - metadata.Endpoint.policy.applied.status - - metadata.host.os.name - - metadata.host.ip - - metadata.agent.version - - last_checkin - type: string - required: - - hostStatuses - Security_Endpoint_Management_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Endpoint_Management_API_NoParametersRequestSchema: - type: object - properties: - body: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - required: - - body - Security_Endpoint_Management_API_Page: - default: 1 - description: Page number - minimum: 1 - type: integer - Security_Endpoint_Management_API_PageSize: - default: 10 - description: Number of items per page - maximum: 100 - minimum: 1 - type: integer - Security_Endpoint_Management_API_Parameters: - description: Optional parameters object - type: object - Security_Endpoint_Management_API_PendingActionDataType: - type: integer - Security_Endpoint_Management_API_PendingActionsSchema: - oneOf: - - type: object - properties: - execute: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - get-file: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - isolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - kill-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - running-processes: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - scan: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - suspend-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - unisolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - upload: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - - additionalProperties: true - type: object - Security_Endpoint_Management_API_Pid: - type: object - properties: - pid: - minimum: 1 - type: integer - Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: - type: object - properties: - note: - type: string - Security_Endpoint_Management_API_ScanRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Endpoint_Management_API_StartDate: - description: Start date - type: string - Security_Endpoint_Management_API_SuccessResponse: - type: object - properties: {} - Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId - required: - - parameters - Security_Endpoint_Management_API_Timeout: - description: The maximum timeout value in milliseconds (optional) - minimum: 1 - type: integer - Security_Endpoint_Management_API_Type: - description: Type of response action - enum: - - automated - - manual - type: string - Security_Endpoint_Management_API_Types: - description: List of types of response actions - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' - maxLength: 2 - minLength: 1 - type: array - Security_Endpoint_Management_API_UnisolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema - Security_Endpoint_Management_API_UploadRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - file: - format: binary - type: string - parameters: - type: object - properties: - overwrite: - default: false - type: boolean - required: - - parameters - - file - Security_Endpoint_Management_API_UserIds: - description: User IDs - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string - Security_Endpoint_Management_API_WithOutputs: - description: Shows detailed outputs for an action response - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string - Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: - type: object - properties: - index: - type: integer - message: - type: string - required: - - message - - index - Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats: - type: object - properties: - failed: - type: integer - successful: - type: integer - total: - type: integer - required: - - successful - - failed - - total - Security_Entity_Analytics_API_AssetCriticalityLevel: - description: The criticality level of the asset. - enum: - - low_impact - - medium_impact - - high_impact - - extreme_impact - type: string - Security_Entity_Analytics_API_AssetCriticalityRecord: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts - - type: object - properties: - '@timestamp': - description: The time the record was created or updated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - required: - - '@timestamp' - Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - asset - host: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - name: - type: string - required: - - name - user: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - name: - type: string - required: - - name - required: - - asset - Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: - type: object - properties: - id_field: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - description: The field representing the ID. - example: host.name - id_value: - description: The ID value of the asset. - type: string - required: - - id_value - - id_field - Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse: - type: object - properties: - cleanup_successful: - example: false - type: boolean - errors: - items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error - type: array - required: - - cleanup_successful - - errors - Security_Entity_Analytics_API_CreateAssetCriticalityRecord: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts - - type: object - properties: - criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality_level - Security_Entity_Analytics_API_EngineDataviewUpdateResult: - type: object - properties: - changes: - type: object - properties: - indexPatterns: - items: - type: string - type: array - type: - type: string - required: - - type - Security_Entity_Analytics_API_EngineDescriptor: - type: object - properties: - fieldHistoryLength: - type: integer - filter: - type: string - indexPattern: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' - status: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' - type: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - required: - - type - - indexPattern - - status - - fieldHistoryLength - Security_Entity_Analytics_API_EngineStatus: - enum: - - installing - - started - - stopped - - updating - - error - type: string - Security_Entity_Analytics_API_Entity: - oneOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity' - - $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity' - Security_Entity_Analytics_API_EntityRiskLevels: - enum: - - Unknown - - Low - - Moderate - - High - - Critical - type: string - Security_Entity_Analytics_API_EntityRiskScoreRecord: - type: object - properties: - '@timestamp': - description: The time at which the risk score was calculated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - calculated_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' - description: Lexical description of the entity's risk. - example: Critical - calculated_score: - description: The raw numeric value of the given entity's risk score. - format: double - type: number - calculated_score_norm: - description: >- - The normalized numeric value of the given entity's risk score. - Useful for comparing with other entities. - format: double - maximum: 100 - minimum: 0 - type: number - category_1_count: - description: >- - The number of risk input documents that contributed to the Category - 1 score (`category_1_score`). - format: integer - type: number - category_1_score: - description: >- - The contribution of Category 1 to the overall risk score - (`calculated_score`). Category 1 contains Detection Engine Alerts. - format: double - type: number - category_2_count: - format: integer - type: number - category_2_score: - format: double - type: number - criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - criticality_modifier: - format: double - type: number - id_field: - description: >- - The identifier field defining this risk score. Coupled with - `id_value`, uniquely identifies the entity being scored. - example: host.name - type: string - id_value: - description: >- - The identifier value defining this risk score. Coupled with - `id_field`, uniquely identifies the entity being scored. - example: example.host - type: string - inputs: - description: >- - A list of the highest-risk documents contributing to this risk - score. Useful for investigative purposes. - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput' - type: array - notes: - items: - type: string - type: array - required: - - '@timestamp' - - id_field - - id_value - - calculated_level - - calculated_score - - calculated_score_norm - - category_1_score - - category_1_count - - inputs - - notes - Security_Entity_Analytics_API_EntityType: - enum: - - user - - host - type: string - Security_Entity_Analytics_API_HostEntity: - type: object - properties: - '@timestamp': - format: date-time - type: string - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - entity: - type: object - properties: - name: - type: string - source: - type: string - required: - - name - - source - host: - type: object - properties: - architecture: - items: - type: string - type: array - domain: - items: - type: string - type: array - hostname: - items: - type: string - type: array - id: - items: - type: string - type: array - ip: - items: - type: string - type: array - mac: - items: - type: string - type: array - name: - type: string - risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord - type: - items: - type: string - type: array - required: - - name - required: - - '@timestamp' - - host - - entity - Security_Entity_Analytics_API_IdField: - enum: - - host.name - - user.name - type: string - Security_Entity_Analytics_API_IndexPattern: - type: string - Security_Entity_Analytics_API_InspectQuery: - type: object - properties: - dsl: - items: - type: string - type: array - response: - items: - type: string - type: array - required: - - dsl - - response - Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: - type: object - properties: - full_error: - type: string - message: - type: string - required: - - message - - full_error - Security_Entity_Analytics_API_RiskEngineScheduleNowResponse: - type: object - properties: - success: - type: boolean - Security_Entity_Analytics_API_RiskScoreInput: - description: A generic representation of a document contributing to a Risk Score. - type: object - properties: - category: - description: The risk category of the risk input document. - example: category_1 - type: string - contribution_score: - format: double - type: number - description: - description: A human-readable description of the risk input document. - example: 'Generated from Detection Engine Rule: Malware Prevention Alert' - type: string - id: - description: The unique identifier (`_id`) of the original source document - example: 91a93376a507e86cfbf282166275b89f9dbdb1f0be6c8103c6ff2909ca8e1a1c - type: string - index: - description: The unique index (`_index`) of the original source document - example: .internal.alerts-security.alerts-default-000001 - type: string - risk_score: - description: The weighted risk score of the risk input document. - format: double - maximum: 100 - minimum: 0 - type: number - timestamp: - description: The @timestamp of the risk input document. - example: '2017-07-21T17:32:28Z' - type: string - required: - - id - - index - - description - - category - Security_Entity_Analytics_API_TaskManagerUnavailableResponse: - description: Task manager is unavailable - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message - Security_Entity_Analytics_API_UserEntity: - type: object - properties: - '@timestamp': - format: date-time - type: string - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - entity: - type: object - properties: - name: - type: string - source: - type: string - required: - - name - - source - user: - type: object - properties: - domain: - items: - type: string - type: array - email: - items: - type: string - type: array - full_name: - items: - type: string - type: array - hash: - items: - type: string - type: array - id: - items: - type: string - type: array - name: - type: string - risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord - roles: - items: - type: string - type: array - required: - - name - required: - - '@timestamp' - - user - - entity - Security_Exceptions_API_CreateExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - comment - Security_Exceptions_API_CreateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment - type: array - Security_Exceptions_API_CreateRuleExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - comment - Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment - type: array - Security_Exceptions_API_CreateRuleExceptionListItemProps: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - default: [] - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' - required: - - type - - name - - description - - entries - Security_Exceptions_API_ExceptionList: - type: object - properties: - _version: - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - immutable: - type: boolean - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' - updated_at: - format: date-time - type: string - updated_by: - type: string - version: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' - required: - - id - - list_id - - type - - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Exceptions_API_ExceptionListDescription: - type: string - Security_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` - Security_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItem: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' - updated_at: - format: date-time - type: string - updated_by: - type: string - required: - - id - - item_id - - list_id - - type - - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Exceptions_API_ExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - created_at: - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - updated_at: - format: date-time - type: string - updated_by: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - id - - comment - - created_at - - created_by - Security_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' - type: array - Security_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntry' - type: array - Security_Exceptions_API_ExceptionListItemEntryExists: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - exists - type: string - required: - - type - - field - - operator - Security_Exceptions_API_ExceptionListItemEntryList: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Exceptions_API_ListType' - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - list - type: string - required: - - type - - field - - list - - operator - Security_Exceptions_API_ExceptionListItemEntryMatch: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match - type: string - value: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Exceptions_API_ExceptionListItemEntryMatchAny: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any - type: string - value: - items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - minItems: 1 - type: array - required: - - type - - field - - value - - operator - Security_Exceptions_API_ExceptionListItemEntryMatchWildcard: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard - type: string - value: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Exceptions_API_ExceptionListItemEntryNested: - type: object - properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - type: - enum: - - nested - type: string - required: - - type - - field - - entries - Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - Security_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' - type: array - Security_Exceptions_API_ExceptionListItemTags: - items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - type: array - Security_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Exceptions_API_ExceptionListMeta: - additionalProperties: true - type: object - Security_Exceptions_API_ExceptionListName: - type: string - Security_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' - type: array - Security_Exceptions_API_ExceptionListsImportBulkError: - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - required: - - error - Security_Exceptions_API_ExceptionListsImportBulkErrorArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError - type: array - Security_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Exceptions_API_FindExceptionListItemsFilter: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_FindExceptionListsFilter: - type: string - Security_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Exceptions_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Exceptions_API_RuleId: - $ref: '#/components/schemas/Security_Exceptions_API_UUID' - Security_Exceptions_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Exceptions_API_UpdateExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - comment - Security_Exceptions_API_UpdateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment - type: array - Security_Exceptions_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_FindListItemsFilter: - type: string - Security_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_FindListsFilter: - type: string - Security_Lists_API_List: - type: object - properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - immutable: - type: boolean - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - updated_at: - format: date-time - type: string - updated_by: - type: string - version: - minimum: 1 - type: integer - required: - - id - - type - - name - - description - - immutable - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListItem: - type: object - properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - serializer: - type: string - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - updated_at: - format: date-time - type: string - updated_by: - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - type - - list_id - - value - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListItemMetadata: - additionalProperties: true - type: object - Security_Lists_API_ListItemPrivileges: - type: object - properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean - type: object - has_all_requested: - type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - username: - type: string - required: - - username - - has_all_requested - - cluster - - index - - application - Security_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListMetadata: - additionalProperties: true - type: object - Security_Lists_API_ListName: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListPrivileges: - type: object - properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean - type: object - has_all_requested: - type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - username: - type: string - required: - - username - - has_all_requested - - cluster - - index - - application - Security_Lists_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Lists_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Lists_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Lists_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Osquery_API_ArrayQueries: - items: - $ref: '#/components/schemas/Security_Osquery_API_ArrayQueriesItem' - type: array - Security_Osquery_API_ArrayQueriesItem: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_Id' - platform: - $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_Query' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_CreateLiveQueryRequestBody: - type: object - properties: - agent_all: - type: boolean - agent_ids: - items: - type: string - type: array - agent_platforms: - items: - type: string - type: array - agent_policy_ids: - items: - type: string - type: array - alert_ids: - items: - type: string - type: array - case_ids: - items: - type: string - type: array - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - event_ids: - items: - type: string - type: array - metadata: - nullable: true - type: object - pack_id: - $ref: '#/components/schemas/Security_Osquery_API_PackIdOrUndefined' - queries: - $ref: '#/components/schemas/Security_Osquery_API_ArrayQueries' - query: - $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' - saved_query_id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' - Security_Osquery_API_CreatePacksRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - enabled: - $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' - name: - $ref: '#/components/schemas/Security_Osquery_API_PackName' - policy_ids: - $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' - queries: - $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Osquery_API_Shards' - Security_Osquery_API_CreateSavedQueryRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - interval: - $ref: '#/components/schemas/Security_Osquery_API_Interval' - platform: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_DefaultSuccessResponse: - type: object - properties: {} - Security_Osquery_API_Description: - type: string - Security_Osquery_API_DescriptionOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Description' - nullable: true - Security_Osquery_API_ECSMapping: - additionalProperties: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem' - type: object - Security_Osquery_API_ECSMappingItem: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array - Security_Osquery_API_ECSMappingOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' - nullable: true - Security_Osquery_API_Enabled: - type: boolean - Security_Osquery_API_EnabledOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Enabled' - nullable: true - Security_Osquery_API_FindLiveQueryRequestQuery: - type: object - properties: - kuery: - $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_FindPacksRequestQuery: - type: object - properties: - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_FindSavedQueryRequestQuery: - type: object - properties: - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_GetLiveQueryResultsRequestQuery: - type: object - properties: - kuery: - $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_Id: - type: string - Security_Osquery_API_Interval: - type: string - Security_Osquery_API_IntervalOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Interval' - nullable: true - Security_Osquery_API_KueryOrUndefined: - nullable: true - type: string - Security_Osquery_API_ObjectQueries: - additionalProperties: - $ref: '#/components/schemas/Security_Osquery_API_ObjectQueriesItem' - type: object - Security_Osquery_API_ObjectQueriesItem: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_Id' - platform: - $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_Query' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - saved_query_id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_PackId: - type: string - Security_Osquery_API_PackIdOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - nullable: true - Security_Osquery_API_PackName: - type: string - Security_Osquery_API_PageOrUndefined: - nullable: true - type: integer - Security_Osquery_API_PageSizeOrUndefined: - nullable: true - type: integer - Security_Osquery_API_Platform: - type: string - Security_Osquery_API_PlatformOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Platform' - nullable: true - Security_Osquery_API_PolicyIds: - items: - type: string - type: array - Security_Osquery_API_PolicyIdsOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_PolicyIds' - nullable: true - Security_Osquery_API_Query: - type: string - Security_Osquery_API_QueryOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Query' - nullable: true - Security_Osquery_API_Removed: - type: boolean - Security_Osquery_API_RemovedOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Removed' - nullable: true - Security_Osquery_API_SavedQueryId: - type: string - Security_Osquery_API_SavedQueryIdOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - nullable: true - Security_Osquery_API_Shards: - additionalProperties: - type: number - type: object - Security_Osquery_API_Snapshot: - type: boolean - Security_Osquery_API_SnapshotOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Snapshot' - nullable: true - Security_Osquery_API_SortOrderOrUndefined: - oneOf: - - nullable: true - type: string - - enum: - - asc - - desc - Security_Osquery_API_SortOrUndefined: - nullable: true - type: string - Security_Osquery_API_UpdatePacksRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - enabled: - $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - policy_ids: - $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' - queries: - $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Osquery_API_Shards' - Security_Osquery_API_UpdateSavedQueryRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - interval: - $ref: '#/components/schemas/Security_Osquery_API_IntervalOrUndefined' - platform: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_Version: - type: string - Security_Osquery_API_VersionOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Version' - nullable: true - Security_Timeline_API_AssociatedFilterType: - description: Filter notes based on their association with a document or saved object. - enum: - - all - - document_only - - saved_object_only - - document_and_saved_object - - orphan - type: string - Security_Timeline_API_BareNote: - type: object - properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - nullable: true - type: string - note: - nullable: true - type: string - timelineId: - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - required: - - timelineId - Security_Timeline_API_BarePinnedEvent: - type: object - properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - type: string - timelineId: - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - required: - - eventId - - timelineId - Security_Timeline_API_ColumnHeaderResult: - type: object - properties: - aggregatable: - nullable: true - type: boolean - category: - nullable: true - type: string - columnHeaderType: - nullable: true - type: string - description: - nullable: true - type: string - example: - nullable: true - type: string - id: - nullable: true - type: string - indexes: - items: - type: string - nullable: true - type: array - name: - nullable: true - type: string - placeholder: - nullable: true - type: string - searchable: - nullable: true - type: boolean - type: - nullable: true - type: string - Security_Timeline_API_DataProviderQueryMatch: - type: object - properties: - enabled: - nullable: true - type: boolean - excluded: - nullable: true - type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' - nullable: true - type: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' - nullable: true - Security_Timeline_API_DataProviderResult: - type: object - properties: - and: - items: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderQueryMatch' - nullable: true - type: array - enabled: - nullable: true - type: boolean - excluded: - nullable: true - type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' - nullable: true - type: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' - nullable: true - Security_Timeline_API_DataProviderType: - description: >- - The type of data provider to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string - Security_Timeline_API_DocumentIds: - oneOf: - - items: - type: string - type: array - - type: string - Security_Timeline_API_FavoriteTimelineResponse: - type: object - properties: - code: - nullable: true - type: number - favorite: - items: - $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' - type: array - message: - nullable: true - type: string - savedObjectId: - type: string - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - version: - type: string - required: - - savedObjectId - - version - Security_Timeline_API_FavoriteTimelineResult: - type: object - properties: - favoriteDate: - nullable: true - type: number - fullName: - nullable: true - type: string - userName: - nullable: true - type: string - Security_Timeline_API_FilterTimelineResult: - type: object - properties: - exists: - nullable: true - type: string - match_all: - nullable: true - type: string - meta: - nullable: true - type: object - properties: - alias: - nullable: true - type: string - controlledBy: - nullable: true - type: string - disabled: - nullable: true - type: boolean - field: - nullable: true - type: string - formattedValue: - nullable: true - type: string - index: - nullable: true - type: string - key: - nullable: true - type: string - negate: - nullable: true - type: boolean - params: - nullable: true - type: string - type: - nullable: true - type: string - value: - nullable: true - type: string - missing: - nullable: true - type: string - query: - nullable: true - type: string - range: - nullable: true - type: string - script: - nullable: true - type: string - Security_Timeline_API_GetNotesResult: - type: object - properties: - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - type: array - totalCount: - type: number - required: - - totalCount - - notes - Security_Timeline_API_ImportTimelineResult: - type: object - properties: - errors: - items: - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - type: number - id: - type: string - type: array - success: - type: boolean - success_count: - type: number - timelines_installed: - type: number - timelines_updated: - type: number - Security_Timeline_API_ImportTimelines: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - globalNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - savedObjectId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - savedObjectId - - version - - pinnedEventIds - - eventNotes - - globalNotes - Security_Timeline_API_Note: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - - type: object - properties: - noteId: - type: string - version: - type: string - required: - - noteId - - version - Security_Timeline_API_PersistPinnedEventResponse: - oneOf: - - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - $ref: >- - #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody - - nullable: true - type: object - Security_Timeline_API_PersistTimelineResponse: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' - required: - - timeline - required: - - persistTimeline - required: - - data - Security_Timeline_API_PinnedEvent: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' - - type: object - properties: - pinnedEventId: - type: string - version: - type: string - required: - - pinnedEventId - - version - Security_Timeline_API_PinnedEventBaseResponseBody: - type: object - properties: - code: - type: number - message: - type: string - required: - - code - Security_Timeline_API_QueryMatchResult: - type: object - properties: - displayField: - nullable: true - type: string - displayValue: - nullable: true - type: string - field: - nullable: true - type: string - operator: - nullable: true - type: string - value: - oneOf: - - nullable: true - type: string - - items: - type: string - nullable: true - type: array - Security_Timeline_API_ResolvedTimeline: - type: object - properties: - alias_purpose: - $ref: >- - #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose - alias_target_id: - type: string - outcome: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome' - timeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject - required: - - timeline - - outcome - Security_Timeline_API_ResponseNote: - type: object - properties: - code: - type: number - message: - type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_Note' - required: - - code - - message - - note - Security_Timeline_API_RowRendererId: - enum: - - alert - - alerts - - auditd - - auditd_file - - library - - netflow - - plain - - registry - - suricata - - system - - system_dns - - system_endgame_process - - system_file - - system_fim - - system_security_event - - system_socket - - threat_match - - zeek - type: string - Security_Timeline_API_SavedObjectIds: - oneOf: - - items: - type: string - type: array - - type: string - Security_Timeline_API_SavedObjectResolveAliasPurpose: - enum: - - savedObjectConversion - - savedObjectImport - type: string - Security_Timeline_API_SavedObjectResolveOutcome: - enum: - - exactMatch - - aliasMatch - - conflict - type: string - Security_Timeline_API_SavedTimeline: - type: object - properties: - columns: - items: - $ref: '#/components/schemas/Security_Timeline_API_ColumnHeaderResult' - nullable: true - type: array - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - dataProviders: - items: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderResult' - nullable: true - type: array - dataViewId: - nullable: true - type: string - dateRange: - nullable: true - type: object - properties: - end: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - start: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - description: - nullable: true - type: string - eqlOptions: - nullable: true - type: object - properties: - eventCategoryField: - nullable: true - type: string - query: - nullable: true - type: string - size: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - tiebreakerField: - nullable: true - type: string - timestampField: - nullable: true - type: string - eventType: - nullable: true - type: string - excludedRowRendererIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_RowRendererId' - nullable: true - type: array - favorite: - items: - $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' - nullable: true - type: array - filters: - items: - $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult' - nullable: true - type: array - indexNames: - items: - type: string - nullable: true - type: array - kqlMode: - nullable: true - type: string - kqlQuery: - $ref: >- - #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult - nullable: true - savedQueryId: - nullable: true - type: string - savedSearchId: - nullable: true - type: string - sort: - $ref: '#/components/schemas/Security_Timeline_API_Sort' - nullable: true - status: - enum: - - active - - draft - - immutable - nullable: true - type: string - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - title: - nullable: true - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - Security_Timeline_API_SavedTimelineWithSavedObjectId: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version - Security_Timeline_API_SerializedFilterQueryResult: - type: object - properties: - filterQuery: - nullable: true - type: object - properties: - kuery: - nullable: true - type: object - properties: - expression: - nullable: true - type: string - kind: - nullable: true - type: string - serializedQuery: - nullable: true - type: string - Security_Timeline_API_Sort: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - - items: - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - type: array - Security_Timeline_API_SortFieldTimeline: - description: The field to sort the timelines by. - enum: - - title - - description - - updated - - created - type: string - Security_Timeline_API_SortObject: - type: object - properties: - columnId: - nullable: true - type: string - columnType: - nullable: true - type: string - sortDirection: - nullable: true - type: string - Security_Timeline_API_TimelineResponse: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - $ref: >- - #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - items: - type: string - nullable: true - type: array - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array - Security_Timeline_API_TimelineSavedToReturnObject: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - items: - type: string - nullable: true - type: array - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version - Security_Timeline_API_TimelineStatus: - description: >- - The status of the timeline. Valid values are `active`, `draft`, and - `immutable`. - enum: - - active - - draft - - immutable - type: string - Security_Timeline_API_TimelineType: - description: >- - The type of timeline to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string - Serverless_saved_objects_400_response: - title: Bad request - type: object - properties: - error: - enum: - - Bad Request - type: string - message: - type: string - statusCode: - enum: - - 400 - type: integer - required: - - error - - message - - statusCode - SLOs_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: - example: 'Invalid value ''foo'' supplied to: [...]' - type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - SLOs_401_response: - title: Unauthorized - type: object - properties: - error: - example: Unauthorized - type: string - message: - example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" - type: string - statusCode: - example: 401 - type: number - required: - - statusCode - - error - - message - SLOs_403_response: - title: Unauthorized - type: object - properties: - error: - example: Unauthorized - type: string - message: - example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" - type: string - statusCode: - example: 403 - type: number - required: - - statusCode - - error - - message - SLOs_404_response: - title: Not found - type: object - properties: - error: - example: Not Found - type: string - message: - example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found - type: string - statusCode: - example: 404 - type: number - required: - - statusCode - - error - - message - SLOs_409_response: - title: Conflict - type: object - properties: - error: - example: Conflict - type: string - message: - example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists - type: string - statusCode: - example: 409 - type: number - required: - - statusCode - - error - - message - SLOs_budgeting_method: - description: The budgeting method to use when computing the rollup data. - enum: - - occurrences - - timeslices - example: occurrences - title: Budgeting method - type: string - SLOs_create_slo_request: - description: > - The create SLO API request body varies depending on the type of - indicator, time window and budgeting method. - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - description: - description: A description for the SLO. - type: string - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - id: - description: >- - A optional and unique identifier for the SLO. Must be between 8 and - 36 chars - example: my-super-slo-id - type: string - indicator: - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - name: - description: A name for the SLO. - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - required: - - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - title: Create SLO request - type: object - SLOs_create_slo_response: - title: Create SLO response - type: object - properties: - id: - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - required: - - id - SLOs_delete_slo_instances_request: - description: > - The delete SLO instances request takes a list of SLO id and instance id, - then delete the rollup and summary data. This API can be used to remove - the staled data of an instance SLO that no longer get updated. - properties: - list: - description: An array of slo id and instance id - items: - type: object - properties: - instanceId: - description: The SLO instance identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - sloId: - description: The SLO unique identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - required: - - sloId - - instanceId - type: array - required: - - list - title: Delete SLO instances request - type: object - SLOs_error_budget: - title: Error budget - type: object - properties: - consumed: - description: The error budget consummed, as a percentage of the initial value. - example: 0.8 - type: number - initial: - description: The initial error budget, as 1 - objective - example: 0.02 - type: number - isEstimated: - description: >- - Only for SLO defined with occurrences budgeting method and calendar - aligned time window. - example: true - type: boolean - remaining: - description: The error budget remaining, as a percentage of the initial value. - example: 0.2 - type: number - required: - - initial - - consumed - - remaining - - isEstimated - SLOs_filter: - description: Defines properties for a filter - properties: - meta: - $ref: '#/components/schemas/SLOs_filter_meta' - query: - type: object - title: Filter - type: object - SLOs_filter_meta: - description: Defines properties for a filter - properties: - alias: - nullable: true - type: string - controlledBy: - type: string - disabled: - type: boolean - field: - type: string - group: - type: string - index: - type: string - isMultiIndex: - type: boolean - key: - type: string - negate: - type: boolean - params: - type: object - type: - type: string - value: - type: string - title: FilterMeta - type: object - SLOs_find_slo_response: - description: | - A paginated response of SLOs matching the query. - properties: - page: - example: 1 - type: number - perPage: - example: 25 - type: number - results: - items: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - type: array - total: - example: 34 - type: number - title: Find SLO response - type: object - SLOs_group_by: - description: >- - optional group by field or fields to use to generate an SLO per distinct - value - example: - - - service.name - - service.name - - - service.name - - service.environment - oneOf: - - type: string - - items: - type: string - type: array - title: Group by - SLOs_indicator_properties_apm_availability: - description: Defines properties for the APM availability indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index - type: - description: The type of indicator. - example: sli.apm.transactionDuration - type: string - required: - - type - - params - title: APM availability - SLOs_indicator_properties_apm_latency: - description: Defines properties for the APM latency indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - threshold: - description: The latency threshold in milliseconds - example: 250 - type: number - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index - - threshold - type: - description: The type of indicator. - example: sli.apm.transactionDuration - type: string - required: - - type - - params - title: APM latency - SLOs_indicator_properties_custom_kql: - description: Defines properties for a custom query indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - $ref: '#/components/schemas/SLOs_kql_with_filters' - good: - $ref: '#/components/schemas/SLOs_kql_with_filters_good' - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - $ref: '#/components/schemas/SLOs_kql_with_filters_total' - required: - - index - - timestampField - - good - - total - type: - description: The type of indicator. - example: sli.kql.custom - type: string - required: - - type - - params - title: Custom Query - SLOs_indicator_properties_custom_metric: - description: Defines properties for a custom metric indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "good" metric. - example: A - type: string - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - items: - type: object - properties: - aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - type: array - required: - - metrics - - equation - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "total" metric. - example: A - type: string - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - items: - type: object - properties: - aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - type: array - required: - - metrics - - equation - required: - - index - - timestampField - - good - - total - type: - description: The type of indicator. - example: sli.metric.custom - type: string - required: - - type - - params - title: Custom metric - SLOs_indicator_properties_histogram: - description: Defines properties for a histogram indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for good events. - example: 'processor.outcome: "success"' - type: string - from: - description: >- - The starting value of the range. Only required for "range" - aggregations. - example: 0 - type: number - to: - description: >- - The ending value of the range. Only required for "range" - aggregations. - example: 100 - type: number - required: - - aggregation - - field - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for total events. - example: 'processor.outcome : *' - type: string - from: - description: >- - The starting value of the range. Only required for "range" - aggregations. - example: 0 - type: number - to: - description: >- - The ending value of the range. Only required for "range" - aggregations. - example: 100 - type: number - required: - - aggregation - - field - required: - - index - - timestampField - - good - - total - type: - description: The type of indicator. - example: sli.histogram.custom - type: string - required: - - type - - params - title: Histogram indicator - SLOs_indicator_properties_timeslice_metric: - description: Defines properties for a timeslice metric indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - index: - description: The index or index pattern to use - example: my-service-* - type: string - metric: - description: > - An object defining the metrics, equation, and threshold to - determine if it's a good slice or not - type: object - properties: - comparator: - description: >- - The comparator to use to compare the equation to the - threshold. - enum: - - GT - - GTE - - LT - - LTE - example: GT - type: string - equation: - description: The equation to calculate the metric. - example: A - type: string - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - items: - anyOf: - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_percentile_metric - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_doc_count_metric - type: array - threshold: - description: >- - The threshold used to determine if the metric is a good - slice or not. - example: 100 - type: number - required: - - metrics - - equation - - comparator - - threshold - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - required: - - index - - timestampField - - metric - type: - description: The type of indicator. - example: sli.metric.timeslice - type: string - required: - - type - - params - title: Timeslice metric - SLOs_kql_with_filters: - description: Defines properties for a filter - oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string - title: KQL with filters - SLOs_kql_with_filters_good: - description: The KQL query used to define the good events. - oneOf: - - description: the KQL query to filter the documents with. - example: 'request.latency <= 150 and request.status_code : "2xx"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string - title: KQL query for good events - SLOs_kql_with_filters_total: - description: The KQL query used to define all events. - oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string - title: KQL query for all events - SLOs_objective: - description: Defines properties for the SLO objective - type: object - properties: - target: - description: the target objective between 0 and 1 excluded - example: 0.99 - exclusiveMaximum: true - exclusiveMinimum: true - maximum: 100 - minimum: 0 - type: number - timesliceTarget: - description: >- - the target objective for each slice when using a timeslices - budgeting method - example: 0.995 - maximum: 100 - minimum: 0 - type: number - timesliceWindow: - description: >- - the duration of each slice when using a timeslices budgeting method, - as {duraton}{unit} - example: 5m - type: string - required: - - target - title: Objective - SLOs_settings: - description: Defines properties for SLO settings. - properties: - frequency: - default: 1m - description: Configure how often the transform runs, default 1m - example: 5m - type: string - preventInitialBackfill: - default: false - description: Prevents the transform from backfilling data when it starts. - example: true - type: boolean - syncDelay: - default: 1m - description: The synch delay to apply to the transform. Default 1m - example: 5m - type: string - title: Settings - type: object - SLOs_slo_definition_response: - title: SLO definition response - type: object - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - createdAt: - description: The creation date - example: '2023-01-12T10:03:19.000Z' - type: string - description: - description: The description of the SLO. - example: My SLO description - type: string - enabled: - description: Indicate if the SLO is enabled - example: true - type: boolean - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - id: - description: The identifier of the SLO. - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - indicator: - discriminator: - mapping: - sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' - sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' - sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' - sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' - sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' - sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - propertyName: type - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - name: - description: The name of the SLO. - example: My Service SLO - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - revision: - description: The SLO revision - example: 2 - type: number - settings: - $ref: '#/components/schemas/SLOs_settings' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - updatedAt: - description: The last update date - example: '2023-01-12T10:03:19.000Z' - type: string - version: - description: The internal SLO version - example: 2 - type: number - required: - - id - - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - - settings - - revision - - enabled - - groupBy - - tags - - createdAt - - updatedAt - - version - SLOs_slo_with_summary_response: - title: SLO response - type: object - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - createdAt: - description: The creation date - example: '2023-01-12T10:03:19.000Z' - type: string - description: - description: The description of the SLO. - example: My SLO description - type: string - enabled: - description: Indicate if the SLO is enabled - example: true - type: boolean - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - id: - description: The identifier of the SLO. - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - indicator: - discriminator: - mapping: - sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' - sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' - sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' - sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' - sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' - sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - propertyName: type - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - instanceId: - description: the value derived from the groupBy field, if present, otherwise '*' - example: host-abcde - type: string - name: - description: The name of the SLO. - example: My Service SLO - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - revision: - description: The SLO revision - example: 2 - type: number - settings: - $ref: '#/components/schemas/SLOs_settings' - summary: - $ref: '#/components/schemas/SLOs_summary' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - updatedAt: - description: The last update date - example: '2023-01-12T10:03:19.000Z' - type: string - version: - description: The internal SLO version - example: 2 - type: number - required: - - id - - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - - settings - - revision - - summary - - enabled - - groupBy - - instanceId - - tags - - createdAt - - updatedAt - - version - SLOs_summary: - description: The SLO computed data - properties: - errorBudget: - $ref: '#/components/schemas/SLOs_error_budget' - sliValue: - example: 0.9836 - type: number - status: - $ref: '#/components/schemas/SLOs_summary_status' - required: - - status - - sliValue - - errorBudget - title: Summary - type: object - SLOs_summary_status: - enum: - - NO_DATA - - HEALTHY - - DEGRADING - - VIOLATED - example: HEALTHY - title: summary status - type: string - SLOs_time_window: - description: Defines properties for the SLO time window - type: object - properties: - duration: - description: >- - the duration formatted as {duration}{unit}. Accepted values for - rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w - (weekly) or 1M (monthly) - example: 30d - type: string - type: - description: >- - Indicates weither the time window is a rolling or a calendar aligned - time window. - enum: - - rolling - - calendarAligned - example: rolling - type: string - required: - - duration - - type - title: Time window - SLOs_timeslice_metric_basic_metric_with_field: - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - sum - - avg - - min - - max - - std_deviation - - last_value - - cardinality - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - title: Timeslice Metric Basic Metric with Field - SLOs_timeslice_metric_doc_count_metric: - type: object - properties: - aggregation: - description: The aggregation type of the metric. Only valid option is "doc_count" - enum: - - doc_count - example: doc_count - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - title: Timeslice Metric Doc Count Metric - SLOs_timeslice_metric_percentile_metric: - type: object - properties: - aggregation: - description: >- - The aggregation type of the metric. Only valid option is - "percentile" - enum: - - percentile - example: percentile - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - percentile: - description: The percentile value. - example: 95 - type: number - required: - - name - - aggregation - - field - - percentile - title: Timeslice Metric Percentile Metric - SLOs_update_slo_request: - description: > - The update SLO API request body varies depending on the type of - indicator, time window and budgeting method. Partial update is handled. - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - description: - description: A description for the SLO. - type: string - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - indicator: - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - name: - description: A name for the SLO. - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - title: Update SLO request - type: object - securitySchemes: - apiKeyAuth: - description: >- - You must create an API key and use the encoded value in the request - header. To learn about creating keys, go to [API - keys](https://www.elastic.co/docs/current/serverless/api-keys). - in: header - name: Authorization - type: apiKey -security: - - apiKeyAuth: [] -tags: - - name: alerting - - description: > - Configure APM agent keys to authorize requests from APM agents to the APM - Server. - name: APM agent keys - - description: > - Annotate visualizations in the APM app with significant events. - Annotations enable you to easily see how events are impacting the - performance of your applications. - name: APM annotations - - name: connectors - - name: Data streams - - description: >- - Data view APIs enable you to manage data views, formerly known as Kibana - index patterns. - name: data views - - name: Elastic Agent actions - - name: Elastic Agent binary download sources - - name: Elastic Agent policies - - name: Elastic Agent status - - name: Elastic Agents - - name: Elastic Package Manager (EPM) - - name: Fleet enrollment API keys - - name: Fleet internals - - name: Fleet outputs - - name: Fleet package policies - - name: Fleet proxies - - name: Fleet Server hosts - - name: Fleet service tokens - - name: Fleet uninstall tokens - - name: Message Signing Service - - description: Machine learning - name: ml - - name: roles - - description: > - Export sets of saved objects that you want to import into {kib}, resolve - import errors, and rotate an encryption key for encrypted saved objects - with the saved objects APIs. - - - To manage a specific type of saved object, use the corresponding APIs. - - For example, use: - - - [Data views](../group/endpoint-data-views) - - - Warning: Do not write documents directly to the `.kibana` index. When you - write directly to the `.kibana` index, the data becomes corrupted and - permanently breaks future Kibana versions. - name: saved objects - x-displayName: Saved objects - - description: Manage and interact with Security Assistant resources. - name: Security AI Assistant API - x-displayName: Security AI assistant - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. - name: Security Detections API - x-displayName: Security detections - - description: >- - Endpoint Exceptions API allows you to manage detection rule endpoint - exceptions to prevent a rule from generating an alert from incoming events - even when the rule's other criteria are met. - name: Security Endpoint Exceptions API - x-displayName: Security endpoint exceptions - - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Endpoint Management API - x-displayName: Security endpoint management - - description: '' - name: Security Entity Analytics API - x-displayName: Security entity analytics - - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. - name: Security Exceptions API - x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. - name: Security Lists API - x-displayName: Security lists - - description: Run live queries, manage packs and saved queries. - name: Security Osquery API - x-displayName: Security Osquery - - description: >- - You can create Timelines and Timeline templates via the API, as well as - import new Timelines from an ndjson file. - name: Security Timeline API - x-displayName: Security timeline - - description: SLO APIs enable you to define, manage and track service-level objectives - name: slo - - name: spaces - - name: system diff --git a/oas_docs/output/kibana.staging.yaml b/oas_docs/output/kibana.staging.yaml deleted file mode 100644 index da06e3748c05b..0000000000000 --- a/oas_docs/output/kibana.staging.yaml +++ /dev/null @@ -1,60612 +0,0 @@ -openapi: 3.0.3 -info: - contact: - name: Kibana Team - description: > - The Kibana REST APIs enable you to manage resources such as connectors, data - views, and saved objects. - - The API calls are stateless. - - Each request that you make happens in isolation from other calls and must - include all of the necessary information for Kibana to fulfill the - - request. - - API requests return JSON output, which is a format that is machine-readable - and works well for automation. - - - To interact with Kibana APIs, use the following operations: - - - - GET: Fetches the information. - - - PATCH: Applies partial modifications to the existing information. - - - POST: Adds new information. - - - PUT: Updates the existing information. - - - DELETE: Removes the information. - - - You can prepend any Kibana API endpoint with `kbn:` and run the request in - **Dev Tools → Console**. - - For example: - - - ``` - - GET kbn:/api/data_views - - ``` - - - For more information about the console, refer to [Run API - requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html). - - - NOTE: Access to internal Kibana API endpoints will be restricted in Kibana - version 9.0. Please move any integrations to publicly documented APIs. - - - ## Documentation source and versions - - - This documentation is derived from the `main` branch of the - [kibana](https://github.com/elastic/kibana) repository. - - It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 - International](https://creativecommons.org/licenses/by-nc-nd/4.0/). - title: Kibana APIs - version: 1.0.2 - x-doc-license: - name: Attribution-NonCommercial-NoDerivatives 4.0 International - url: https://creativecommons.org/licenses/by-nc-nd/4.0/ - x-feedbackLink: - label: Feedback - url: >- - https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ -servers: - - url: https://{kibana_url} - variables: - kibana_url: - default: localhost:5601 -paths: - /api/actions: - get: - deprecated: true - operationId: '%2Fapi%2Factions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/action: - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionTypeId: - description: The connector type identifier. - type: string - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - actionTypeId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - /api/actions/action/{id}: - delete: - deprecated: true - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - put: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - /api/actions/action/{id}/_execute: - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connector_types: - get: - description: You do not need any Kibana feature privileges to run this API. - operationId: '%2Fapi%2Factions%2Fconnector_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - required: false - schema: - type: string - responses: {} - summary: Get connector types - tags: - - connectors - /api/actions/connector/{id}: - delete: - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - post: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - connector_type_id: - description: The type of connector. - type: string - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - connector_type_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - put: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - /api/actions/connector/{id}/_execute: - post: - description: >- - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connectors: - get: - operationId: '%2Fapi%2Factions%2Fconnectors#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/list_action_types: - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Flist_action_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get connector types - tags: - - connectors - /api/alerting/_health: - get: - description: > - You must have `read` privileges for the **Management > Stack Rules** - feature or for at least one of the **Analytics > Discover**, **Analytics - > Machine Learning**, **Observability**, or **Security** features. - operationId: getAlertingHealth - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getAlertingHealthResponse: - $ref: '#/components/examples/Alerting_get_health_response' - schema: - type: object - properties: - alerting_framework_health: - description: > - Three substates identify the health of the alerting - framework: `decryption_health`, `execution_health`, and - `read_health`. - type: object - properties: - decryption_health: - description: The timestamp and status of the rule decryption. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - execution_health: - description: The timestamp and status of the rule run. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - read_health: - description: The timestamp and status of the rule reading events. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - has_permanent_encryption_key: - description: >- - If `false`, the encrypted saved object plugin does not - have a permanent encryption key. - example: true - type: boolean - is_sufficiently_secure: - description: If `false`, security is enabled but TLS is not. - example: true - type: boolean - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get the alerting framework health - tags: - - alerting - /api/alerting/rule_types: - get: - description: > - If you have `read` privileges for one or more Kibana features, the API - response contains information about the appropriate rule types. For - example, there are rule types associated with the **Management > Stack - Rules** feature, **Analytics > Discover** and **Machine Learning** - features, **Observability** features, and **Security** features. To get - rule types associated with the **Stack Monitoring** feature, use the - `monitoring_user` built-in role. - operationId: getRuleTypes - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuleTypesResponse: - $ref: '#/components/examples/Alerting_get_rule_types_response' - schema: - items: - type: object - properties: - action_groups: - description: > - An explicit list of groups for which the rule type can - schedule actions, each with the action group's unique ID - and human readable name. Rule actions validation uses - this configuration to ensure that groups are valid. - items: - type: object - properties: - id: - type: string - name: - type: string - type: array - action_variables: - description: > - A list of action variables that the rule type makes - available via context and state in action parameter - templates, and a short human readable description. When - you create a rule in Kibana, it uses this information to - prompt you for these variables in action parameter - editors. - type: object - properties: - context: - items: - type: object - properties: - description: - type: string - name: - type: string - useWithTripleBracesInTemplates: - type: boolean - type: array - params: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - state: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - alerts: - description: > - Details for writing alerts as data documents for this - rule type. - type: object - properties: - context: - description: | - The namespace for this rule type. - enum: - - ml.anomaly-detection - - observability.apm - - observability.logs - - observability.metrics - - observability.slo - - observability.threshold - - observability.uptime - - security - - stack - type: string - dynamic: - description: Indicates whether new fields are added dynamically. - enum: - - 'false' - - runtime - - strict - - 'true' - type: string - isSpaceAware: - description: > - Indicates whether the alerts are space-aware. If - true, space-specific alert indices are used. - type: boolean - mappings: - type: object - properties: - fieldMap: - additionalProperties: - $ref: >- - #/components/schemas/Alerting_fieldmap_properties - description: > - Mapping information for each field supported in - alerts as data documents for this rule type. For - more information about mapping parameters, refer - to the Elasticsearch documentation. - type: object - secondaryAlias: - description: > - A secondary alias. It is typically used to support - the signals alias for detection rules. - type: string - shouldWrite: - description: > - Indicates whether the rule should write out alerts - as data. - type: boolean - useEcs: - description: > - Indicates whether to include the ECS component - template for the alerts. - type: boolean - useLegacyAlerts: - default: false - description: > - Indicates whether to include the legacy component - template for the alerts. - type: boolean - authorized_consumers: - description: >- - The list of the plugins IDs that have access to the rule - type. - type: object - properties: - alerts: - type: object - properties: - all: - type: boolean - read: - type: boolean - apm: - type: object - properties: - all: - type: boolean - read: - type: boolean - discover: - type: object - properties: - all: - type: boolean - read: - type: boolean - infrastructure: - type: object - properties: - all: - type: boolean - read: - type: boolean - logs: - type: object - properties: - all: - type: boolean - read: - type: boolean - ml: - type: object - properties: - all: - type: boolean - read: - type: boolean - monitoring: - type: object - properties: - all: - type: boolean - read: - type: boolean - siem: - type: object - properties: - all: - type: boolean - read: - type: boolean - slo: - type: object - properties: - all: - type: boolean - read: - type: boolean - stackAlerts: - type: object - properties: - all: - type: boolean - read: - type: boolean - uptime: - type: object - properties: - all: - type: boolean - read: - type: boolean - category: - description: >- - The rule category, which is used by features such as - category-specific maintenance windows. - enum: - - management - - observability - - securitySolution - type: string - default_action_group_id: - description: The default identifier for the rule type group. - type: string - does_set_recovery_context: - description: >- - Indicates whether the rule passes context variables to - its recovery action. - type: boolean - enabled_in_license: - description: >- - Indicates whether the rule type is enabled or disabled - based on the subscription. - type: boolean - has_alerts_mappings: - description: >- - Indicates whether the rule type has custom mappings for - the alert data. - type: boolean - has_fields_for_a_a_d: - type: boolean - id: - description: The unique identifier for the rule type. - type: string - is_exportable: - description: >- - Indicates whether the rule type is exportable in **Stack - Management > Saved Objects**. - type: boolean - minimum_license_required: - description: The subscriptions required to use the rule type. - example: basic - type: string - name: - description: The descriptive name of the rule type. - type: string - producer: - description: >- - An identifier for the application that produces this - rule type. - example: stackAlerts - type: string - recovery_action_group: - description: >- - An action group to use when an alert goes from an active - state to an inactive one. - type: object - properties: - id: - type: string - name: - type: string - rule_task_timeout: - example: 5m - type: string - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get the rule types - tags: - - alerting - /api/alerting/rule/{id}: - delete: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Delete a rule - tags: - - alerting - get: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Get rule details - tags: - - alerting - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. - type: string - enabled: - default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. - items: - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - rule_type_id - - consumer - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '409': - description: Indicates that the rule id is already in use. - summary: Create a rule - tags: - - alerting - put: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update a rule - tags: - - alerting - /api/alerting/rule/{id}/_disable: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Disable a rule - tags: - - alerting - /api/alerting/rule/{id}/_enable: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Enable a rule - tags: - - alerting - /api/alerting/rule/{id}/_mute_all: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Mute all alerts - tags: - - alerting - /api/alerting/rule/{id}/_unmute_all: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Unmute all alerts - tags: - - alerting - /api/alerting/rule/{id}/_update_api_key: - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update the API key for a rule - tags: - - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute: - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Mute an alert - tags: - - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute: - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Unmute an alert - tags: - - alerting - /api/alerting/rules/_find: - get: - operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The number of rules to return per page. - in: query - name: per_page - required: false - schema: - default: 10 - minimum: 0 - type: number - - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. - in: query - name: search - required: false - schema: - type: string - - description: The default operator to use for the simple_query_string. - in: query - name: default_search_operator - required: false - schema: - default: OR - enum: - - OR - - AND - type: string - - description: The fields to perform the simple_query_string parsed query against. - in: query - name: search_fields - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order. - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - required: false - schema: - additionalProperties: false - nullable: true - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - in: query - name: fields - required: false - schema: - items: - description: The fields to return in the `attributes` key of the response. - type: string - type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - required: false - schema: - type: string - - in: query - name: filter_consumers - required: false - schema: - items: - description: List of consumers to filter. - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - summary: Get information about rules - tags: - - alerting - /api/alerts/alert/{alertId}: - delete: - deprecated: true - description: > - Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After - you delete an alert, you cannot recover it. - operationId: legaryDeleteAlert - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Delete an alert - tags: - - alerting - get: - deprecated: true - description: Deprecated in 7.13.0. Use the get rule API instead. - operationId: legacyGetAlert - parameters: - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get an alert by identifier - tags: - - alerting - post: - deprecated: true - description: Deprecated in 7.13.0. Use the create rule API instead. - operationId: legacyCreateAlert - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: >- - An UUID v1 or v4 identifier for the alert. If this parameter is - omitted, the identifier is randomly generated. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - title: Legacy create alert request properties - type: object - properties: - actions: - items: - type: object - properties: - actionTypeId: - description: The identifier for the action type. - type: string - group: - description: > - Grouping actions is recommended for escalations for - different types of alert instances. If you don't need - this functionality, set it to `default`. - type: string - id: - description: The ID of the action saved object. - type: string - params: - description: > - The map to the `params` that the action type will - receive. `params` are handled as Mustache templates - and passed a default set of context. - type: object - required: - - actionTypeId - - group - - id - - params - type: array - alertTypeId: - description: >- - The ID of the alert type that you want to call when the - alert is scheduled to run. - type: string - consumer: - description: >- - The name of the application that owns the alert. This name - has to match the Kibana feature name, as that dictates the - required role-based access control privileges. - type: string - enabled: - description: >- - Indicates if you want to run the alert on an interval basis - after it is created. - type: boolean - name: - description: A name to reference and search. - type: string - notifyWhen: - description: The condition for throttling the notification. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - params: - description: >- - The parameters to pass to the alert type executor `params` - value. This will also validate against the alert type params - validator, if defined. - type: object - schedule: - description: > - The schedule specifying when this alert should be run. A - schedule is structured such that the key specifies the - format you wish to use and its value specifies the schedule. - type: object - properties: - interval: - description: >- - The interval format specifies the interval in seconds, - minutes, hours or days at which the alert should run. - example: 10s - type: string - tags: - description: A list of keywords to reference and search. - items: - type: string - type: array - throttle: - description: > - How often this alert should fire the same actions. This will - prevent the alert from sending out the same notification - over and over. For example, if an alert with a schedule of 1 - minute stays in a triggered state for 90 minutes, setting a - throttle of `10m` or `1h` will prevent it from sending 90 - notifications during this period. - type: string - required: - - alertTypeId - - consumer - - name - - notifyWhen - - params - - schedule - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Create an alert - tags: - - alerting - put: - deprecated: true - description: Deprecated in 7.13.0. Use the update rule API instead. - operationId: legacyUpdateAlert - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - title: Legacy update alert request properties - type: object - properties: - actions: - items: - type: object - properties: - actionTypeId: - description: The identifier for the action type. - type: string - group: - description: > - Grouping actions is recommended for escalations for - different types of alert instances. If you don't need - this functionality, set it to `default`. - type: string - id: - description: The ID of the action saved object. - type: string - params: - description: > - The map to the `params` that the action type will - receive. `params` are handled as Mustache templates - and passed a default set of context. - type: object - required: - - actionTypeId - - group - - id - - params - type: array - name: - description: A name to reference and search. - type: string - notifyWhen: - description: The condition for throttling the notification. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - params: - description: >- - The parameters to pass to the alert type executor `params` - value. This will also validate against the alert type params - validator, if defined. - type: object - schedule: - description: > - The schedule specifying when this alert should be run. A - schedule is structured such that the key specifies the - format you wish to use and its value specifies the schedule. - type: object - properties: - interval: - description: >- - The interval format specifies the interval in seconds, - minutes, hours or days at which the alert should run. - example: 1d - type: string - tags: - description: A list of keywords to reference and search. - items: - type: string - type: array - throttle: - description: > - How often this alert should fire the same actions. This will - prevent the alert from sending out the same notification - over and over. For example, if an alert with a schedule of 1 - minute stays in a triggered state for 90 minutes, setting a - throttle of `10m` or `1h` will prevent it from sending 90 - notifications during this period. - type: string - required: - - name - - notifyWhen - - params - - schedule - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Update an alert - tags: - - alerting - /api/alerts/alert/{alertId}/_disable: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the disable rule API instead. - operationId: legacyDisableAlert - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Disable an alert - tags: - - alerting - /api/alerts/alert/{alertId}/_enable: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the enable rule API instead. - operationId: legacyEnableAlert - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Enable an alert - tags: - - alerting - /api/alerts/alert/{alertId}/_mute_all: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the mute all alerts API instead. - operationId: legacyMuteAllAlertInstances - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Mute all alert instances - tags: - - alerting - /api/alerts/alert/{alertId}/_unmute_all: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the unmute all alerts API instead. - operationId: legacyUnmuteAllAlertInstances - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Unmute all alert instances - tags: - - alerting - /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the mute alert API instead. - operationId: legacyMuteAlertInstance - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - - description: An identifier for the alert instance. - in: path - name: alertInstanceId - required: true - schema: - example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 - type: string - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Mute an alert instance - tags: - - alerting - /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the unmute alert API instead. - operationId: legacyUnmuteAlertInstance - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - - description: An identifier for the alert instance. - in: path - name: alertInstanceId - required: true - schema: - example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 - type: string - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Unmute an alert instance - tags: - - alerting - /api/alerts/alerts/_find: - get: - deprecated: true - description: > - Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert - `params` are stored as a flattened field type and analyzed as keywords. - As alerts change in Kibana, the results on each page of the response - also change. Use the find API for traditional paginated results, but - avoid using it to export large amounts of data. - operationId: legacyFindAlerts - parameters: - - description: The default operator to use for the `simple_query_string`. - example: OR - in: query - name: default_search_operator - schema: - default: OR - type: string - - description: The fields to return in the `attributes` key of the response. - in: query - name: fields - schema: - items: - type: string - type: array - - description: > - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - schema: - type: object - properties: - id: - type: string - type: - type: string - - description: The page number to return. - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: The number of alerts to return per page. - example: 20 - in: query - name: per_page - schema: - default: 20 - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the alerts - in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - items: - type: string - type: array - - description: > - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - schema: - type: string - - description: Determines the sort order. - example: asc - in: query - name: sort_order - schema: - default: desc - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Alerting_alert_response_properties' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get a paginated set of alerts - tags: - - alerting - /api/alerts/alerts/_health: - get: - deprecated: true - description: Deprecated in 7.13.0. Use the get alerting framework health API instead. - operationId: legacyGetAlertingHealth - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - alertingFrameworkHealth: - description: > - Three substates identify the health of the alerting - framework: `decryptionHealth`, `executionHealth`, and - `readHealth`. - type: object - properties: - decryptionHealth: - description: The timestamp and status of the alert decryption. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - executionHealth: - description: The timestamp and status of the alert execution. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - readHealth: - description: The timestamp and status of the alert reading events. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - hasPermanentEncryptionKey: - description: >- - If `false`, the encrypted saved object plugin does not - have a permanent encryption key. - example: true - type: boolean - isSufficientlySecure: - description: If `false`, security is enabled but TLS is not. - example: true - type: boolean - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get the alerting framework health - tags: - - alerting - /api/alerts/alerts/list_alert_types: - get: - deprecated: true - description: Deprecated in 7.13.0. Use the get rule types API instead. - operationId: legacyGetAlertTypes - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - actionGroups: - description: > - An explicit list of groups for which the alert type can - schedule actions, each with the action group's unique ID - and human readable name. Alert actions validation uses - this configuration to ensure that groups are valid. - items: - type: object - properties: - id: - type: string - name: - type: string - type: array - actionVariables: - description: > - A list of action variables that the alert type makes - available via context and state in action parameter - templates, and a short human readable description. The - Alert UI will use this information to prompt users for - these variables in action parameter editors. - type: object - properties: - context: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - params: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - state: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - authorizedConsumers: - description: >- - The list of the plugins IDs that have access to the - alert type. - type: object - defaultActionGroupId: - description: The default identifier for the alert type group. - type: string - enabledInLicense: - description: >- - Indicates whether the rule type is enabled based on the - subscription. - type: boolean - id: - description: The unique identifier for the alert type. - type: string - isExportable: - description: >- - Indicates whether the alert type is exportable in Saved - Objects Management UI. - type: boolean - minimumLicenseRequired: - description: The subscriptions required to use the alert type. - type: string - name: - description: The descriptive name of the alert type. - type: string - producer: - description: >- - An identifier for the application that produces this - alert type. - type: string - recoveryActionGroup: - description: > - An action group to use when an alert instance goes from - an active state to an inactive one. If it is not - specified, the default recovered action group is used. - type: object - properties: - id: - type: string - name: - type: string - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get the alert types - tags: - - alerting - /api/apm/agent_keys: - post: - description: Create a new agent key for APM. - operationId: createAgentKey - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - privileges: - items: - enum: - - event:write - - config_agent:read - type: string - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: - type: string - description: Agent key created successfully - summary: Create an APM agent key - tags: - - APM agent keys - /api/apm/services/{serviceName}/annotation: - post: - description: Create a new annotation for a specific service. - operationId: createAnnotation - parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - '@timestamp': - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - version: - type: string - tags: - items: - type: string - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _id: - type: string - _index: - type: string - _source: - type: object - properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array - description: Annotation created successfully - summary: Create a service annotation - tags: - - APM annotations - /api/apm/services/{serviceName}/annotation/search: - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation - parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start - required: false - schema: - type: string - - description: The end date for the search - in: query - name: end - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - annotations: - items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string - type: array - description: Successful response - summary: Search for annotations - tags: - - APM annotations - /api/asset_criticality: - delete: - description: Delete the asset criticality record for a specific entity. - operationId: DeleteAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - - description: If 'wait_for' the request will wait for the index refresh. - in: query - name: refresh - required: false - schema: - enum: - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - description: >- - True if the record was deleted or false if the record did - not exist. - type: boolean - record: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: The deleted record if it existed. - required: - - deleted - description: Successful response - '400': - description: Invalid request - summary: Delete an asset criticality record - tags: - - Security Entity Analytics API - get: - description: Get the asset criticality record for a specific entity. - operationId: GetAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - '404': - description: Criticality record not found - summary: Get an asset criticality record - tags: - - Security Entity Analytics API - post: - description: > - Create or update an asset criticality record for a specific entity. - - - If a record already exists for the specified entity, that record is - overwritten with the specified value. If a record doesn't exist for the - specified entity, a new record is created. - operationId: CreateAssetCriticalityRecord - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. - enum: - - wait_for - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - summary: Upsert an asset criticality record - tags: - - Security Entity Analytics API - /api/asset_criticality/bulk: - post: - description: > - Bulk upsert up to 1000 asset criticality records. - - - If asset criticality records already exist for the specified entities, - those records are overwritten with the specified values. If asset - criticality records don't exist for the specified entities, new records - are created. - operationId: BulkUpsertAssetCriticalityRecords - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 - type: object - properties: - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - maxItems: 1000 - minItems: 1 - type: array - required: - - records - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem - type: array - stats: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats - required: - - errors - - stats - description: Bulk upload successful - '413': - description: File too large - summary: Bulk upsert asset criticality records - tags: - - Security Entity Analytics API - /api/asset_criticality/list: - get: - description: List asset criticality records, paging, sorting and filtering as needed. - operationId: FindAssetCriticalityRecords - parameters: - - description: The field to sort by. - in: query - name: sort_field - required: false - schema: - enum: - - id_value - - id_field - - criticality_level - - \@timestamp - type: string - - description: The order to sort by. - in: query - name: sort_direction - required: false - schema: - enum: - - asc - - desc - type: string - - description: The page number to return. - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of records to return per page. - in: query - name: per_page - required: false - schema: - maximum: 1000 - minimum: 1 - type: integer - - description: The kuery to filter by. - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Bulk upload successful - summary: List asset criticality records - tags: - - Security Entity Analytics API - /api/cases: - delete: - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_ids' - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete cases - tags: - - cases - patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - updating. - operationId: updateCaseDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseRequest: - $ref: '#/components/examples/Cases_update_case_request' - schema: - $ref: '#/components/schemas/Cases_update_case_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseResponse: - $ref: '#/components/examples/Cases_update_case_response' - schema: - items: - $ref: '#/components/schemas/Cases_case_response_properties' - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update cases - tags: - - cases - post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - creating. - operationId: createCaseDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseRequest: - $ref: '#/components/examples/Cases_create_case_request' - schema: - $ref: '#/components/schemas/Cases_create_case_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseResponse: - $ref: '#/components/examples/Cases_create_case_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Create a case - tags: - - cases - /api/cases/_find: - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: findCasesDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_assignees_filter' - - $ref: '#/components/parameters/Cases_category' - - $ref: '#/components/parameters/Cases_defaultSearchOperator' - - $ref: '#/components/parameters/Cases_from' - - $ref: '#/components/parameters/Cases_owner_filter' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_reporters' - - $ref: '#/components/parameters/Cases_search' - - $ref: '#/components/parameters/Cases_searchFields' - - $ref: '#/components/parameters/Cases_severity' - - $ref: '#/components/parameters/Cases_sortField' - - $ref: '#/components/parameters/Cases_sort_order' - - $ref: '#/components/parameters/Cases_status' - - $ref: '#/components/parameters/Cases_tags' - - $ref: '#/components/parameters/Cases_to' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - findCaseResponse: - $ref: '#/components/examples/Cases_find_case_response' - schema: - type: object - properties: - cases: - items: - $ref: '#/components/schemas/Cases_case_response_properties' - maxItems: 10000 - type: array - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - page: - type: integer - per_page: - type: integer - total: - type: integer - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Search cases - tags: - - cases - /api/cases/{caseId}: - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. - operationId: getCaseDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_includeComments' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultCaseResponse: - $ref: '#/components/examples/Cases_get_case_response' - getDefaultObservabilityCaseReponse: - $ref: '#/components/examples/Cases_get_case_observability_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case information - tags: - - cases - /api/cases/{caseId}/alerts: - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: getCaseAlertsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getCaseAlertsResponse: - $ref: '#/components/examples/Cases_get_case_alerts_response' - schema: - items: - $ref: '#/components/schemas/Cases_alert_response_properties' - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get all alerts for a case - tags: - - cases - x-state: Technical preview - /api/cases/{caseId}/comments: - delete: - description: > - Deletes all comments and alerts from a case. You must have `all` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseCommentsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete all case comments and alerts - tags: - - cases - get: - deprecated: true - description: > - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; instead, use the get case comment API, which requires a - comment identifier in the path. You must have `read` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on the - owner of the cases with the comments you're seeking. - operationId: getAllCaseCommentsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get all case comments - tags: - - cases - patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. - operationId: updateCaseCommentDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/Cases_update_comment_request' - schema: - $ref: '#/components/schemas/Cases_update_case_comment_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseCommentResponse: - $ref: '#/components/examples/Cases_update_comment_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update a case comment or alert - tags: - - cases - post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - NOTE: Each case can have a maximum of 1,000 alerts. - operationId: addCaseCommentDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseCommentRequest: - $ref: '#/components/examples/Cases_add_comment_request' - schema: - $ref: '#/components/schemas/Cases_add_case_comment_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseCommentResponse: - $ref: '#/components/examples/Cases_add_comment_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Add a case comment or alert - tags: - - cases - /api/cases/{caseId}/comments/_find: - get: - description: > - Retrieves a paginated list of comments for a case. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases with the comments you're - seeking. - operationId: findCaseCommentsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_sort_order' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Find case comments and alerts - tags: - - cases - /api/cases/{caseId}/comments/{commentId}: - delete: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseCommentDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_comment_id' - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete a case comment or alert - tags: - - cases - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases with the - comments you're seeking. - operationId: getCaseCommentDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_comment_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getCaseCommentResponse: - $ref: '#/components/examples/Cases_get_comment_response' - schema: - oneOf: - - $ref: >- - #/components/schemas/Cases_alert_comment_response_properties - - $ref: >- - #/components/schemas/Cases_user_comment_response_properties - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get a case comment or alert - tags: - - cases - /api/cases/{caseId}/connector/{connectorId}/_push: - post: - description: > - You must have `all` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - You must also have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're pushing. - operationId: pushCaseDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_connector_id' - - $ref: '#/components/parameters/Cases_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - nullable: true - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - pushCaseResponse: - $ref: '#/components/examples/Cases_push_case_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Push a case to an external service - tags: - - cases - /api/cases/{caseId}/user_actions: - get: - deprecated: true - description: > - Returns all user activity for a case. Deprecated in 8.1.0. This API is - deprecated and will be removed in a future release; use the find user - actions API instead. You must have `read` privileges for the **Cases** - feature in the **Management**, **Observability**, or **Security** - section of the Kibana feature privileges, depending on the owner of the - case you're seeking. - operationId: getCaseActivityDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: '#/components/schemas/Cases_user_actions_response_properties' - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case activity - tags: - - cases - /api/cases/{caseId}/user_actions/_find: - get: - description: > - Retrives a paginated list of user activity for a case. You must have - `read` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the case you're seeking. - operationId: findCaseActivityDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_sort_order' - - $ref: '#/components/parameters/Cases_user_action_types' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - findCaseActivityResponse: - $ref: '#/components/examples/Cases_find_case_activity_response' - schema: - type: object - properties: - page: - type: integer - perPage: - type: integer - total: - type: integer - userActions: - items: - $ref: >- - #/components/schemas/Cases_user_actions_find_response_properties - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Find case activity - tags: - - cases - /api/cases/alerts/{alertId}: - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: getCasesByAlertDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_alert_id' - - $ref: '#/components/parameters/Cases_owner_filter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - example: - - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 - title: security_case - items: - type: object - properties: - id: - description: The case identifier. - type: string - title: - description: The case title. - type: string - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get cases for an alert - tags: - - cases - x-state: Technical preview - /api/cases/configure: - get: - description: > - Get setting details such as the closure type, custom fields, templatse, - and the default connector for cases. You must have `read` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the cases were created. - operationId: getCaseConfigurationDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_owner_filter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getConfigurationResponse: - $ref: '#/components/examples/Cases_get_case_configuration_response' - schema: - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are - not used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want - a default connector, use `none`. To retrieve - connector IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the - `type` is `text`, the default value must be a - string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If - `false`, the custom field can be set to null or - omitted when a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case settings - tags: - - cases - post: - description: > - Case settings include external connection details, custom fields, and - templates. Connectors are used to interface with external systems. You - must create a connector before you can use it in your cases. If you set - a default connector, it is automatically selected when you create cases - in Kibana. If you use the create case API, however, you must still - specify all of the connector details. You must have `all` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where you are creating cases. - operationId: setCaseConfigurationDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - setCaseConfigRequest: - $ref: '#/components/examples/Cases_set_case_configuration_request' - schema: - $ref: '#/components/schemas/Cases_set_case_configuration_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - setCaseConfigResponse: - $ref: '#/components/examples/Cases_set_case_configuration_response' - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Add case settings - tags: - - cases - /api/cases/configure/{configurationId}: - patch: - description: > - Updates setting details such as the closure type, custom fields, - templates, and the default connector for cases. Connectors are used to - interface with external systems. You must create a connector before you - can use it in your cases. You must have `all` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the case was created. - operationId: updateCaseConfigurationDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_configuration_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseConfigurationRequest: - $ref: '#/components/examples/Cases_update_case_configuration_request' - schema: - $ref: '#/components/schemas/Cases_update_case_configuration_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseConfigurationResponse: - $ref: >- - #/components/examples/Cases_update_case_configuration_response - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update case settings - tags: - - cases - /api/cases/configure/connectors/_find: - get: - description: > - Get information about connectors that are supported for use in cases. - You must have `read` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - operationId: findCaseConnectorsDefaultSpace - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - findConnectorResponse: - $ref: '#/components/examples/Cases_find_connector_response' - schema: - items: - type: object - properties: - actionTypeId: - $ref: '#/components/schemas/Cases_connector_types' - config: - additionalProperties: true - type: object - properties: - apiUrl: - type: string - projectKey: - type: string - id: - type: string - isDeprecated: - type: boolean - isMissingSecrets: - type: boolean - isPreconfigured: - type: boolean - name: - type: string - referencedByCount: - type: integer - maxItems: 1000 - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case connectors - tags: - - cases - /api/cases/reporters: - get: - description: > - Returns information about the users who opened cases. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases. The API returns - information about the users as they existed at the time of the case - creation, including their name, full name, and email address. If any of - those details change thereafter or if a user is deleted, the information - returned by this API is unchanged. - operationId: getCaseReportersDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_owner_filter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getReportersResponse: - $ref: '#/components/examples/Cases_get_reporters_response' - schema: - items: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case creators - tags: - - cases - /api/cases/status: - get: - deprecated: true - description: > - Returns the number of cases that are open, closed, and in progress. - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; use the find cases API instead. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. - operationId: getCaseStatusDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_owner_filter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case status summary - tags: - - cases - /api/cases/tags: - get: - description: > - Aggregates and returns a list of case tags. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. - operationId: getCaseTagsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_owner_filter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getTagsResponse: - $ref: '#/components/examples/Cases_get_tags_response' - schema: - items: - type: string - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case tags - tags: - - cases - /api/data_views: - get: - operationId: getAllDataViewsDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' - schema: - type: object - properties: - data_view: - items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views - tags: - - data views - /api/data_views/data_view: - post: - operationId: createDataViewDefaultw - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view - tags: - - data views - /api/data_views/data_view/{viewId}: - delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view - tags: - - data views - get: - operationId: getDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view - tags: - - data views - post: - operationId: updateDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view - tags: - - data views - /api/data_views/data_view/{viewId}/fields: - post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' - schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata - tags: - - data views - /api/data_views/data_view/{viewId}/runtime_field: - post: - operationId: createRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - summary: Create a runtime field - tags: - - data views - put: - operationId: createUpdateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field - tags: - - data views - /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: - delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view - tags: - - data views - get: - operationId: getRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' - schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field - tags: - - data views - post: - operationId: updateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' - schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField - required: true - responses: - '200': - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field - tags: - - data views - /api/data_views/default: - get: - operationId: getDefaultDataViewDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response - schema: - type: object - properties: - data_view_id: - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view - tags: - - data views - post: - operationId: setDefaultDatailViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' - schema: - type: object - properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - nullable: true - type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean - required: - - data_view_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view - tags: - - data views - /api/data_views/swap_references: - post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Swap saved object references - tags: - - data views - /api/data_views/swap_references/_preview: - post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Preview a saved object reference swap - tags: - - data views - /api/detection_engine/index: - delete: - operationId: DeleteAlertsIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Not enough permissions response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: string - description: Index does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Delete an alerts index - tags: - - Security Detections API - - Alert index API - get: - operationId: ReadAlertsIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - index_mapping_outdated: - nullable: true - type: boolean - name: - type: string - required: - - name - - index_mapping_outdated - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Not enough permissions response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Reads the alert index name if it exists - tags: - - Security Detections API - - Alert index API - post: - operationId: CreateAlertsIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Not enough permissions response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Create an alerts index - tags: - - Security Detections API - - Alert index API - /api/detection_engine/privileges: - get: - description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - - space and index privileges, which determine if the user can create an - - index for the Elastic Security alerts generated by - - detection engine rules. - operationId: ReadPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Returns user privileges for the Kibana space - tags: - - Security Detections API - - Privileges API - /api/detection_engine/rules: - delete: - description: Delete a detection rule using the `rule_id` or `id` field. - operationId: DeleteRule - parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Delete a detection rule - tags: - - Security Detections API - - Rules API - get: - description: Retrieve a detection rule using the `rule_id` or `id` field. - operationId: ReadRule - parameters: - - description: The rule's `id` value. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Retrieve a detection rule - tags: - - Security Detections API - - Rules API - patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. - operationId: PatchRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Patch a detection rule - tags: - - Security Detections API - - Rules API - post: - description: Create a new detection rule. - operationId: CreateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Create a detection rule - tags: - - Security Detections API - - Rules API - put: - description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` or `rule_id` values. - operationId: UpdateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Update a detection rule - tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_bulk_action: - post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. - operationId: PerformRulesBulkAction - parameters: - - description: Enables dry run mode for the request call. - in: query - name: dry_run - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDisableRules - - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Detections_API_BulkManualRuleRun - - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResponse - - $ref: >- - #/components/schemas/Security_Detections_API_BulkExportActionResponse - description: OK - summary: Apply a bulk action to detection rules - tags: - - Security Detections API - - Bulk API - /api/detection_engine/rules/_bulk_create: - post: - deprecated: true - description: Create new detection rules in bulk. - operationId: BulkCreateRules - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' - type: array - description: A JSON array of rules, where each rule contains the required fields. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - summary: Create multiple detection rules - tags: - - Security Detections API - - Bulk API - /api/detection_engine/rules/_bulk_delete: - delete: - deprecated: true - description: Delete detection rules in bulk. - operationId: BulkDeleteRules - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId - type: array - description: >- - A JSON array of `id` or `rule_id` fields of the rules you want to - delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Delete multiple detection rules - tags: - - Security Detections API - - Bulk API - post: - deprecated: true - description: Deletes multiple rules. - operationId: BulkDeleteRulesPost - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId - type: array - description: >- - A JSON array of `id` or `rule_id` fields of the rules you want to - delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Delete multiple detection rules - tags: - - Security Detections API - - Bulk API - /api/detection_engine/rules/_bulk_update: - patch: - deprecated: true - description: >- - Update specific fields of existing detection rules using the `rule_id` - or `id` field. - operationId: BulkPatchRules - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' - type: array - description: A JSON array of rules, where each rule contains the required fields. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - summary: Patch multiple detection rules - tags: - - Security Detections API - - Bulk API - put: - deprecated: true - description: > - Update multiple detection rules using the `rule_id` or `id` field. The - original rules are replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` or `rule_id` values. - operationId: BulkUpdateRules - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' - type: array - description: >- - A JSON array where each element includes the `id` or `rule_id` field - of the rule you want to update and the fields you want to modify. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse - description: Indicates a successful call. - summary: Update multiple detection rules - tags: - - Security Detections API - - Bulk API - /api/detection_engine/rules/_export: - post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - - - Actions - - - Exception lists - - > info - - > You cannot export prebuilt rules. - operationId: ExportRules - parameters: - - description: Determines whether a summary of the exported rules is returned. - in: query - name: exclude_export_details - required: false - schema: - default: false - type: boolean - - description: File name for saving the exported rules. - in: query - name: file_name - required: false - schema: - default: export.ndjson - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - nullable: true - type: object - properties: - objects: - description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. - items: - type: object - properties: - rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId - required: - - rule_id - type: array - required: - - objects - required: false - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: An `.ndjson` file containing the returned rules. - format: binary - type: string - description: Indicates a successful call. - summary: Export detection rules - tags: - - Security Detections API - - Import/Export API - /api/detection_engine/rules/_find: - get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. - operationId: FindRules - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Rules per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RuleResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - summary: List all detection rules - tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_import: - post: - description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: - - - The `Content-Type: multipart/form-data` HTTP header. - - - A link to the `.ndjson` file containing the rules. - operationId: ImportRules - parameters: - - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. - in: query - name: overwrite_action_connectors - required: false - schema: - default: false - type: boolean - - description: Generates a new list ID for each imported exception list. - in: query - name: as_new_list - required: false - schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: The `.ndjson` file containing the rules. - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action_connectors_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: - items: - $ref: >- - #/components/schemas/Security_Detections_API_WarningSchema - type: array - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer - success: - type: boolean - success_count: - minimum: 0 - type: integer - required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count - description: Indicates a successful call. - summary: Import detection rules - tags: - - Security Detections API - - Import/Export API - /api/detection_engine/rules/{id}/exceptions: - post: - description: Create exception items that apply to a single detection rule. - operationId: CreateRuleExceptionListItems - parameters: - - description: Detection rule's identifier - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_RuleId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps - type: array - required: - - items - description: Rule exception list items - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create rule exception list items - tags: - - Security Exceptions API - /api/detection_engine/rules/prepackaged: - put: - description: Install and update all Elastic prebuilt detection rules and Timelines. - operationId: InstallPrebuiltRulesAndTimelines - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - rules_installed: - description: The number of rules installed - minimum: 0 - type: integer - rules_updated: - description: The number of rules updated - minimum: 0 - type: integer - timelines_installed: - description: The number of timelines installed - minimum: 0 - type: integer - timelines_updated: - description: The number of timelines updated - minimum: 0 - type: integer - required: - - rules_installed - - rules_updated - - timelines_installed - - timelines_updated - description: Indicates a successful call - summary: Install prebuilt detection rules and Timelines - tags: - - Security Detections API - - Prebuilt Rules API - /api/detection_engine/rules/prepackaged/_status: - get: - description: >- - Retrieve the status of all Elastic prebuilt detection rules and - Timelines. - operationId: ReadPrebuiltRulesAndTimelinesStatus - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - rules_custom_installed: - description: The total number of custom rules - minimum: 0 - type: integer - rules_installed: - description: The total number of installed prebuilt rules - minimum: 0 - type: integer - rules_not_installed: - description: >- - The total number of available prebuilt rules that are not - installed - minimum: 0 - type: integer - rules_not_updated: - description: The total number of outdated prebuilt rules - minimum: 0 - type: integer - timelines_installed: - description: The total number of installed prebuilt timelines - minimum: 0 - type: integer - timelines_not_installed: - description: >- - The total number of available prebuilt timelines that are - not installed - minimum: 0 - type: integer - timelines_not_updated: - description: The total number of outdated prebuilt timelines - minimum: 0 - type: integer - required: - - rules_custom_installed - - rules_installed - - rules_not_installed - - rules_not_updated - - timelines_installed - - timelines_not_installed - - timelines_not_updated - description: Indicates a successful call - summary: Retrieve the status of prebuilt detection rules and Timelines - tags: - - Security Detections API - - Prebuilt Rules API - /api/detection_engine/rules/preview: - post: - operationId: RulePreview - parameters: - - description: >- - Enables logging and returning in response ES queries, performed - during rule execution - in: query - name: enable_logged_requests - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - discriminator: - propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - isAborted: - type: boolean - logs: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLogs - type: array - previewId: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString - required: - - logs - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Preview rule alerts generated on specified time range - tags: - - Security Detections API - - Rule preview API - /api/detection_engine/signals/assignees: - post: - description: | - Assign users to detection alerts, and unassign them from alerts. - > info - > You cannot add and remove the same assignee in the same request. - operationId: SetAlertAssignees - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - assignees: - $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' - description: Details about the assignees to assign and unassign. - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. - required: - - assignees - - ids - required: true - responses: - '200': - description: Indicates a successful call. - '400': - description: Invalid request. - summary: Assign and unassign users from detection alerts - tags: - - Security Detections API - /api/detection_engine/signals/finalize_migration: - post: - description: > - Finalize successful migrations of detection alerts. This replaces the - original index's alias with the successfully migrated index's alias. - - The endpoint is idempotent; therefore, it can safely be used to poll a - given migration and, upon completion, - - finalize it. - operationId: FinalizeAlertsMigration - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - migration_ids: - items: - type: string - minItems: 1 - type: array - required: - - migration_ids - description: Array of `migration_id`s to finalize - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Detections_API_MigrationFinalizationResult - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Finalize detection alert migrations - tags: - - Security Detections API - - Alerts migration API - /api/detection_engine/signals/migration: - delete: - description: > - Migrations favor data integrity over shard size. Consequently, unused or - orphaned indices are artifacts of - - the migration process. A successful migration will result in both the - old and new indices being present. - - As such, the old, orphaned index can (and likely should) be deleted. - - - While you can delete these indices manually, - - the endpoint accomplishes this task by applying a deletion policy to the - relevant index, causing it to be deleted - - after 30 days. It also deletes other artifacts specific to the migration - implementation. - operationId: AlertsMigrationCleanup - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - migration_ids: - items: - type: string - minItems: 1 - type: array - required: - - migration_ids - description: Array of `migration_id`s to cleanup - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Detections_API_MigrationCleanupResult - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Clean up detection alert migrations - tags: - - Security Detections API - - Alerts migration API - post: - description: > - Initiate a migration of detection alerts. - - Migrations are initiated per index. While the process is neither - destructive nor interferes with existing data, it may be - resource-intensive. As such, it is recommended that you plan your - migrations accordingly. - operationId: CreateAlertsMigration - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - type: object - properties: - index: - items: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString - minItems: 1 - type: array - required: - - index - - $ref: >- - #/components/schemas/Security_Detections_API_AlertsReindexOptions - description: Alerts migration parameters - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - indices: - items: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess - - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexMigrationError - - $ref: >- - #/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration - type: array - required: - - indices - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Initiate a detection alert migration - tags: - - Security Detections API - - Alerts migration API - /api/detection_engine/signals/migration_status: - post: - description: >- - Retrieve indices that contain detection alerts of a particular age, - along with migration information for each of those indices. - operationId: ReadAlertsMigrationStatus - parameters: - - description: Maximum age of qualifying detection alerts - in: query - name: from - required: true - schema: - description: > - Time from which data is analyzed. For example, now-4200s means the - rule analyzes data from 70 minutes - - before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). - format: date-math - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - indices: - items: - $ref: >- - #/components/schemas/Security_Detections_API_IndexMigrationStatus - type: array - required: - - indices - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Retrieve the status of detection alert migrations - tags: - - Security Detections API - - Alerts migration API - /api/detection_engine/signals/search: - post: - description: Find and/or aggregate detection alerts that match the given query. - operationId: SearchAlerts - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - description: Elasticsearch query and aggregation request - type: object - properties: - _source: - oneOf: - - type: boolean - - type: string - - items: - type: string - type: array - aggs: - additionalProperties: true - type: object - fields: - items: - type: string - type: array - query: - additionalProperties: true - type: object - runtime_mappings: - additionalProperties: true - type: object - size: - minimum: 0 - type: integer - sort: - $ref: '#/components/schemas/Security_Detections_API_AlertsSort' - track_total_hits: - type: boolean - description: Search and/or aggregation query - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch search response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Find and/or aggregate detection alerts - tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/status: - post: - description: Set the status of one or more detection alerts. - operationId: SetAlertsStatus - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Set a detection alert status - tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/tags: - post: - description: | - And tags to detection alerts, and remove them from alerts. - > info - > You cannot add and remove the same alert tag in the same request. - operationId: SetAlertTags - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - tags: - $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' - required: - - ids - - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Add and remove detection alert tags - tags: - - Security Detections API - - Alerts API - /api/detection_engine/tags: - get: - description: List all unique tags from all detection rules. - operationId: ReadTags - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - description: Indicates a successful call - summary: List all detection rule tags - tags: - - Security Detections API - - Tags API - /api/encrypted_saved_objects/_rotate_key: - post: - description: > - Superuser role required. - - - If a saved object cannot be decrypted using the primary encryption key, - then Kibana will attempt to decrypt it using the specified - decryption-only keys. In most of the cases this overhead is negligible, - but if you're dealing with a large number of saved objects and - experiencing performance issues, you may want to rotate the encryption - key. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: rotateEncryptionKey - parameters: - - description: > - Specifies a maximum number of saved objects that Kibana can process - in a single batch. Bulk key rotation is an iterative process since - Kibana may not be able to fetch and process all required saved - objects in one go and splits processing into consequent batches. By - default, the batch size is 10000, which is also a maximum allowed - value. - in: query - name: batch_size - required: false - schema: - default: 10000 - type: number - - description: > - Limits encryption key rotation only to the saved objects with the - specified type. By default, Kibana tries to rotate the encryption - key for all saved object types that may contain encrypted - attributes. - in: query - name: type - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - rotateEncryptionKeyResponse: - $ref: '#/components/examples/Saved_objects_key_rotation_response' - schema: - type: object - properties: - failed: - description: > - Indicates the number of the saved objects that were still - encrypted with one of the old encryption keys that Kibana - failed to re-encrypt with the primary key. - type: number - successful: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - - - NOTE: In most cases, `total` will be greater than - `successful` even if `failed` is zero. The reason is that - Kibana may not need or may not be able to rotate - encryption keys for all encrypted saved objects. - type: number - total: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - type: number - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - '429': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Already in progress. - summary: Rotate a key for encrypted saved objects - tags: - - saved objects - /api/endpoint_list: - post: - description: >- - Create an endpoint exception list, which groups endpoint exception list - items. If an endpoint exception list already exists, an empty response - is returned. - operationId: CreateEndpointList - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Create an endpoint exception list - tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items: - delete: - description: >- - Delete an endpoint exception list item using the `id` or `item_id` - field. - operationId: DeleteEndpointListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Delete an endpoint exception list item - tags: - - Security Endpoint Exceptions API - get: - description: >- - Get the details of an endpoint exception list item using the `id` or - `item_id` field. - operationId: ReadEndpointListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Get an endpoint exception list item - tags: - - Security Endpoint Exceptions API - post: - description: >- - Create an endpoint exception list item, and associate it with the - endpoint exception list. - operationId: CreateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item already exists - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Create an endpoint exception list item - tags: - - Security Endpoint Exceptions API - put: - description: >- - Update an endpoint exception list item using the `id` or `item_id` - field. - operationId: UpdateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Update an endpoint exception list item - tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items/_find: - get: - description: Get a list of all endpoint exception list items. - operationId: FindEndpointListItems - parameters: - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Get endpoint exception list items - tags: - - Security Endpoint Exceptions API - /api/endpoint/action: - get: - description: Get a list of all response actions. - operationId: EndpointGetActionsList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get response actions - tags: - - Security Endpoint Management API - /api/endpoint/action_log/{agent_id}: - get: - deprecated: true - description: Get an action request log for the specified agent ID. - operationId: EndpointGetActionLog - parameters: - - in: path - name: agent_id - required: true - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an action request log - tags: - - Security Endpoint Management API - /api/endpoint/action_status: - get: - description: Get the status of response actions for the specified agent IDs. - operationId: EndpointGetActionsStatus - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agent_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse - description: OK - summary: Get response actions status - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}: - get: - description: Get the details of a response action using the action ID. - operationId: EndpointGetActionsDetails - parameters: - - in: path - name: action_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get action details - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}: - get: - description: Get information for the specified file using the file ID. - operationId: EndpointFileInfo - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get file information - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}/download: - get: - description: Download a file from an endpoint. - operationId: EndpointFileDownload - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Download a file - tags: - - Security Endpoint Management API - /api/endpoint/action/execute: - post: - description: Run a shell command on an endpoint. - operationId: EndpointExecuteAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Run a command - tags: - - Security Endpoint Management API - /api/endpoint/action/get_file: - post: - description: Get a file from an endpoint. - operationId: EndpointGetFileAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a file - tags: - - Security Endpoint Management API - /api/endpoint/action/isolate: - post: - description: >- - Isolate an endpoint from the network. The endpoint remains isolated - until it's released. - operationId: EndpointIsolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Isolate an endpoint - tags: - - Security Endpoint Management API - /api/endpoint/action/kill_process: - post: - description: Terminate a running process on an endpoint. - operationId: EndpointKillProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Terminate a process - tags: - - Security Endpoint Management API - /api/endpoint/action/running_procs: - post: - description: Get a list of all processes running on an endpoint. - operationId: EndpointGetProcessesAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get running processes - tags: - - Security Endpoint Management API - /api/endpoint/action/scan: - post: - description: Scan a specific file or directory on an endpoint for malware. - operationId: EndpointScanAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Scan a file or directory - tags: - - Security Endpoint Management API - /api/endpoint/action/state: - get: - description: >- - Get a response actions state, which reports whether encryption is - enabled. - operationId: EndpointGetActionsState - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse - description: OK - summary: Get actions state - tags: - - Security Endpoint Management API - /api/endpoint/action/suspend_process: - post: - description: Suspend a running process on an endpoint. - operationId: EndpointSuspendProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Suspend a process - tags: - - Security Endpoint Management API - /api/endpoint/action/unisolate: - post: - description: Release an isolated endpoint, allowing it to rejoin a network. - operationId: EndpointUnisolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Release an isolated endpoint - tags: - - Security Endpoint Management API - /api/endpoint/action/upload: - post: - description: Upload a file to an endpoint. - operationId: EndpointUploadAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Upload a file - tags: - - Security Endpoint Management API - /api/endpoint/isolate: - post: - deprecated: true - description: > - Isolate an endpoint from the network. - - > info - - > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/isolate`. - operationId: EndpointIsolateRedirect - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Parameters - required: - - endpoint_ids - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - '308': - description: Permanent Redirect - headers: - Location: - description: Permanently redirects to "/api/endpoint/action/isolate" - schema: - example: /api/endpoint/action/isolate - type: string - summary: Isolate an endpoint - tags: - - Security Endpoint Management API - /api/endpoint/metadata: - get: - operationId: GetEndpointMetadataList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a metadata list - tags: - - Security Endpoint Management API - /api/endpoint/metadata/{id}: - get: - operationId: GetEndpointMetadata - parameters: - - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata - tags: - - Security Endpoint Management API - /api/endpoint/metadata/transforms: - get: - deprecated: true - operationId: GetEndpointMetadataTransform - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata transforms - tags: - - Security Endpoint Management API - /api/endpoint/policy_response: - get: - operationId: GetPolicyResponse - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agentId: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a policy response - tags: - - Security Endpoint Management API - /api/endpoint/policy/summaries: - get: - deprecated: true - operationId: GetAgentPolicySummary - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - package_name: - type: string - policy_id: - nullable: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an agent policy summary - tags: - - Security Endpoint Management API - /api/endpoint/protection_updates_note/{package_policy_id}: - get: - operationId: GetProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Get a protection updates note - tags: - - Security Endpoint Management API - post: - operationId: CreateUpdateProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - note: - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Create or update a protection updates note - tags: - - Security Endpoint Management API - /api/endpoint/suggestions/{suggestion_type}: - post: - deprecated: true - operationId: GetEndpointSuggestions - parameters: - - in: path - name: suggestion_type - required: true - schema: - enum: - - eventFilters - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - field: - type: string - fieldMeta: {} - filters: {} - query: - type: string - required: - - parameters - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get suggestions - tags: - - Security Endpoint Management API - /api/endpoint/unisolate: - post: - deprecated: true - description: > - Release an isolated endpoint, allowing it to rejoin a network. - - > info - - > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/unisolate`. - operationId: EndpointUnisolateRedirect - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agent_type: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AgentTypes - alert_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AlertIds - case_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_CaseIds - comment: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Comment - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Parameters - required: - - endpoint_ids - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - '308': - description: Permanent Redirect - headers: - Location: - description: Permanently redirects to "/api/endpoint/action/unisolate" - schema: - example: /api/endpoint/action/unisolate - type: string - summary: Release an isolated endpoint - tags: - - Security Endpoint Management API - /api/entity_store/engines: - get: - operationId: ListEntityEngines - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - count: - type: integer - engines: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - type: array - description: Successful response - summary: List the Entity Engines - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}: - delete: - operationId: DeleteEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - - description: Control flag to also delete the entity data. - in: query - name: data - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - type: boolean - description: Successful response - summary: Delete the Entity Engine - tags: - - Security Entity Analytics API - get: - operationId: GetEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Get an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/init: - post: - operationId: InitEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - description: Schema for the engine initialization - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Initialize an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/start: - post: - operationId: StartEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - started: - type: boolean - description: Successful response - summary: Start an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stats: - post: - operationId: GetEntityEngineStats - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - indices: - items: - type: object - type: array - status: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineStatus - transforms: - items: - type: object - type: array - type: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityType - description: Successful response - summary: Get Entity Engine stats - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stop: - post: - operationId: StopEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - stopped: - type: boolean - description: Successful response - summary: Stop an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/apply_dataview_indices: - post: - operationId: ApplyEntityEngineDataviewIndices - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Successful response - '207': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - items: - type: string - type: array - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Partial successful response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Error response - summary: Apply DataView indices to all installed engines - tags: - - Security Entity Analytics API - /api/entity_store/entities/list: - get: - description: List entities records, paging, sorting and filtering as needed. - operationId: ListEntities - parameters: - - in: query - name: sort_field - required: false - schema: - type: string - - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - in: query - name: per_page - required: false - schema: - maximum: 10000 - minimum: 1 - type: integer - - description: An ES query to filter by. - in: query - name: filterQuery - required: false - schema: - type: string - - in: query - name: entities_types - required: true - schema: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - inspect: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_InspectQuery - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_Entity - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Entities returned successfully - summary: List Entity Store Entities - tags: - - Security Entity Analytics API - /api/exception_lists: - delete: - description: Delete an exception list using the `id` or `list_id` field. - operationId: DeleteExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Delete an exception list - tags: - - Security Exceptions API - get: - description: Get the details of an exception list using the `id` or `list_id` field. - operationId: ReadExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception list details - tags: - - Security Exceptions API - post: - description: > - An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. - operationId: CreateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion - default: 1 - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create an exception list - tags: - - Security Exceptions API - put: - description: Update an exception list using the `id` or `list_id` field. - operationId: UpdateExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion - required: - - name - - description - - type - description: Exception list's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Update an exception list - tags: - - Security Exceptions API - /api/exception_lists/_duplicate: - post: - description: Duplicate an existing exception list. - operationId: DuplicateExceptionList - parameters: - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list to duplicate not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Duplicate an exception list - tags: - - Security Exceptions API - /api/exception_lists/_export: - post: - description: Export an exception list and its associated items to an NDJSON file. - operationId: ExportExceptionList - parameters: - - description: Exception list's identifier - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: true - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: >- - A `.ndjson` file containing specified exception list and its - items - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Export an exception list - tags: - - Security Exceptions API - /api/exception_lists/_find: - get: - description: Get a list of all exception lists. - operationId: FindExceptionLists - parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: - - - - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of exception lists to return per page - in: query - name: per_page - required: false - schema: - minimum: 1 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionList - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception lists - tags: - - Security Exceptions API - /api/exception_lists/_import: - post: - description: Import an exception list and its associated items from an NDJSON file. - operationId: ImportExceptionList - parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false - schema: - default: false - type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - - list and its items are overwritten. - in: query - name: as_new_list - required: false - schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Import an exception list - tags: - - Security Exceptions API - /api/exception_lists/items: - delete: - description: Delete an exception list item using the `id` or `item_id` field. - operationId: DeleteExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Delete an exception list item - tags: - - Security Exceptions API - get: - description: >- - Get the details of an exception list item using the `id` or `item_id` - field. - operationId: ReadExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list item - tags: - - Security Exceptions API - post: - description: > - Create an exception item and associate it with the specified exception - list. - - > info - - > Before creating exception items, you must create an exception list. - operationId: CreateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType - required: - - list_id - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create an exception list item - tags: - - Security Exceptions API - put: - description: Update an exception list item using the `id` or `item_id` field. - operationId: UpdateExceptionListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Update an exception list item - tags: - - Security Exceptions API - /api/exception_lists/items/_find: - get: - description: Get a list of all exception list items in the specified list. - operationId: FindExceptionListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - type: array - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - default: [] - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter - type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array - - in: query - name: search - required: false - schema: - type: string - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception list items - tags: - - Security Exceptions API - /api/exception_lists/summary: - get: - description: Get a summary of the specified exception list. - operationId: ReadExceptionListSummary - parameters: - - description: Exception list's identifier generated upon creation - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - - description: Search filter clause - in: query - name: filter - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list summary - tags: - - Security Exceptions API - /api/exceptions/shared: - post: - description: > - An exception list groups exception items and can be associated with - detection rules. A shared exception list can apply to multiple detection - rules. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. - operationId: CreateSharedExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - required: - - name - - description - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create a shared exception list - tags: - - Security Exceptions API - /api/fleet/agent_download_sources: - get: - description: List agent binary download sources - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - post: - description: Create agent binary download source - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true - type: string - required: - - name - - host - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - /api/fleet/agent_download_sources/{sourceId}: - delete: - description: Delete agent binary download source by ID - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources%2F%7BsourceId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - get: - description: Get agent binary download source by ID - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources%2F%7BsourceId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - put: - description: Update agent binary download source by ID - operationId: '%2Fapi%2Ffleet%2Fagent_download_sources%2F%7BsourceId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true - type: string - required: - - name - - host - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent binary download sources - /api/fleet/agent_policies: - get: - description: List agent policies - operationId: '%2Fapi%2Ffleet%2Fagent_policies#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - description: use withAgentCount instead - in: query - name: noAgentCount - required: false - schema: - deprecated: true - type: boolean - - description: get policies with agent count - in: query - name: withAgentCount - required: false - schema: - type: boolean - - description: get full policies with package policies populated - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - post: - description: Create an agent policy - operationId: '%2Fapi%2Ffleet%2Fagent_policies#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: sys_monitoring - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: - post: - description: Bulk get agent policies - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F_bulk_get#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}: - get: - description: Get an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - put: - description: Update an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/copy: - post: - description: Copy an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Fcopy#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - description: - type: string - name: - minLength: 1 - type: string - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/download: - get: - description: Download an agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Fdownload#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/full: - get: - description: Get a full agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Ffull#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - download: - additionalProperties: false - type: object - properties: - sourceURI: - type: string - required: - - sourceURI - features: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - type: object - monitoring: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - protection: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - signing_key: - type: string - uninstall_token_hash: - type: string - required: - - enabled - - uninstall_token_hash - - signing_key - required: - - monitoring - - download - - features - fleet: - anyOf: - - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - required: - - hosts - - proxy_headers - - additionalProperties: false - type: object - properties: - kibana: - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - required: - - hosts - - protocol - required: - - kibana - id: - type: string - inputs: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - namespaces: - items: - type: string - type: array - output_permissions: - additionalProperties: - additionalProperties: {} - type: object - type: object - outputs: - additionalProperties: - additionalProperties: true - type: object - properties: - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - type: - type: string - required: - - type - - proxy_headers - type: object - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - signed: - additionalProperties: false - type: object - properties: - data: - type: string - signature: - type: string - required: - - data - - signature - required: - - id - - outputs - - inputs - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/outputs: - get: - description: Get list of outputs associated with agent policy by policy id - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2F%7BagentPolicyId%7D%2Foutputs#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/delete: - post: - description: Delete agent policy by ID - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2Fdelete#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean - required: - - agentPolicyId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/outputs: - post: - description: Get list of outputs associated with agent policies - operationId: '%2Fapi%2Ffleet%2Fagent_policies%2Foutputs#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - description: Get agent status summary - operationId: '%2Fapi%2Ffleet%2Fagent_status#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - deprecated: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - results: - additionalProperties: false - type: object - properties: - active: - type: number - all: - type: number - error: - type: number - events: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - other: - type: number - total: - deprecated: true - type: number - unenrolled: - type: number - updating: - type: number - required: - - events - - total - - online - - error - - offline - - other - - updating - - inactive - - unenrolled - - all - - active - required: - - results - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - description: Get incoming agent data - operationId: '%2Fapi%2Ffleet%2Fagent_status%2Fdata#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: agentsIds - required: true - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: previewData - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - dataPreview: - items: {} - type: array - items: - items: - additionalProperties: - additionalProperties: false - type: object - properties: - data: - type: boolean - required: - - data - type: object - type: array - required: - - items - - dataPreview - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agent-status: - get: - operationId: '%2Fapi%2Ffleet%2Fagent-status#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - deprecated: true - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/agents: - get: - description: List agents - operationId: '%2Fapi%2Ffleet%2Fagents#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false - schema: - default: false - type: boolean - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean - - in: query - name: showUpgradeable - required: false - schema: - default: false - type: boolean - - in: query - name: getStatusSummary - required: false - schema: - default: false - type: boolean - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - type: array - page: - type: number - perPage: - type: number - statusSummary: - additionalProperties: - type: number - type: object - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - post: - description: List agents by action ids - operationId: '%2Fapi%2Ffleet%2Fagents#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionIds: - items: - type: string - type: array - required: - - actionIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/{agentId}: - delete: - description: Delete agent by ID - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - get: - description: Get agent by ID - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentId - required: true - schema: - type: string - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - put: - description: Update agent by ID - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - tags: - items: - type: string - type: array - user_provided_metadata: - additionalProperties: {} - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/{agentId}/actions: - post: - description: Create agent action - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Factions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - anyOf: - - additionalProperties: false - type: object - properties: - ack_data: {} - data: {} - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - required: - - type - - data - - ack_data - - additionalProperties: false - type: object - properties: - data: - additionalProperties: false - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - required: - - log_level - type: - enum: - - SETTINGS - type: string - required: - - type - - data - required: - - action - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/reassign: - post: - description: Reassign agent - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Freassign#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - put: - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Freassign#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/agents/{agentId}/request_diagnostics: - post: - description: Request agent diagnostics - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Frequest_diagnostics#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/unenroll: - post: - description: Unenroll agent - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Funenroll#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - revoke: - type: boolean - responses: {} - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/upgrade: - post: - description: Upgrade agent - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Fupgrade#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - skipRateLimitCheck: - type: boolean - source_uri: - type: string - version: - type: string - required: - - version - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/uploads: - get: - description: List agent uploads - operationId: '%2Fapi%2Ffleet%2Fagents%2F%7BagentId%7D%2Fuploads#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - createTime: - type: string - error: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - EXPIRED - - IN_PROGRESS - - FAILED - type: string - required: - - id - - name - - filePath - - createTime - - status - - actionId - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/action_status: - get: - description: Get agent action status - operationId: '%2Fapi%2Ffleet%2Fagents%2Faction_status#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 0 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: date - required: false - schema: - type: string - - in: query - name: latest - required: false - schema: - type: number - - in: query - name: errorSize - required: false - schema: - default: 5 - type: number - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - hasRolloutPeriod: - type: boolean - latestErrors: - items: - additionalProperties: false - description: >- - latest errors that happened when the agents - executed the action - type: object - properties: - agentId: - type: string - error: - type: string - hostname: - type: string - timestamp: - type: string - required: - - agentId - - error - - timestamp - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: number - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - UPGRADE - - UNENROLL - - SETTINGS - - POLICY_REASSIGN - - CANCEL - - FORCE_UNENROLL - - REQUEST_DIAGNOSTICS - - UPDATE_TAGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - type - - nbAgentsActioned - - status - - creationTime - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/actions/{actionId}/cancel: - post: - description: Cancel agent action - operationId: '%2Fapi%2Ffleet%2Fagents%2Factions%2F%7BactionId%7D%2Fcancel#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: actionId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/available_versions: - get: - description: Get available agent versions - operationId: '%2Fapi%2Ffleet%2Fagents%2Favailable_versions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/bulk_reassign: - post: - description: Bulk reassign agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_reassign#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - policy_id: - type: string - required: - - policy_id - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_request_diagnostics: - post: - description: Bulk request diagnostics from agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_request_diagnostics#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - type: array - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_unenroll: - post: - description: Bulk unenroll agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_unenroll#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - description: KQL query string, leave empty to action all agents - type: string - type: array - - description: list of agent IDs - type: string - batchSize: - type: number - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_update_agent_tags: - post: - description: Bulk update agent tags - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_update_agent_tags#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_upgrade: - post: - description: Bulk upgrade agents - operationId: '%2Fapi%2Ffleet%2Fagents%2Fbulk_upgrade#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - force: - type: boolean - includeInactive: - default: false - type: boolean - rollout_duration_seconds: - minimum: 600 - type: number - skipRateLimitCheck: - type: boolean - source_uri: - type: string - start_time: - type: string - version: - type: string - required: - - agents - - version - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/files/{fileId}: - delete: - description: Delete file uploaded by agent - operationId: '%2Fapi%2Ffleet%2Fagents%2Ffiles%2F%7BfileId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: fileId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - deleted: - type: boolean - id: - type: string - required: - - id - - deleted - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/files/{fileId}/{fileName}: - get: - description: Get file uploaded by agent - operationId: '%2Fapi%2Ffleet%2Fagents%2Ffiles%2F%7BfileId%7D%2F%7BfileName%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/setup: - get: - description: Get agent setup info - operationId: '%2Fapi%2Ffleet%2Fagents%2Fsetup#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: >- - A summary of the agent setup status. `isReady` indicates - whether the setup is ready. If the setup is not ready, - `missing_requirements` lists which requirements are missing. - type: object - properties: - is_secrets_storage_enabled: - type: boolean - is_space_awareness_enabled: - type: boolean - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - security_required - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - post: - description: Initiate agent setup - operationId: '%2Fapi%2Ffleet%2Fagents%2Fsetup#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/agents/tags: - get: - description: List agent tags - operationId: '%2Fapi%2Ffleet%2Fagents%2Ftags#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agents - /api/fleet/check-permissions: - get: - description: Check permissions - operationId: '%2Fapi%2Ffleet%2Fcheck-permissions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: fleetServerSetup - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - error: - enum: - - MISSING_SECURITY - - MISSING_PRIVILEGES - - MISSING_FLEET_SERVER_SETUP_PRIVILEGES - type: string - success: - type: boolean - required: - - success - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/data_streams: - get: - description: List data streams - operationId: '%2Fapi%2Ffleet%2Fdata_streams#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - data_streams: - items: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - title: - type: string - required: - - id - - title - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - serviceDetails: - additionalProperties: false - nullable: true - type: object - properties: - environment: - type: string - serviceName: - type: string - required: - - environment - - serviceName - size_in_bytes: - type: number - size_in_bytes_formatted: - anyOf: - - type: number - - type: string - type: - type: string - required: - - index - - dataset - - namespace - - type - - package - - package_version - - last_activity_ms - - size_in_bytes - - size_in_bytes_formatted - - dashboards - - serviceDetails - type: array - required: - - data_streams - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Data streams - /api/fleet/enrollment_api_keys: - get: - description: List enrollment API keys - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - - list - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - post: - description: Create enrollment API key - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - expiration: - type: string - name: - type: string - policy_id: - type: string - required: - - policy_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - created - type: string - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - - action - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - /api/fleet/enrollment_api_keys/{keyId}: - delete: - description: Revoke enrollment API key by ID by marking it as inactive - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys%2F%7BkeyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - get: - description: Get enrollment API key by ID - operationId: '%2Fapi%2Ffleet%2Fenrollment_api_keys%2F%7BkeyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - /api/fleet/enrollment-api-keys: - get: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: {} - summary: '' - tags: [] - post: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - expiration: - type: string - name: - type: string - policy_id: - type: string - required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/enrollment-api-keys/{keyId}: - delete: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys%2F%7BkeyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - get: - operationId: '%2Fapi%2Ffleet%2Fenrollment-api-keys%2F%7BkeyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/epm/bulk_assets: - post: - description: Bulk get assets - operationId: '%2Fapi%2Ffleet%2Fepm%2Fbulk_assets#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - assetIds: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - id - - type - type: array - required: - - assetIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - appLink: - type: string - attributes: - additionalProperties: false - type: object - properties: - description: - type: string - service: - type: string - title: - type: string - id: - type: string - type: - type: string - updatedAt: - type: string - required: - - id - - type - - attributes - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: - get: - description: List package categories - operationId: '%2Fapi%2Ffleet%2Fepm%2Fcategories#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: include_policy_templates - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - additionalProperties: false - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/custom_integrations: - post: - description: Create custom integration - operationId: '%2Fapi%2Ffleet%2Fepm%2Fcustom_integrations#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - datasets: - items: - additionalProperties: false - type: object - properties: - name: - type: string - type: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - required: - - name - - type - type: array - force: - type: boolean - integrationName: - type: string - required: - - integrationName - - datasets - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/data_streams: - get: - description: List data streams - operationId: '%2Fapi%2Ffleet%2Fepm%2Fdata_streams#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: type - required: false - schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: datasetQuery - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - default: asc - enum: - - asc - - desc - type: string - - in: query - name: uncategorisedOnly - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Data streams - /api/fleet/epm/packages: - get: - description: List packages - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: category - required: false - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: excludeInstallStatus - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array - response: - items: - additionalProperties: true - deprecated: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - post: - description: Install package by upload - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - responses: - '200': - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: - post: - description: Bulk install packages - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F_bulk#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - name: - type: string - prerelease: - type: boolean - version: - type: string - required: - - name - - version - minItems: 1 - type: array - required: - - packages - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgkey}: - delete: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#3' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: {} - summary: '' - tags: [] - get: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: withMetadata - required: false - schema: - default: false - type: boolean - responses: {} - summary: '' - tags: [] - post: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: {} - summary: '' - tags: [] - put: - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7Bpkgkey%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate - responses: {} - summary: '' - tags: [] - /api/fleet/epm/packages/{pkgName}/{pkgVersion}: - delete: - description: Delete package - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#3' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - get: - description: Get package - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: withMetadata - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - metadata: - additionalProperties: false - type: object - properties: - has_policies: - type: boolean - required: - - has_policies - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - post: - description: Install package from registry - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - default: false - type: boolean - ignore_constraints: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - put: - description: Update package settings - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}: - get: - description: Get package file - operationId: >- - %2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D%2F%7BfilePath*%7D#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: - post: - description: Authorize transforms - operationId: >- - %2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2F%7BpkgVersion%7D%2Ftransforms%2Fauthorize#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - transforms: - items: - additionalProperties: false - type: object - properties: - transformId: - type: string - required: - - transformId - type: array - required: - - transforms - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - error: - nullable: true - success: - type: boolean - transformId: - type: string - required: - - transformId - - success - - error - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/stats: - get: - description: Get package stats - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2F%7BpkgName%7D%2Fstats#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - response: - additionalProperties: false - type: object - properties: - agent_policy_count: - type: number - required: - - agent_policy_count - required: - - response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/installed: - get: - description: Get installed packages - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2Finstalled#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: dataStreamType - required: false - schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: showOnlyActiveDataStreams - required: false - schema: - type: boolean - - in: query - name: nameQuery - required: false - schema: - type: string - - in: query - name: searchAfter - required: false - schema: - items: - anyOf: - - type: string - - type: number - type: array - - in: query - name: perPage - required: false - schema: - default: 15 - type: number - - in: query - name: sortOrder - required: false - schema: - default: asc - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - dataStreams: - items: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - required: - - name - - title - type: array - description: - type: string - icons: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - name: - type: string - status: - type: string - title: - type: string - version: - type: string - required: - - name - - version - - status - - dataStreams - type: array - searchAfter: - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: [] - nullable: true - - {} - type: array - total: - type: number - required: - - items - - total - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/limited: - get: - description: Get limited package list - operationId: '%2Fapi%2Ffleet%2Fepm%2Fpackages%2Flimited#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - response: - deprecated: true - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: - get: - description: Get inputs template - operationId: >- - %2Fapi%2Ffleet%2Fepm%2Ftemplates%2F%7BpkgName%7D%2F%7BpkgVersion%7D%2Finputs#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - default: json - enum: - - json - - yml - - yaml - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - inputs: - items: - additionalProperties: false - type: object - properties: - id: - type: string - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - required: - - id - - type - type: array - required: - - inputs - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/verification_key_id: - get: - description: Get a package signature verification key ID - operationId: '%2Fapi%2Ffleet%2Fepm%2Fverification_key_id#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - nullable: true - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/fleet_server_hosts: - get: - description: List Fleet Server hosts - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - post: - description: Create Fleet Server host - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - name - - host_urls - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - /api/fleet/fleet_server_hosts/{itemId}: - delete: - description: Delete Fleet Server host by ID - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts%2F%7BitemId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - get: - description: Get Fleet Server host by ID - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts%2F%7BitemId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - put: - description: Update Fleet Server host by ID - operationId: '%2Fapi%2Ffleet%2Ffleet_server_hosts%2F%7BitemId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - proxy_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet Server hosts - /api/fleet/health_check: - post: - description: Check Fleet Server health - operationId: '%2Fapi%2Ffleet%2Fhealth_check#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - required: - - id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - deprecated: true - type: string - host_id: - type: string - name: - type: string - status: - type: string - required: - - status - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/kubernetes: - get: - description: Get full K8s agent manifest - operationId: '%2Fapi%2Ffleet%2Fkubernetes#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - type: string - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/kubernetes/download: - get: - operationId: '%2Fapi%2Ffleet%2Fkubernetes%2Fdownload#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/logstash_api_keys: - post: - description: Generate Logstash API key - operationId: '%2Fapi%2Ffleet%2Flogstash_api_keys#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - api_key: - type: string - required: - - api_key - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/message_signing_service/rotate_key_pair: - post: - description: Rotate fleet message signing key pair - operationId: '%2Fapi%2Ffleet%2Fmessage_signing_service%2Frotate_key_pair#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: acknowledge - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Message Signing Service - /api/fleet/outputs: - get: - description: List outputs - operationId: '%2Fapi%2Ffleet%2Foutputs#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - post: - description: Create output - operationId: '%2Fapi%2Ffleet%2Foutputs#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}: - delete: - description: Delete output by ID - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - get: - description: Get output by ID - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - put: - description: Update output by ID - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - compression_level - - connection_type - - username - - password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}/health: - get: - description: Get latest output health - operationId: '%2Fapi%2Ffleet%2Foutputs%2F%7BoutputId%7D%2Fhealth#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - required: - - state - - message - - timestamp - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/package_policies: - get: - description: List package policies - operationId: '%2Fapi%2Ffleet%2Fpackage_policies#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - - in: query - name: withAgentCount - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - post: - description: Create package policy - operationId: '%2Fapi%2Ffleet%2Fpackage_policies#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - description: >- - Force package policy creation even if package is not - verified, or if the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - required: - - name - - inputs - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - description: >- - You should use inputs as an object and not use the deprecated - inputs array. - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: - post: - description: Bulk get package policies - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F_bulk_get#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/{packagePolicyId}: - delete: - description: Delete package policy by ID - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F%7BpackagePolicyId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - get: - description: Get package policy by ID - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F%7BpackagePolicyId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet package policies - put: - description: Update package policy by ID - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2F%7BpackagePolicyId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - type: boolean - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - version: - type: string - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - description: Bulk delete package policies - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2Fdelete#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Use `policy_ids` instead - nullable: true - type: string - policy_ids: - items: - type: string - type: array - statusCode: - type: number - success: - type: boolean - required: - - id - - success - - policy_ids - - package - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - description: Upgrade package policy to a newer package version - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2Fupgrade#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - statusCode: - type: number - success: - type: boolean - required: - - id - - success - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - description: Dry run package policy upgrade - operationId: '%2Fapi%2Ffleet%2Fpackage_policies%2Fupgrade%2Fdryrun#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: - type: string - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - agent_diff: - items: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - required: - - package - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - type: array - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - diff: - items: - anyOf: - - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default - to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are - available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - revision - - updated_at - - updated_by - - created_at - - created_by - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - errors: - items: - additionalProperties: false - type: object - properties: - key: - type: string - message: - type: string - required: - - message - type: array - force: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - type: array - is_managed: - type: boolean - missingVars: - items: - type: string - type: array - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - name - - enabled - - inputs - type: array - hasErrors: - type: boolean - name: - type: string - statusCode: - type: number - required: - - hasErrors - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/proxies: - get: - description: List proxies - operationId: '%2Fapi%2Ffleet%2Fproxies#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - post: - description: Create proxy - operationId: '%2Fapi%2Ffleet%2Fproxies#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - url - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - /api/fleet/proxies/{itemId}: - delete: - description: Delete proxy by ID - operationId: '%2Fapi%2Ffleet%2Fproxies%2F%7BitemId%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - get: - description: Get proxy by ID - operationId: '%2Fapi%2Ffleet%2Fproxies%2F%7BitemId%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - put: - description: Update proxy by ID - operationId: '%2Fapi%2Ffleet%2Fproxies%2F%7BitemId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - proxy_headers - - certificate_authorities - - certificate - - certificate_key - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - description: Create a service token - operationId: '%2Fapi%2Ffleet%2Fservice_tokens#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - remote: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - name: - type: string - value: - type: string - required: - - name - - value - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet service tokens - /api/fleet/service-tokens: - post: - description: Create a service token - operationId: '%2Fapi%2Ffleet%2Fservice-tokens#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/settings: - get: - description: Get settings - operationId: '%2Fapi%2Ffleet%2Fsettings#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - put: - description: Update settings - operationId: '%2Fapi%2Ffleet%2Fsettings#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - additional_yaml_config: - type: string - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - format: uri - type: string - type: array - has_seen_add_data_notice: - type: boolean - kibana_ca_sha256: - type: string - kibana_urls: - items: - format: uri - type: string - type: array - prerelease_integrations_enabled: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/setup: - post: - description: Initiate Fleet setup - operationId: '%2Fapi%2Ffleet%2Fsetup#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Internal Server Error - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/uninstall_tokens: - get: - description: List metadata for latest uninstall tokens per agent policy - operationId: '%2Fapi%2Ffleet%2Funinstall_tokens#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Partial match filtering for policy IDs - in: query - name: policyId - required: false - schema: - maxLength: 50 - type: string - - in: query - name: search - required: false - schema: - maxLength: 50 - type: string - - description: The number of items to return - in: query - name: perPage - required: false - schema: - minimum: 5 - type: number - - in: query - name: page - required: false - schema: - minimum: 1 - type: number - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet uninstall tokens - /api/fleet/uninstall_tokens/{uninstallTokenId}: - get: - description: Get one decrypted uninstall token by its ID - operationId: '%2Fapi%2Ffleet%2Funinstall_tokens%2F%7BuninstallTokenId%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: uninstallTokenId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - token: - type: string - required: - - id - - policy_id - - created_at - - token - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet uninstall tokens - /api/lists: - delete: - description: | - Delete a list using the list ID. - > info - > When you delete a list, all of its list items are also deleted. - operationId: DeleteList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query - name: deleteReferences - required: false - schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list - tags: - - Security Lists API - get: - description: Get the details of a list using the list ID. - operationId: ReadList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list details - tags: - - Security Lists API - patch: - description: Update specific fields of an existing list using the list ID. - operationId: PatchList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list - tags: - - Security Lists API - post: - description: Create a new list. - operationId: CreateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list - tags: - - Security Lists API - put: - description: > - Update a list using the list ID. The original list is replaced, and all - unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - - name - - description - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list - tags: - - Security Lists API - /api/lists/_find: - get: - description: >- - Get a paginated subset of lists. By default, the first page is returned, - with 20 results per page. - operationId: FindLists - parameters: - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get lists - tags: - - Security Lists API - /api/lists/index: - delete: - description: Delete the `.lists` and `.items` data streams. - operationId: DeleteListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete list data streams - tags: - - Security Lists API - get: - description: Verify that `.lists` and `.items` data streams exist. - operationId: ReadListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream(s) not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get status of list data streams - tags: - - Security Lists API - post: - description: Create `.lists` and `.items` data streams in the relevant space. - operationId: CreateListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create list data streams - tags: - - Security Lists API - /api/lists/items: - delete: - description: Delete a list item using its `id`, or its `list_id` and `value` fields. - operationId: DeleteListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list item - tags: - - Security Lists API - get: - description: Get the details of a list item. - operationId: ReadListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get a list item - tags: - - Security Lists API - patch: - description: Update specific fields of an existing list item using the list item ID. - operationId: PatchListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list item - tags: - - Security Lists API - post: - description: > - Create a list item and associate it with the specified list. - - - All list items in the same list must be the same type. For example, each - list item in an `ip` list must define a specific IP address. - - > info - - > Before creating a list item, you must create a list. - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list item - tags: - - Security Lists API - put: - description: > - Update a list item using the list item ID. The original list item is - replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list item - tags: - - Security Lists API - /api/lists/items/_export: - post: - description: Export list item values from the specified list. - operationId: ExportListItems - parameters: - - description: List's id to export - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Export list items - tags: - - Security Lists API - /api/lists/items/_find: - get: - description: Get all list items in the specified list. - operationId: FindListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor - data: - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list items - tags: - - Security Lists API - /api/lists/items/_import: - post: - description: > - Import list items from a TXT or CSV file. The maximum file size is 9 - million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems - parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListType' - - in: query - name: serializer - required: false - schema: - type: string - - in: query - name: deserializer - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - enum: - - 'true' - - 'false' - - wait_for - type: string - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Import list items - tags: - - Security Lists API - /api/lists/privileges: - get: - operationId: ReadListPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' - required: - - lists - - listItems - - is_authenticated - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list privileges - tags: - - Security Lists API - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync saved objects in the default space - tags: - - ml - /api/note: - delete: - description: Delete a note from a Timeline using the note ID. - operationId: DeleteNote - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds - description: The ID of the note to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - description: Indicates the note was successfully deleted. - summary: Delete a note - tags: - - Security Timeline API - - access:securitySolution - get: - description: Get all notes for a given document. - operationId: GetNotes - parameters: - - in: query - name: documentIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - - in: query - name: savedObjectIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' - - in: query - name: page - schema: - nullable: true - type: string - - in: query - name: perPage - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: sortField - schema: - nullable: true - type: string - - in: query - name: sortOrder - schema: - nullable: true - type: string - - in: query - name: filter - schema: - nullable: true - type: string - - in: query - name: userFilter - schema: - nullable: true - type: string - - in: query - name: associatedFilter - schema: - $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' - - type: object - description: Indicates the requested notes were returned. - summary: Get notes - tags: - - Security Timeline API - - access:securitySolution - patch: - description: Add a note to a Timeline or update an existing note. - operationId: PersistNoteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true - type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - noteId: - nullable: true - type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true - type: string - required: - - note - description: The note to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote - required: - - persistNote - required: - - data - description: Indicates the note was successfully created. - summary: Add or update a note - tags: - - Security Timeline API - - access:securitySolution - /api/osquery/live_queries: - get: - description: Get a list of all live queries. - operationId: OsqueryFindLiveQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live queries - tags: - - Security Osquery API - post: - description: Create and run a live query. - operationId: OsqueryCreateLiveQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Osquery API - /api/osquery/live_queries/{id}: - get: - description: Get the details of a live query using the query ID. - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - schema: - additionalProperties: true - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details - tags: - - Security Osquery API - /api/osquery/live_queries/{id}/results/{actionId}: - get: - description: Get the results of a live query using the query action ID. - operationId: OsqueryGetLiveQueryResults - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: path - name: actionId - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Osquery API - /api/osquery/packs: - get: - description: Get a list of all query packs. - operationId: OsqueryFindPacks - parameters: - - in: query - name: query - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs - tags: - - Security Osquery API - post: - description: Create a query pack. - operationId: OsqueryCreatePacks - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a pack - tags: - - Security Osquery API - /api/osquery/packs/{id}: - delete: - description: Delete a query pack using the pack ID. - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a pack - tags: - - Security Osquery API - get: - description: Get the details of a query pack using the pack ID. - operationId: OsqueryGetPacksDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get pack details - tags: - - Security Osquery API - put: - description: | - Update a query pack using the pack ID. - > info - > You cannot update a prebuilt pack. - operationId: OsqueryUpdatePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a pack - tags: - - Security Osquery API - /api/osquery/saved_queries: - get: - description: Get a list of all saved queries. - operationId: OsqueryFindSavedQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved queries - tags: - - Security Osquery API - post: - description: Create and run a saved query. - operationId: OsqueryCreateSavedQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Osquery API - /api/osquery/saved_queries/{id}: - delete: - description: Delete a saved query using the query ID. - operationId: OsqueryDeleteSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a saved query - tags: - - Security Osquery API - get: - description: Get the details of a saved query using the query ID. - operationId: OsqueryGetSavedQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Osquery API - put: - description: | - Update a saved query using the query ID. - > info - > You cannot update a prebuilt saved query. - operationId: OsqueryUpdateSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a saved query - tags: - - Security Osquery API - /api/pinned_event: - patch: - description: Pin an event to an existing Timeline. - operationId: PersistPinnedEventRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse - required: - - persistPinnedEventOnTimeline - required: - - data - description: Indicates the event was successfully pinned to the Timeline. - summary: Pin an event - tags: - - Security Timeline API - - access:securitySolution - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse - description: Unexpected error - summary: Cleanup the Risk Engine - tags: - - Security Entity Analytics API - /api/risk_score/engine/schedule_now: - post: - description: >- - Schedule the risk scoring engine to run as soon as possible. You can use - this to recalculate entity risk scores after updating their asset - criticality. - operationId: ScheduleRiskEngineNow - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: {} - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse - description: Unexpected error - summary: Run the risk scoring engine - tags: - - Security Entity Analytics API - /api/saved_objects/_bulk_create: - post: - deprecated: true - operationId: bulkCreateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: When true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Create saved objects - tags: - - saved objects - /api/saved_objects/_bulk_delete: - post: - deprecated: true - description: | - WARNING: When you delete a saved object, it cannot be recovered. - operationId: bulkDeleteSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Delete saved objects - tags: - - saved objects - /api/saved_objects/_bulk_get: - post: - deprecated: true - operationId: bulkGetSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Get saved objects - tags: - - saved objects - /api/saved_objects/_bulk_resolve: - post: - deprecated: true - description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. - operationId: bulkResolveSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Resolve saved objects - tags: - - saved objects - /api/saved_objects/_bulk_update: - post: - deprecated: true - description: Update the attributes for multiple Kibana saved objects. - operationId: bulkUpdateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Update saved objects - tags: - - saved objects - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_find: - get: - deprecated: true - description: Retrieve a paginated set of Kibana saved objects. - operationId: findSavedObjects - parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - in: query - name: aggs - schema: - type: string - - description: The default operator to use for the `simple_query_string`. - in: query - name: default_search_operator - schema: - type: string - - description: The fields to return in the attributes key of the response. - in: query - name: fields - schema: - oneOf: - - type: string - - type: array - - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - in: query - name: has_no_reference - schema: - type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - in: query - name: has_no_reference_operator - schema: - type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. - in: query - name: has_reference - schema: - type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - in: query - name: has_reference_operator - schema: - type: string - - description: The page of objects to return. - in: query - name: page - schema: - type: integer - - description: The number of objects to return per page. - in: query - name: per_page - schema: - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. - in: query - name: sort_field - schema: - type: string - - description: The saved object types to include. - in: query - name: type - required: true - schema: - oneOf: - - type: string - - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Search for saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/saved_objects/_resolve_import_errors: - post: - description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: resolveImportErrors - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. - in: query - name: createNewCopies - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request - schema: - type: object - properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. - items: - type: object - properties: - destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. - type: string - id: - description: The saved object ID. - type: string - ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. - type: boolean - overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. - type: boolean - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. - items: - type: object - properties: - from: - type: string - to: - type: string - type: - type: string - type: array - type: - description: The saved object type. - type: string - required: - - type - - id - type: array - required: - - retries - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response - schema: - type: object - properties: - errors: - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. - items: - type: object - type: array - success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve import errors - tags: - - saved objects - /api/saved_objects/{type}: - post: - deprecated: true - description: Create a Kibana saved object with a randomly generated identifier. - operationId: createSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: If true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object - tags: - - saved objects - /api/saved_objects/{type}/{id}: - get: - deprecated: true - description: Retrieve a single Kibana saved object by identifier. - operationId: getSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Get a saved object - tags: - - saved objects - post: - deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - operationId: createSavedObjectId - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: If true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object - tags: - - saved objects - put: - deprecated: true - description: Update the attributes for Kibana saved objects. - operationId: updateSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates the object was not found. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Update a saved object - tags: - - saved objects - /api/saved_objects/resolve/{type}/{id}: - get: - deprecated: true - description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - operationId: resolveSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve a saved object - tags: - - saved objects - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to anonymization fields - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: - get: - description: Get a list of all anonymization fields. - operationId: FindAnonymizationFields - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get anonymization fields - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a model response - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Get a list of all conversations for the current user. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get conversations - tags: - - Security AI Assistant API - - Conversations API - /api/security_ai_assistant/current_user/conversations/{id}: - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Delete a conversation - tags: - - Security AI Assistant API - - Conversation API - get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get a conversation - tags: - - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Update a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to prompts - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: - get: - description: Get a list of all prompts. - operationId: FindPrompts - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get prompts - tags: - - Security AI Assistant API - - Prompts API - /api/security/role: - get: - operationId: '%2Fapi%2Fsecurity%2Frole#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: {} - summary: Get all roles - tags: - - roles - /api/security/role/{name}: - delete: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - minLength: 1 - type: string - responses: {} - summary: Delete a role - tags: - - roles - get: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: name - required: true - schema: - minLength: 1 - type: string - - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: {} - summary: Get a role - tags: - - roles - put: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - maxLength: 1024 - minLength: 1 - type: string - - in: query - name: createOnly - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - description: - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - clusters: - items: - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - type: string - type: array - - items: - type: string - type: array - feature: - additionalProperties: - items: - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - responses: {} - summary: Create or update a role - tags: - - roles - /api/security/roles: - post: - operationId: '%2Fapi%2Fsecurity%2Froles#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - clusters: - items: - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - type: string - type: array - - items: - type: string - type: array - feature: - additionalProperties: - items: - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object - required: - - roles - responses: {} - summary: Create or update roles - tags: - - roles - /api/spaces/_copy_saved_objects: - post: - description: >- - It also allows you to automatically copy related objects, so when you - copy a dashboard, this can automatically copy over the associated - visualizations, data views, and saved searches, as required. You can - request to overwrite any objects that already exist in the target space - if they share an identifier or you can use the resolve copy saved - objects conflicts API to do this on a per-object basis. - operationId: '%2Fapi%2Fspaces%2F_copy_saved_objects#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - description: >- - Apply various adjustments to the saved objects that are - being copied to maintain compatibility between different - Kibana versions. Use this option only if you encounter - issues with copied saved objects. This option cannot be used - with the `createNewCopies` option. - type: boolean - createNewCopies: - default: true - description: >- - Create new copies of saved objects, regenerate each object - identifier, and reset the origin. When used, potential - conflict errors are avoided. This option cannot be used - with the `overwrite` and `compatibilityMode` options. - type: boolean - includeReferences: - default: false - description: >- - When set to true, all saved objects related to the specified - saved objects will also be copied into the target spaces. - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to copy. - type: string - type: - description: The type of the saved object to copy. - type: string - required: - - type - - id - type: array - overwrite: - default: false - description: >- - When set to true, all conflicts are automatically - overridden. When a saved object with a matching type and - identifier exists in the target space, that version is - replaced with the version from the source space. This option - cannot be used with the `createNewCopies` option. - type: boolean - spaces: - items: - description: >- - The identifiers of the spaces where you want to copy the - specified objects. - type: string - type: array - required: - - spaces - - objects - responses: {} - summary: Copy saved objects between spaces - tags: - - spaces - /api/spaces/_disable_legacy_url_aliases: - post: - operationId: '%2Fapi%2Fspaces%2F_disable_legacy_url_aliases#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - aliases: - items: - additionalProperties: false - type: object - properties: - sourceId: - description: >- - The alias source object identifier. This is the legacy - object identifier. - type: string - targetSpace: - description: The space where the alias target object exists. - type: string - targetType: - description: 'The type of alias target object. ' - type: string - required: - - targetSpace - - targetType - - sourceId - type: array - required: - - aliases - responses: {} - summary: Disable legacy URL aliases - tags: - - spaces - /api/spaces/_get_shareable_references: - post: - description: Collect references and space contexts for saved objects. - operationId: '%2Fapi%2Fspaces%2F_get_shareable_references#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - required: - - objects - responses: {} - summary: Get shareable references - tags: - - spaces - /api/spaces/_resolve_copy_saved_objects_errors: - post: - description: >- - Overwrite saved objects that are returned as errors from the copy saved - objects to space API. - operationId: '%2Fapi%2Fspaces%2F_resolve_copy_saved_objects_errors#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - type: boolean - createNewCopies: - default: true - type: boolean - includeReferences: - default: false - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - retries: - additionalProperties: - items: - additionalProperties: false - type: object - properties: - createNewCopy: - description: >- - Creates new copies of the saved objects, regenerates - each object ID, and resets the origin. - type: boolean - destinationId: - description: >- - Specifies the destination identifier that the copied - object should have, if different from the current - identifier. - type: string - id: - description: The saved object identifier. - type: string - ignoreMissingReferences: - description: >- - When set to true, any missing references errors are - ignored. - type: boolean - overwrite: - default: false - description: >- - When set to true, the saved object from the source - space overwrites the conflicting object in the - destination space. - type: boolean - type: - description: The saved object type. - type: string - required: - - type - - id - type: array - type: object - required: - - retries - - objects - responses: {} - summary: Resolve conflicts copying saved objects - tags: [] - /api/spaces/_update_objects_spaces: - post: - description: Update one or more saved objects to add or remove them from some spaces. - operationId: '%2Fapi%2Fspaces%2F_update_objects_spaces#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to update. - type: string - type: - description: The type of the saved object to update. - type: string - required: - - type - - id - type: array - spacesToAdd: - items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. - type: string - type: array - spacesToRemove: - items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. - type: string - type: array - required: - - objects - - spacesToAdd - - spacesToRemove - responses: {} - summary: Update saved objects in spaces - tags: - - spaces - /api/spaces/space: - get: - operationId: '%2Fapi%2Fspaces%2Fspace#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: - '200': - description: Indicates a successful call. - summary: Get all spaces - tags: - - spaces - post: - operationId: '%2Fapi%2Fspaces%2Fspace#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Create a space - tags: - - spaces - /api/spaces/space/{id}: - delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '404': - description: Indicates that the request failed. - summary: Delete a space - tags: - - spaces - get: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - description: Indicates a successful call. - summary: Get a space - tags: - - spaces - put: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Update a space - tags: - - spaces - /api/status: - get: - operationId: '%2Fapi%2Fstatus#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /api/timeline: - delete: - description: Delete one or more Timelines or Timeline templates. - operationId: DeleteTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - savedObjectIds: - items: - type: string - type: array - searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines - items: - type: string - type: array - required: - - savedObjectIds - description: The IDs of the Timelines or Timeline templates to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline - required: - - data - description: Indicates the Timeline was successfully deleted. - summary: Delete Timelines or Timeline templates - tags: - - Security Timeline API - - access:securitySolution - get: - description: Get the details of an existing saved Timeline or Timeline template. - operationId: GetTimeline - parameters: - - description: The ID of the template timeline to retrieve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the Timeline to retrieve. - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - required: - - getOneTimeline - required: - - data - - additionalProperties: false - type: object - description: Indicates that the (template) Timeline was found and returned. - summary: Get Timeline or Timeline template details - tags: - - Security Timeline API - - access:securitySolution - patch: - description: >- - Update an existing Timeline. You can update the title, description, date - range, pinned events, pinned queries, and/or pinned saved queries of an - existing Timeline. - operationId: PatchTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - timelineId - - version - - timeline - description: The Timeline updates, along with the Timeline ID and version. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates that the user does not have the required access to create - a draft Timeline. - summary: Update a Timeline - tags: - - Security Timeline API - - access:securitySolution - post: - description: Create a new Timeline or Timeline template. - operationId: CreateTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - status: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - version: - nullable: true - type: string - required: - - timeline - description: >- - The required Timeline fields used to create a new Timeline, along with - optional fields that will be created if not provided. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates the Timeline was successfully created. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that there was an error in the Timeline creation. - summary: Create a Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_copy: - get: - description: | - Copies and returns a timeline or timeline template. - operationId: CopyTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineIdToCopy: - type: string - required: - - timeline - - timelineIdToCopy - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the timeline has been successfully copied. - summary: Copies timeline or timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_draft: - get: - description: >- - Get the details of the draft Timeline or Timeline template for the - current user. If the user doesn't have a draft Timeline, an empty - Timeline is returned. - operationId: GetDraftTimelines - parameters: - - in: query - name: timelineType - required: true - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the draft Timeline was successfully retrieved. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - If a draft Timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft Timeline. - '409': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - This should never happen, but if a draft Timeline was not found and - we attempted to create one, it indicates that there is already a - draft Timeline with the given `timelineId`. - summary: Get draft Timeline or Timeline template details - tags: - - Security Timeline API - - access:securitySolution - post: - description: > - Create a clean draft Timeline or Timeline template for the current user. - - > info - - > If the user already has a draft Timeline, the existing draft Timeline - is cleared and returned. - operationId: CleanDraftTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - required: - - timelineType - description: >- - The type of Timeline to create. Valid values are `default` and - `template`. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft Timeline. - '409': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that there is already a draft Timeline with the given - `timelineId`. - summary: Create a clean draft Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_export: - post: - description: Export Timelines as an NDJSON file. - operationId: ExportTimelines - parameters: - - description: The name of the file to export - in: query - name: file_name - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array - description: The IDs of the Timelines to export. - required: true - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: NDJSON of the exported Timelines - type: string - description: Indicates the Timelines were successfully exported. - '400': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that the export size limit was exceeded. - summary: Export Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_favorite: - patch: - description: Favorite a Timeline or Timeline template for the current user. - operationId: PersistFavoriteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType - description: The required fields used to favorite a (template) Timeline. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistFavorite: - $ref: >- - #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse - required: - - persistFavorite - required: - - data - description: Indicates the favorite status was successfully updated. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. - summary: Favorite a Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_import: - post: - description: Import Timelines. - operationId: ImportTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: {} - isImmutable: - enum: - - 'true' - - 'false' - type: string - required: - - file - description: The Timelines to import as a readable stream. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the import of Timelines was successful. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: >- - Indicates the import of Timelines was unsuccessful because of an - invalid file extension. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - statusCode: - type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: Indicates the import of Timelines was unsuccessful. - summary: Import Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_prepackaged: - post: - description: Install or update prepackaged Timelines. - operationId: InstallPrepackedTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject - nullable: true - type: array - timelinesToInstall: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - timelinesToUpdate: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines - description: The Timelines to install or update. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the installation of prepackaged Timelines was successful. - '500': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the installation of prepackaged Timelines was - unsuccessful. - summary: Install prepackaged Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/resolve: - get: - operationId: ResolveTimeline - parameters: - - description: The ID of the template timeline to resolve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to resolve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Timeline_API_ResolvedTimeline - required: - - data - - additionalProperties: false - type: object - description: The (template) Timeline has been found - '400': - description: The request is missing parameters - '404': - description: The (template) Timeline was not found - summary: Get an existing saved Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timelines: - get: - description: Get a list of all saved Timelines or Timeline templates. - operationId: GetTimelines - parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. - in: query - name: only_user_favorite - schema: - enum: - - 'true' - - 'false' - nullable: true - type: string - - in: query - name: timeline_type - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - - in: query - name: sort_field - schema: - $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' - - in: query - name: sort_order - schema: - enum: - - asc - - desc - type: string - - in: query - name: page_size - schema: - nullable: true - type: string - - in: query - name: page_index - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: status - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - customTemplateTimelineCount: - type: number - defaultTimelineCount: - type: number - elasticTemplateTimelineCount: - type: number - favoriteCount: - type: number - templateTimelineCount: - type: number - timeline: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - type: array - totalCount: - type: number - required: - - timeline - - totalCount - description: Indicates that the (template) Timelines were found and returned. - '400': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Bad request. The user supplied invalid data. - summary: Get Timelines or Timeline templates - tags: - - Security Timeline API - - access:securitySolution - /s/{spaceId}/api/observability/slos: - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: The page to use for pagination, must be greater or equal than 1 - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs - tags: - - slo - post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - summary: Create an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/_delete_instances: - post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - summary: Batch delete rollup and summary data - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}: - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO - tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/_reset: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/disable: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/enable: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO - tags: - - slo -components: - examples: - Alerting_get_health_response: - summary: Retrieve information about the health of the alerting framework. - value: - alerting_framework_health: - decryption_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - execution_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - read_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - has_permanent_encryption_key: true - is_sufficiently_secure: true - Alerting_get_rule_types_response: - summary: Retrieve rule types associated with Kibana machine learning features - value: - - action_groups: - - id: anomaly_score_match - name: Anomaly score matched the condition - - id: recovered - name: Recovered - action_variables: - context: - - description: The bucket timestamp of the anomaly - name: timestamp - - description: The bucket time of the anomaly in ISO8601 format - name: timestampIso8601 - - description: List of job IDs that triggered the alert - name: jobIds - - description: Alert info message - name: message - - description: Indicate if top hits contain interim results - name: isInterim - - description: Anomaly score at the time of the notification action - name: score - - description: Top records - name: topRecords - - description: Top influencers - name: topInfluencers - - description: URL to open in the Anomaly Explorer - name: anomalyExplorerUrl - useWithTripleBracesInTemplates: true - params: [] - state: [] - alerts: - context: ml.anomaly-detection - mappings: - fieldMap: - kibana.alert.anomaly_score: - array: false - type: double - required: false - kibana.alert.anomaly_timestamp: - array: false - type: date - required: false - kibana.alert.is_interim: - array: false - type: boolean - required: false - kibana.alert.job_id: - array: false - type: keyword - required: true - kibana.alert.top_influencers: - array: true - dynamic: false - type: object - properties: - influencer_field_name: - type: keyword - influencer_field_value: - type: keyword - influencer_score: - type: double - initial_influencer_score: - type: double - is_interim: - type: boolean - job_id: - type: keyword - timestamp: - type: date - required: false - kibana.alert.top_records: - array: true - dynamic: false - type: object - properties: - actual: - type: double - by_field_name: - type: keyword - by_field_value: - type: keyword - detector_index: - type: integer - field_name: - type: keyword - function: - type: keyword - initial_record_score: - type: double - is_interim: - type: boolean - job_id: - type: keyword - over_field_name: - type: keyword - over_field_value: - type: keyword - partition_field_name: - type: keyword - partition_field_value: - type: keyword - record_score: - type: double - timestamp: - type: date - typical: - type: double - required: false - shouldWrite: true - authorized_consumers: - alerts: - all: true - read: true - apm: - all: true - read: true - discover: - all: true - read: true - infrastructure: - all: true - read: true - logs: - all: true - read: true - ml: - all: true - read: true - monitoring: - all: true - read: true - siem: - all: true - read: true - slo: - all: true - read: true - stackAlerts: - all: true - read: true - uptime: - all: true - read: true - category: management - default_action_group_id: anomaly_score_match - does_set_recovery_context: true - enabled_in_license: true - has_alerts_mappings: true - has_fields_for_a_a_d: false - id: xpack.ml.anomaly_detection_alert - is_exportable: true - minimum_license_required: platinum - name: Anomaly detection alert - producer: ml - recovery_action_group: - id: recovered - name: Recovered - rule_task_timeout: 5m - - action_groups: - - id: anomaly_detection_realtime_issue - name: Issue detected - - id: recovered - name: Recovered - action_variables: - context: - - description: Results of the rule execution - name: results - - description: Alert info message - name: message - params: [] - state: [] - authorized_consumers: - alerts: - all: true - read: true - apm: - all: true - read: true - discover: - all: true - read: true - infrastructure: - all: true - read: true - logs: - all: true - read: true - ml: - all: true - read: true - monitoring: - all: true - read: true - siem: - all: true - read: true - slo: - all: true - read: true - stackAlerts: - all: true - read: true - uptime: - all: true - read: true - category: management - default_action_group_id: anomaly_detection_realtime_issue - does_set_recovery_context: true - enabled_in_license: true - has_alerts_mappings: false - has_fields_for_a_a_d: false - id: xpack.ml.anomaly_detection_jobs_health - is_exportable: true - minimum_license_required: platinum - name: Anomaly detection jobs health - producer: ml - recovery_action_group: - id: recovered - name: Recovered - rule_task_timeout: 5m - Cases_add_comment_request: - summary: Adds a comment to a case. - value: - comment: A new comment. - owner: cases - type: user - Cases_add_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. - value: - assignees: [] - category: null - closed_at: null - closed_by: null - comments: - - comment: A new comment. - created_at: '2022-10-02T00:49:47.716Z' - created_by: - email: null - full_name: null - username: elastic - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: cases - type: user - version: WzIwNDMxLDFd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2022-03-24T00:37:03.906Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: Field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: true - description: A case description. - duration: null - external_service: null - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - owner: cases - settings: - syncAlerts: false - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 1 - updated_at: '2022-06-03T00:49:47.716Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzIzMzgsMV0= - Cases_create_case_request: - summary: Create a security case that uses a Jira connector. - value: - connector: - fields: - issueType: '10006' - parent: null - priority: High - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - description: A case description. - owner: cases - settings: - syncAlerts: true - tags: - - tag-1 - title: Case title 1 - Cases_create_case_response: - summary: >- - The create case API returns a JSON object that contains details about - the case. - value: - assignees: [] - closed_at: null - closed_by: null - comments: [] - connector: - fields: - issueType: '10006' - parent: null - priority: High - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - created_at: '2022-10-13T15:33:50.604Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: A case description. - duration: null - external_service: null - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 0 - updated_at: null - updated_by: null - version: WzUzMiwxXQ== - Cases_find_case_activity_response: - summary: Retrieves all activity for a case - value: - page: 1 - perPage: 20 - total: 3 - userActions: - - action: create - comment_id: null - created_at: '2023-10-20T01:17:22.150Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: b4cd0770-07c9-11ed-a5fd-47154cb8767e - owner: cases - payload: - assignees: [] - category: null - connector: - fields: null - id: none - name: none - type: .none - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: A case description. - owner: cases - settings: - syncAlerts: false - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - type: create_case - version: WzM1ODg4LDFd - - action: create - comment_id: 578608d0-03b1-11ed-920c-974bfa104448 - created_at: '2023-10-14T20:12:53.354Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 57af14a0-03b1-11ed-920c-974bfa104448 - owner: cases - payload: - comment: A new comment - owner: cases - type: user - type: comment - version: WzM1ODg4LDFa - - action: add - comment_id: null - created_at: '2023-10-20T01:10:28.238Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 573c6980-6123-11ed-aa41-81a0a61fe447 - owner: cases - payload: - assignees: - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - type: assignees - version: WzM1ODg4LDFb - Cases_find_case_response: - summary: >- - Retrieve the first five cases with the `tag-1` tag, in ascending order - by last update time. - value: - cases: - - assignees: [] - category: null - closed_at: null - closed_by: null - comments: [] - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-10-12T00:16:36.371Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: Case description - duration: null - external_service: null - id: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag-1 - title: Case title - totalAlerts: 0 - totalComment: 1 - updated_at: '2023-10-12T00:27:58.162Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzExMCwxXQ== - count_closed_cases: 0 - count_in_progress_cases: 0 - count_open_cases: 1 - page: 1 - per_page: 5 - total: 1 - Cases_find_connector_response: - summary: Retrieve information about the connectors and their settings. - value: - - actionTypeId: .jira - config: - apiUrl: https://elastic.atlassian.net/ - projectKey: ES - id: 61787f53-4eee-4741-8df6-8fe84fa616f7 - isDeprecated: false - isMissingSecrets: false - isPreconfigured: false - name: my-Jira - referencedByCount: 0 - Cases_get_case_alerts_response: - summary: Retrieves all alerts attached to a case - value: - - attached_at: '2022-07-25T20:09:40.963Z' - id: f6a7d0c3-d52d-432c-b2e6-447cd7fce04d - index: .alerts-observability.logs.alerts-default - Cases_get_case_configuration_response: - summary: Get the case configuration. - value: - - closure_type: close-by-user - connector: - fields: null - id: none - name: none - type: .none - created_at: '2024-07-01T17:07:17.767Z' - created_by: - email: null - full_name: null - username: elastic - customFields: - - defaultValue: Custom text field value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: false - error: null - id: 856ee650-6c82-11ee-a20a-6164169afa58 - mappings: [] - owner: cases - templates: - - caseFields: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: Default-category - connector: - fields: null - id: none - name: none - type: .none - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: Default text field value. - description: A default description for cases. - settings: - syncAlerts: false - tags: - - Default case tag - title: Default case title - description: A description of the template. - key: 505932fe-ee3a-4960-a661-c781b5acdb05 - name: template-1 - tags: - - Template tag 1 - updated_at: null - updated_by: null - version: WzEyLDNd - Cases_get_case_observability_response: - summary: >- - Retrieves information about an Observability case including its alerts - and comments. - value: - assignees: - - uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - category: null - closed_at: null - closed_by: null - comments: - - alertId: - - a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - created_at: '2023-11-06T19:29:38.424Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 59d438d0-79a9-4864-8d4b-e63adacebf6e - index: - - .internal.alerts-observability.logs.alerts-default-000001 - owner: observability - pushed_at: null - pushed_by: null - rule: - id: 03e4eb87-62ca-4e5d-9570-3d7625e9669d - name: Observability rule - type: alert - updated_at: null - updated_by: null - version: WzY3LDJd - - comment: The first comment. - created_at: '2023-11-06T19:29:57.812Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: d99342d3-3aa3-4b80-90ec-a702607604f5 - owner: observability - pushed_at: null - pushed_by: null - type: user - updated_at: null - updated_by: null - version: WzcyLDJd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-11-06T19:29:04.086Z' - created_by: - email: null - full_name: null - username: elastic - customFields: [] - description: An Observability case description. - duration: null - external_service: null - id: c3ff7550-def1-4e90-b6bc-c9969a4a09b1 - owner: observability - settings: - syncAlerts: false - severity: low - status: in-progress - tags: - - observability - - tag 1 - title: Observability case title 1 - totalAlerts: 1 - totalComment: 1 - updated_at: '2023-11-06T19:47:55.662Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzI0NywyXQ== - Cases_get_case_response: - summary: Retrieves information about a case including its comments. - value: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: null - closed_at: null - closed_by: null - comments: - - comment: A new comment - created_at: '2023-10-13T15:40:32.335Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 2134c1d0-02c2-11ed-85f2-4f7c222ca2fa - owner: cases - pushed_at: null - pushed_by: null - type: user - updated_at: null - updated_by: null - version: WzM3LDFd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-10-13T15:33:50.604Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: A case description - duration: null - external_service: null - id: 31cdada0-02c1-11ed-85f2-4f7c222ca2fa - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 1 - updated_at: '2023-10-13T15:40:32.335Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzM2LDFd - Cases_get_comment_response: - summary: A single user comment retrieved from a case - value: - comment: A new comment - created_at: '2023-10-07T19:32:13.104Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 8048b460-fe2b-11ec-b15d-779a7c8bbcc3 - owner: cases - pushed_at: null - pushed_by: null - type: user - updated_at: null - updated_by: null - version: WzIzLDFd - Cases_get_reporters_response: - summary: A list of two users that opened cases - value: - - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - - email: jdoe@example.com - full_name: Jane Doe - profile_uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - username: jdoe - Cases_get_tags_response: - summary: A list of tags that are used in cases - value: - - observability - - security - - tag 1 - - tag 2 - Cases_push_case_response: - summary: >- - The push case API returns a JSON object with details about the case and - the external service. - value: - closed_at: null - closed_by: null - comments: [] - connector: - fields: - issueType: '10006' - parent: null - priority: Low - id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 - name: My connector - type: .jira - created_at: '2022-07-29T00:59:39.444Z' - created_by: - email: null - full_name: null - username: elastic - description: A case description. - duration: null - external_service: - connector_id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 - connector_name: My connector - external_id: '71926' - external_title: ES-554 - external_url: https://cases.jira.com - pushed_at: '2022-07-29T01:20:58.436Z' - pushed_by: - email: null - full_name: null - username: elastic - id: b917f300-0ed9-11ed-bd18-65557fe66949 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 0 - updated_at: '2022-07-29T01:20:58.436Z' - updated_by: - email: null - full_name: null - username: elastic - version: WzE3NjgsM10= - Cases_set_case_configuration_request: - summary: >- - Set the closure type, custom fields, and default connector for Stack - Management cases. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - customFields: - - defaultValue: My custom field default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: false - owner: cases - templates: - - caseFields: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: Default-category - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: A text field value for the template. - description: A default description for cases. - tags: - - Default case tag - title: Default case title - description: A description of the template. - key: 505932fe-ee3a-4960-a661-c781b5acdb05 - name: template-1 - tags: - - Template tag 1 - Cases_set_case_configuration_response: - summary: This is an example response for case settings. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - created_at: '2024-07-01T17:07:17.767Z' - created_by: - email: null, - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - defaultValue: My custom field default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: false - error: null - id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - - action_type: overwrite - source: title - target: summary - - action_type: overwrite - source: description - target: description - - action_type: append - source: comments - target: comments - - action_type: overwrite - source: tags - target: labels - owner: cases - templates: - - caseFields: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: Default-category - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: A text field value for the template. - description: A default description for cases. - tags: - - Default case tag - title: Default case title - description: A description of the template. - key: 505932fe-ee3a-4960-a661-c781b5acdb05 - name: template-1 - tags: - - Template tag 1 - updated_at: null - updated_by: null - version: WzIwNzMsMV0= - Cases_update_case_configuration_request: - summary: Update the case settings. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - customFields: - - defaultValue: A new default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: true - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - label: my-toggle - type: toggle - required: false - version: WzExOSw0XQ== - Cases_update_case_configuration_response: - summary: This is an example response when the case configuration was updated. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - created_at: '2024-07-01T17:07:17.767Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - defaultValue: A new default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: true - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - label: my-toggle - type: toggle - required: false - error: null - id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - - action_type: overwrite - source: title - target: summary - - action_type: overwrite - source: description - target: description - - action_type: overwrite - source: tags - target: labels - - action_type: append - source: comments - target: comments - owner: cases - templates: [] - updated_at: '2024-07-19T00:52:42.401Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzI2LDNd - Cases_update_case_request: - summary: Update the case description, tags, and connector. - value: - cases: - - connector: - fields: - issueType: '10006' - parent: null - priority: null - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - customFields: - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: false - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My new field value - description: A case description. - id: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 - settings: - syncAlerts: true - tags: - - tag-1 - version: WzIzLDFd - Cases_update_case_response: - summary: >- - This is an example response when the case description, tags, and - connector were updated. - value: - - assignees: [] - category: null - closed_at: null - closed_by: null - comments: [] - connector: - fields: - issueType: '10006' - parent: null - priority: null - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - created_at: '2023-10-13T09:16:17.416Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My new field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: false - description: A case description. - duration: null - external_service: - connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8 - connector_name: Jira - external_id: '10003' - external_title: IS-4 - external_url: https://hms.atlassian.net/browse/IS-4 - pushed_at: '2023-10-13T09:20:40.672Z' - pushed_by: - email: null - full_name: null - username: elastic - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag-1 - title: Case title 1 - totalAlerts: 0 - totalComment: 0 - updated_at: '2023-10-13T09:48:33.043Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzU0OCwxXQ== - Cases_update_comment_request: - summary: Updates a comment of a case. - value: - comment: An updated comment. - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: cases - type: user - version: Wzk1LDFd - Cases_update_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. - value: - assignees: [] - category: null - closed_at: null - closed_by: null - comments: - - comment: An updated comment. - created_at: '2023-10-24T00:37:10.832Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: cases - pushed_at: null - pushed_by: null - type: user - updated_at: '2023-10-24T01:27:06.210Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzIwNjM3LDFd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-10-24T00:37:03.906Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My new field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: false - description: A case description. - duration: null - external_service: null - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - owner: cases - settings: - syncAlerts: false - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 1 - updated_at: '2023-10-24T01:27:06.210Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzIwNjM2LDFd - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: emit(doc['shape_name'].value) - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: emit(doc["foo"].value) - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: $0,0.00 - products.base_unit_price: - id: number - params: - pattern: $0,0.00 - products.min_price: - id: number - params: - pattern: $0,0.00 - products.price: - id: number - params: - pattern: $0,0.00 - products.taxful_price: - id: number - params: - pattern: $0,0.00 - products.taxless_price: - id: number - params: - pattern: $0,0.00 - taxful_total_price: - id: number - params: - pattern: $0,0.[00] - taxless_total_price: - id: number - params: - pattern: $0,0.00 - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category - type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name - type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name - type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name - type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer - type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer - type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name - type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: $0,0.[00] - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: emit(doc["bar"].value) - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Saved_objects_import_objects_request: - value: - file: file.ndjson - Saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - Saved_objects_key_rotation_response: - summary: Encryption key rotation using default parameters. - value: - failed: 0 - successful: 300 - total: 1000 - Saved_objects_resolve_missing_reference_request: - value: - file: file.ndjson - retries: - - id: my-pattern - overwrite: true - type: index-pattern - - destinationId: another-vis - id: my-vis - overwrite: true - type: visualization - - destinationId: yet-another-canvas - id: my-canvas - overwrite: true - type: canvas - - id: my-dashboard - type: dashboard - Saved_objects_resolve_missing_reference_response: - summary: Resolve missing reference errors. - value: - success: true - successCount: 3 - successResults: - - id: my-vis - meta: - icon: visualizeApp - title: Look at my visualization - type: visualization - - id: my-search - meta: - icon: searchApp - title: Look at my search - type: search - - id: my-dashboard - meta: - icon: dashboardApp - title: Look at my dashboard - type: dashboard - parameters: - Alerting_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_alert_id: - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - type: string - Cases_assignees_filter: - description: > - Filters the returned cases by assignees. Valid values are `none` or - unique identifiers for the user profiles. These identifiers can be found - by using the suggest user profile API. - in: query - name: assignees - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_case_id: - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. - in: path - name: caseId - required: true - schema: - example: 9c235210-6834-11ea-a78c-6ffb38a34414 - type: string - Cases_category: - description: Filters the returned cases by category. - in: query - name: category - schema: - oneOf: - - $ref: '#/components/schemas/Cases_case_category' - - $ref: '#/components/schemas/Cases_case_categories' - Cases_comment_id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. - in: path - name: commentId - required: true - schema: - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 - type: string - Cases_configuration_id: - description: An identifier for the configuration. - in: path - name: configurationId - required: true - schema: - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - type: string - Cases_connector_id: - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. - in: path - name: connectorId - required: true - schema: - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - type: string - Cases_defaultSearchOperator: - description: he default operator to use for the simple_query_string. - example: OR - in: query - name: defaultSearchOperator - schema: - default: OR - type: string - Cases_from: - description: > - Returns only cases that were created after a specific date. The date - must be specified as a KQL data range or date match expression. - in: query - name: from - schema: - example: now-1d - type: string - Cases_ids: - description: > - The cases that you want to removed. All non-ASCII characters must be URL - encoded. - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - in: query - name: ids - required: true - schema: - items: - maxItems: 100 - minItems: 1 - type: string - type: array - Cases_includeComments: - deprecated: true - description: >- - Deprecated in 8.1.0. This parameter is deprecated and will be removed in - a future release. It determines whether case comments are returned. - in: query - name: includeComments - schema: - default: true - type: boolean - Cases_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_owner_filter: - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. - example: cases - in: query - name: owner - schema: - oneOf: - - $ref: '#/components/schemas/Cases_owner' - - $ref: '#/components/schemas/Cases_owners' - Cases_page_index: - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - type: integer - Cases_page_size: - description: The number of items to return. Limited to 100 items. - in: query - name: perPage - required: false - schema: - default: 20 - maximum: 100 - type: integer - Cases_reporters: - description: Filters the returned cases by the user name of the reporter. - example: elastic - in: query - name: reporters - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_search: - description: >- - An Elasticsearch simple_query_string query that filters the objects in - the response. - in: query - name: search - schema: - type: string - Cases_searchFields: - description: The fields to perform the simple_query_string parsed query against. - in: query - name: searchFields - schema: - oneOf: - - $ref: '#/components/schemas/Cases_searchFieldsType' - - $ref: '#/components/schemas/Cases_searchFieldsTypeArray' - Cases_severity: - description: The severity of the case. - in: query - name: severity - schema: - enum: - - critical - - high - - low - - medium - type: string - Cases_sort_order: - description: Determines the sort order. - in: query - name: sortOrder - required: false - schema: - default: desc - enum: - - asc - - desc - type: string - Cases_sortField: - description: Determines which field is used to sort the results. - example: updatedAt - in: query - name: sortField - schema: - default: createdAt - enum: - - createdAt - - updatedAt - - closedAt - - title - - category - - status - - severity - type: string - Cases_status: - description: Filters the returned cases by state. - example: open - in: query - name: status - schema: - enum: - - closed - - in-progress - - open - type: string - Cases_tags: - description: Filters the returned cases by tags. - example: tag-1 - in: query - name: tags - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_to: - description: > - Returns only cases that were created before a specific date. The date - must be specified as a KQL data range or date match expression. - example: now+1d - in: query - name: to - schema: - type: string - Cases_user_action_types: - description: Determines the types of user actions to return. - example: create_case - in: query - name: types - schema: - items: - enum: - - action - - alert - - assignees - - attachment - - comment - - connector - - create_case - - description - - pushed - - settings - - severity - - status - - tags - - title - - user - type: string - type: array - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Saved_objects_saved_object_id: - description: An identifier for the saved object. - in: path - name: id - required: true - schema: - type: string - Saved_objects_saved_object_type: - description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. - in: path - name: type - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - schemas: - Alerting_401_response: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unsuccessful rule API response - type: object - Alerting_alert_response_properties: - title: Legacy alert response properties - type: object - properties: - actions: - items: - type: object - type: array - alertTypeId: - example: .index-threshold - type: string - apiKeyOwner: - example: elastic - nullable: true - type: string - createdAt: - description: The date and time that the alert was created. - example: '2022-12-05T23:36:58.284Z' - format: date-time - type: string - createdBy: - description: The identifier for the user that created the alert. - example: elastic - type: string - enabled: - description: Indicates whether the alert is currently enabled. - example: true - type: boolean - executionStatus: - type: object - properties: - lastExecutionDate: - example: '2022-12-06T00:13:43.890Z' - format: date-time - type: string - status: - example: ok - type: string - id: - description: The identifier for the alert. - example: b530fed0-74f5-11ed-9801-35303b735aef - type: string - muteAll: - example: false - type: boolean - mutedInstanceIds: - items: - type: string - nullable: true - type: array - name: - description: The name of the alert. - example: my alert - type: string - notifyWhen: - example: onActionGroupChange - type: string - params: - additionalProperties: true - type: object - schedule: - type: object - properties: - interval: - type: string - scheduledTaskId: - example: b530fed0-74f5-11ed-9801-35303b735aef - type: string - tags: - items: - type: string - type: array - throttle: - nullable: true - type: string - updatedAt: - example: '2022-12-05T23:36:58.284Z' - type: string - updatedBy: - description: The identifier for the user that updated this alert most recently. - example: elastic - nullable: true - type: string - Alerting_fieldmap_properties: - title: Field map objects in the get rule types response - type: object - properties: - array: - description: Indicates whether the field is an array. - type: boolean - dynamic: - description: Indicates whether it is a dynamic field mapping. - type: boolean - format: - description: > - Indicates the format of the field. For example, if the `type` is - `date_range`, the `format` can be - `epoch_millis||strict_date_optional_time`. - type: string - ignore_above: - description: >- - Specifies the maximum length of a string field. Longer strings are - not indexed or stored. - type: integer - index: - description: Indicates whether field values are indexed. - type: boolean - path: - description: TBD - type: string - properties: - additionalProperties: - type: object - properties: - type: - description: The data type for each object property. - type: string - description: > - Details about the object properties. This property is applicable - when `type` is `object`. - type: object - required: - description: Indicates whether the field is required. - type: boolean - scaling_factor: - description: > - The scaling factor to use when encoding values. This property is - applicable when `type` is `scaled_float`. Values will be multiplied - by this factor at index time and rounded to the closest long value. - type: integer - type: - description: Specifies the data type for the field. - example: scaled_float - type: string - Cases_4xx_response: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful cases API response - type: object - Cases_action_types: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string - Cases_actions: - enum: - - add - - create - - delete - - push_to_service - - update - example: create - type: string - Cases_add_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. - type: object - properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. - enum: - - alert - example: alert - type: string - required: - - alertId - - index - - owner - - rule - - type - title: Add case comment request properties for alerts - Cases_add_case_comment_request: - description: >- - The add comment to case API request body varies depending on whether you - are adding an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_add_alert_comment_request_properties' - user: '#/components/schemas/Cases_add_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' - title: Add case comment request - Cases_add_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - description: The type of comment. - enum: - - user - example: user - type: string - required: - - comment - - owner - - type - title: Add case comment request properties for user comments - type: object - Cases_alert_comment_response_properties: - title: Add case comment response properties for alerts - type: object - properties: - alertId: - items: - example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - type: string - type: array - created_at: - example: '2023-11-06T19:29:38.424Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - id: - example: 73362370-ab1a-11ec-985f-97e55adae8b9 - type: string - index: - items: - example: .internal.alerts-security.alerts-default-000001 - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - pushed_at: - example: null - format: date-time - nullable: true - type: string - pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - type: - enum: - - alert - example: alert - type: string - updated_at: - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzMwNDgsMV0= - type: string - required: - - type - Cases_alert_identifiers: - description: > - The alert identifiers. It is required only when `type` is `alert`. You - can use an array of strings to add multiple alerts to a case, provided - that they all relate to the same rule; `index` must also be an array - with the same length or number of elements. Adding multiple alerts in - this manner is recommended rather than calling the API multiple times. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert identifiers - x-state: Technical preview - Cases_alert_indices: - description: > - The alert indices. It is required only when `type` is `alert`. If you - are adding multiple alerts to a case, use an array of strings; the - position of each index name in the array must match the position of the - corresponding alert identifier in the `alertId` array. This - functionality is in technical preview and may be changed or removed in a - future release. Elastic will work to fix any issues, but features in - technical preview are not subject to the support SLA of official GA - features. - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert indices - x-state: Technical preview - Cases_alert_response_properties: - type: object - properties: - attached_at: - format: date-time - type: string - id: - description: The alert identifier. - type: string - index: - description: The alert index. - type: string - Cases_assignees: - description: An array containing users that are assigned to the case. - items: - type: object - properties: - uid: - description: >- - A unique identifier for the user profile. These identifiers can be - found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - type: string - required: - - uid - maxItems: 10 - nullable: true - type: array - Cases_case_categories: - items: - $ref: '#/components/schemas/Cases_case_category' - maxItems: 100 - type: array - Cases_case_category: - description: A word or phrase that categorizes the case. - maxLength: 50 - type: string - Cases_case_description: - description: The description for the case. - maxLength: 30000 - type: string - Cases_case_response_closed_by_properties: - nullable: true - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - title: Case response properties for closed_by - type: object - Cases_case_response_created_by_properties: - title: Case response properties for created_by - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - Cases_case_response_properties: - title: Case response properties - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - description: The case category. - nullable: true - type: string - closed_at: - format: date-time - nullable: true - type: string - closed_by: - $ref: '#/components/schemas/Cases_case_response_closed_by_properties' - comments: - description: An array of comment objects for the case. - items: - discriminator: - mapping: - alert: '#/components/schemas/Cases_alert_comment_response_properties' - user: '#/components/schemas/Cases_user_comment_response_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_alert_comment_response_properties' - - $ref: '#/components/schemas/Cases_user_comment_response_properties' - maxItems: 10000 - title: Case response properties for comments - type: array - connector: - discriminator: - mapping: - .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' - .jira: '#/components/schemas/Cases_connector_properties_jira' - .none: '#/components/schemas/Cases_connector_properties_none' - .resilient: '#/components/schemas/Cases_connector_properties_resilient' - .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' - .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' - .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - title: Case response properties for connectors - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - customFields: - description: Custom field values for the case. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - type: array - description: - example: A case description. - type: string - duration: - description: > - The elapsed time from the creation of the case to its closure (in - seconds). If the case has not been closed, the duration is set to - null. If the case was closed after less than half a second, the - duration is rounded down to zero. - example: 120 - nullable: true - type: integer - external_service: - $ref: '#/components/schemas/Cases_external_service' - id: - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - example: - - tag-1 - items: - type: string - type: array - title: - example: Case title 1 - type: string - totalAlerts: - example: 0 - type: integer - totalComment: - example: 0 - type: integer - updated_at: - format: date-time - nullable: true - type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzUzMiwxXQ== - type: string - required: - - closed_at - - closed_by - - comments - - connector - - created_at - - created_by - - description - - duration - - external_service - - id - - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by - - version - Cases_case_response_pushed_by_properties: - nullable: true - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - title: Case response properties for pushed_by - type: object - Cases_case_response_updated_by_properties: - nullable: true - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - title: Case response properties for updated_by - type: object - Cases_case_severity: - default: low - description: The severity of the case. - enum: - - critical - - high - - low - - medium - type: string - Cases_case_status: - description: The status of the case. - enum: - - closed - - in-progress - - open - type: string - Cases_case_tags: - description: > - The words and phrases that help categorize cases. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_case_title: - description: A title for the case. - maxLength: 160 - type: string - Cases_closure_types: - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). - enum: - - close-by-pushing - - close-by-user - example: close-by-user - type: string - Cases_connector_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - fields: - example: null - nullable: true - type: string - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - type: string - required: - - fields - - id - - name - - type - title: Create or upate case request properties for Cases Webhook connector - Cases_connector_properties_jira: - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - issueType: - description: The type of issue. - nullable: true - type: string - parent: - description: The key of the parent issue, when the issue type is sub-task. - nullable: true - type: string - priority: - description: The priority of the issue. - nullable: true - type: string - required: - - issueType - - parent - - priority - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .jira - example: .jira - type: string - required: - - fields - - id - - name - - type - title: Create or update case request properties for a Jira connector - Cases_connector_properties_none: - description: Defines properties for connectors when type is `.none`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case without - a connector, specify null. To update a case to remove the connector, - specify null. - example: null - nullable: true - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. To update a case to remove the connector, - specify `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, use - `none`. To update a case to remove the connector, specify `none`. - example: none - type: string - type: - description: >- - The type of connector. To create a case without a connector, use - `.none`. To update a case to remove the connector, specify `.none`. - enum: - - .none - example: .none - type: string - required: - - fields - - id - - name - - type - title: Create or update case request properties for no connector - Cases_connector_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - nullable: true - type: object - properties: - issueTypes: - description: The type of incident. - items: - type: string - type: array - severityCode: - description: The severity code of the incident. - type: string - required: - - issueTypes - - severityCode - id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a IBM Resilient connector - Cases_connector_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true - type: string - impact: - description: The effect an incident had on business. - nullable: true - type: string - severity: - description: The severity of the incident. - nullable: true - type: string - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - urgency: - description: The extent to which the incident resolution can be delayed. - nullable: true - type: string - required: - - category - - impact - - severity - - subcategory - - urgency - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .servicenow - example: .servicenow - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow ITSM connector - Cases_connector_properties_servicenow_sir: - description: Defines properties for connectors when type is `.servicenow-sir`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs. - nullable: true - type: boolean - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs. - nullable: true - type: boolean - priority: - description: The priority of the issue. - nullable: true - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs. - nullable: true - type: boolean - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow SecOps connector - Cases_connector_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - nullable: true - type: string - required: - - caseId - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a Swimlane connector - Cases_connector_types: - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - type: string - Cases_create_case_request: - description: >- - The create case API request body varies depending on the type of - connector. - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields that are - not specified in the request are set to null. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - required: - - connector - - description - - owner - - settings - - tags - - title - title: Create case request - type: object - Cases_external_service: - nullable: true - type: object - properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: - type: string - external_url: - type: string - pushed_at: - format: date-time - type: string - pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - Cases_owner: - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. - enum: - - cases - - observability - - securitySolution - example: cases - type: string - Cases_owners: - items: - $ref: '#/components/schemas/Cases_owner' - type: array - Cases_payload_alert_comment: - type: object - properties: - comment: - type: object - properties: - alertId: - oneOf: - - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: string - - items: - type: string - type: array - index: - oneOf: - - example: .alerts-observability.logs.alerts-default - type: string - - items: - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - type: - enum: - - alert - type: string - Cases_payload_assignees: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - Cases_payload_connector: - type: object - properties: - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - Cases_payload_create_case: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - description: - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - items: - example: - - tag-1 - type: string - type: array - title: - type: string - Cases_payload_delete: - description: >- - If the `action` is `delete` and the `type` is `delete_case`, the payload - is nullable. - nullable: true - type: object - Cases_payload_description: - type: object - properties: - description: - type: string - Cases_payload_pushed: - type: object - properties: - externalService: - $ref: '#/components/schemas/Cases_external_service' - Cases_payload_settings: - type: object - properties: - settings: - $ref: '#/components/schemas/Cases_settings' - Cases_payload_severity: - type: object - properties: - severity: - $ref: '#/components/schemas/Cases_case_severity' - Cases_payload_status: - type: object - properties: - status: - $ref: '#/components/schemas/Cases_case_status' - Cases_payload_tags: - type: object - properties: - tags: - example: - - tag-1 - items: - type: string - type: array - Cases_payload_title: - type: object - properties: - title: - type: string - Cases_payload_user_comment: - type: object - properties: - comment: - type: object - properties: - comment: - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - enum: - - user - type: string - Cases_rule: - description: > - The rule that is associated with the alerts. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Alerting rule - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - x-state: Technical preview - Cases_searchFieldsType: - description: The fields to perform the `simple_query_string` parsed query against. - enum: - - description - - title - type: string - Cases_searchFieldsTypeArray: - items: - $ref: '#/components/schemas/Cases_searchFieldsType' - type: array - Cases_set_case_configuration_request: - description: >- - External connection details, such as the closure type and default - connector for cases. - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - maxItems: 10 - minItems: 0 - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - required: - - closure_type - - connector - - owner - title: Set case configuration request - type: object - Cases_settings: - description: An object that contains the case settings. - type: object - properties: - syncAlerts: - description: Turns alert syncing on or off. - example: true - type: boolean - required: - - syncAlerts - Cases_string: - type: string - Cases_string_array: - items: - $ref: '#/components/schemas/Cases_string' - maxItems: 100 - type: array - Cases_template_tags: - description: > - The words and phrases that help categorize templates. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_templates: - items: - type: object - properties: - caseFields: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, therefore - it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector IDs, - use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use - the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - customFields: - description: Custom field values in the template. - items: - type: object - properties: - key: - description: The unique key for the custom field. - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - value: - description: > - The default value for the custom field when a case uses - the template. If the `type` is `text`, the default value - must be a string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - type: array - x-state: Technical preview - description: - $ref: '#/components/schemas/Cases_case_description' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - description: - description: A description for the template. - type: string - key: - description: > - A unique key for the template. Must be lower case and composed - only of a-z, 0-9, '_', and '-' characters. It is used in API calls - to refer to a specific template. - type: string - name: - description: The name of the template. - type: string - tags: - $ref: '#/components/schemas/Cases_template_tags' - type: array - x-state: Technical preview - Cases_update_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. - type: object - properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. - enum: - - alert - example: alert - type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd - type: string - required: - - alertId - - id - - index - - owner - - rule - - type - - version - title: Update case comment request properties for alerts - Cases_update_case_comment_request: - description: >- - The update case comment API request body varies depending on whether you - are updating an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_update_alert_comment_request_properties' - user: '#/components/schemas/Cases_update_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' - title: Update case comment request - Cases_update_case_configuration_request: - description: > - You can update settings such as the closure type, custom fields, - templates, and the default connector for cases. - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - type: array - templates: - $ref: '#/components/schemas/Cases_templates' - version: - description: > - The version of the connector. To retrieve the version value, use the - get configuration API. - example: WzIwMiwxXQ== - type: string - required: - - version - title: Update case configuration request - type: object - Cases_update_case_request: - description: >- - The update case API request body varies depending on the type of - connector. - properties: - cases: - description: An array containing one or more case objects. - items: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: >- - #/components/schemas/Cases_connector_properties_cases_webhook - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: >- - #/components/schemas/Cases_connector_properties_servicenow_sir - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields - that are not specified in the request are set to null. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key - value must exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified - in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, - it cannot be explicitly set to null. However, for cases - that existed when the required custom field was added, - the default value stored in Elasticsearch is - `undefined`. The value returned in the API and user - interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - id: - description: The identifier for the case. - maxLength: 30000 - type: string - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - version: - description: >- - The current version of the case. To determine this value, use - the get case or find cases APIs. - type: string - required: - - id - - version - maxItems: 100 - minItems: 1 - type: array - required: - - cases - title: Update case request - type: object - Cases_update_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 - type: string - id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - description: The type of comment. - enum: - - user - example: user - type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd - type: string - required: - - comment - - id - - owner - - type - - version - title: Update case comment request properties for user comments - type: object - Cases_user_actions_find_response_properties: - type: object - properties: - action: - $ref: '#/components/schemas/Cases_actions' - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string - version: - example: WzM1ODg4LDFd - type: string - required: - - action - - comment_id - - created_at - - created_by - - id - - owner - - payload - - type - - version - Cases_user_actions_response_properties: - type: object - properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - case_id: - example: 22df07d0-03b1-11ed-920c-974bfa104448 - type: string - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owner' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' - required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type - Cases_user_comment_response_properties: - title: Case response properties for user comments - type: object - properties: - comment: - example: A new comment. - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - id: - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - pushed_at: - example: null - format: date-time - nullable: true - type: string - pushed_by: - $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' - type: - enum: - - user - example: user - type: string - updated_at: - example: null - format: date-time - nullable: true - type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzIwNDMxLDFd - type: string - required: - - type - Data_views_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: - type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: - data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: - type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd - type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. - type: object - properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: - type: object - properties: - source: - description: Script for the runtime field. - type: string - type: - description: Mapping type of the runtime field. - type: string - required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object - properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. - type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. - type: string - toId: - description: New saved object reference value to replace the old value. - type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: The timestamp field name, which you use for time-based data views. - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: When set to `rollup`, identifies the rollup data views. - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request - type: object - properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean - required: - - data_view - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. - type: object - properties: - status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall - required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. - type: object - properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. - type: string - version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional - type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. - type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. - type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date - required: - - name - - uuid - - version - - status - - metrics - Machine_learning_APIs_mlSync200Response: - properties: - datafeedsAdded: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. - type: object - datafeedsRemoved: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. - type: object - savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated - savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted - title: Successful sync API response - type: object - Machine_learning_APIs_mlSync4xxResponse: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful sync API response - type: object - Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for anomaly detection jobs - type: object - Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for datafeeds - type: object - Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for data frame analytics jobs - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: If saved objects are missing for trained models, they are created. - type: object - title: Sync API response for created saved objects - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. - type: object - title: Sync API response for deleted saved objects - type: object - Machine_learning_APIs_mlSyncResponseSuccess: - description: The success or failure of the synchronization. - type: boolean - Machine_learning_APIs_mlSyncResponseTrainedModels: - description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for trained models - type: object - Saved_objects_400_response: - title: Bad request - type: object - properties: - error: - enum: - - Bad Request - type: string - message: - type: string - statusCode: - enum: - - 400 - type: integer - required: - - error - - message - - statusCode - Saved_objects_attributes: - description: > - The data that you want to create. WARNING: When you create saved - objects, attributes are not validated, which allows you to pass - arbitrary and ill-formed data into the API that can break Kibana. Make - sure any data that you send to the API is properly formed. - type: object - Saved_objects_initial_namespaces: - description: > - Identifiers for the spaces in which this object is created. If this is - provided, the object is created only in the explicitly defined spaces. - If this is not provided, the object is created in the current space - (default behavior). For shareable object types (registered with - `namespaceType: 'multiple'`), this option can be used to specify one or - more spaces, including the "All spaces" identifier ('*'). For isolated - object types (registered with `namespaceType: 'single'` or - `namespaceType: 'multiple-isolated'`), this option can only be used to - specify a single space, and the "All spaces" identifier ('*') is not - allowed. For global object types (`registered with `namespaceType: - agnostic`), this option cannot be used. - type: array - Saved_objects_references: - description: > - Objects with `name`, `id`, and `type` properties that describe the other - saved objects that this object references. Use `name` in attributes to - refer to the other saved object, but never the `id`, which can update - automatically during migrations or import and export. - type: array - Security_AI_Assistant_API_AnonymizationFieldCreateProps: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - field: - type: string - required: - - field - Security_AI_Assistant_API_AnonymizationFieldDetailsInError: - type: object - properties: - id: - type: string - name: - type: string - required: - - id - Security_AI_Assistant_API_AnonymizationFieldResponse: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - createdAt: - type: string - createdBy: - type: string - field: - type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - namespace: - description: Kibana space - type: string - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: - type: string - updatedBy: - type: string - required: - - id - - field - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason: - enum: - - ANONYMIZATION_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult: - type: object - properties: - id: - type: string - name: - type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason - required: - - id - - skip_reason - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse: - type: object - properties: - anonymization_fields_count: - type: integer - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: - type: string - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults: - type: object - properties: - created: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult - type: array - updated: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_AnonymizationFieldUpdateProps: - type: object - properties: - allowed: - type: boolean - anonymized: - type: boolean - id: - type: string - required: - - id - Security_AI_Assistant_API_ApiConfig: - type: object - properties: - actionTypeId: - description: action type id - type: string - connectorId: - description: connector id - type: string - defaultSystemPromptId: - description: defaultSystemPromptId - type: string - model: - description: model - type: string - provider: - $ref: '#/components/schemas/Security_AI_Assistant_API_Provider' - description: Provider - required: - - connectorId - - actionTypeId - Security_AI_Assistant_API_BulkCrudActionSummary: - type: object - properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer - required: - - failed - - skipped - - succeeded - - total - Security_AI_Assistant_API_ChatCompleteProps: - type: object - properties: - connectorId: - type: string - conversationId: - type: string - isStream: - type: boolean - langSmithApiKey: - type: string - langSmithProject: - type: string - messages: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessage' - type: array - model: - type: string - persist: - type: boolean - promptId: - type: string - responseLanguage: - type: string - required: - - messages - - persist - - connectorId - Security_AI_Assistant_API_ChatMessage: - description: AI assistant message. - type: object - properties: - content: - description: Message content. - type: string - data: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageData' - description: ECS object to attach to the context of the message. - fields_to_anonymize: - items: - type: string - type: array - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessageRole' - description: Message role. - required: - - role - Security_AI_Assistant_API_ChatMessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_ConversationCategory: - description: The conversation category. - enum: - - assistant - - insights - type: string - Security_AI_Assistant_API_ConversationConfidence: - description: The conversation confidence. - enum: - - low - - medium - - high - type: string - Security_AI_Assistant_API_ConversationCreateProps: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - description: The conversation id. - type: string - isDefault: - description: Is default conversation. - type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - title: - description: The conversation title. - type: string - required: - - title - Security_AI_Assistant_API_ConversationResponse: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - createdAt: - description: The last time conversation was updated. - type: string - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - description: Is default conversation. - type: boolean - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - namespace: - description: Kibana space - type: string - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - title: - description: The conversation title. - type: string - updatedAt: - description: The last time conversation was updated. - type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id - - title - - createdAt - - users - - namespace - - category - Security_AI_Assistant_API_ConversationSummary: - type: object - properties: - confidence: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationConfidence - description: >- - How confident you are about this being a correct and useful - learning. - content: - description: Summary text of the conversation over time. - type: string - public: - description: Define if summary is marked as publicly available. - type: boolean - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp summary was updated. - Security_AI_Assistant_API_ConversationUpdateProps: - type: object - properties: - apiConfig: - $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' - description: LLM API configuration. - category: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' - description: The conversation category. - excludeFromLastConversationStorage: - description: excludeFromLastConversationStorage. - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - messages: - description: The conversation messages. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_Message' - type: array - replacements: - $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' - title: - description: The conversation title. - type: string - required: - - id - Security_AI_Assistant_API_FindAnonymizationFieldsSortField: - enum: - - created_at - - anonymized - - allowed - - field - - updated_at - type: string - Security_AI_Assistant_API_FindConversationsSortField: - enum: - - created_at - - is_default - - title - - updated_at - type: string - Security_AI_Assistant_API_FindPromptsSortField: - enum: - - created_at - - is_default - - name - - updated_at - type: string - Security_AI_Assistant_API_Message: - description: AI assistant conversation message. - type: object - properties: - content: - description: Message content. - type: string - isError: - description: Is error message. - type: boolean - reader: - $ref: '#/components/schemas/Security_AI_Assistant_API_Reader' - description: Message content. - role: - $ref: '#/components/schemas/Security_AI_Assistant_API_MessageRole' - description: Message role. - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - description: The timestamp message was sent or received. - traceData: - $ref: '#/components/schemas/Security_AI_Assistant_API_TraceData' - description: trace Data - required: - - timestamp - - content - - role - Security_AI_Assistant_API_MessageData: - additionalProperties: true - type: object - Security_AI_Assistant_API_MessageRole: - description: Message role. - enum: - - system - - user - - assistant - type: string - Security_AI_Assistant_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_AI_Assistant_API_NormalizedAnonymizationFieldError: - type: object - properties: - anonymization_fields: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError - type: array - err_code: - type: string - message: - type: string - status_code: - type: integer - required: - - message - - status_code - - anonymization_fields - Security_AI_Assistant_API_NormalizedPromptError: - type: object - properties: - err_code: - type: string - message: - type: string - prompts: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError - type: array - status_code: - type: integer - required: - - message - - status_code - - prompts - Security_AI_Assistant_API_PromptCreateProps: - type: object - properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - name: - type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' - required: - - name - - content - - promptType - Security_AI_Assistant_API_PromptDetailsInError: - type: object - properties: - id: - type: string - name: - type: string - required: - - id - Security_AI_Assistant_API_PromptResponse: - type: object - properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - createdAt: - type: string - createdBy: - type: string - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - name: - type: string - namespace: - description: Kibana space - type: string - promptType: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' - timestamp: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - updatedAt: - type: string - updatedBy: - type: string - users: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id - - name - - promptType - - content - Security_AI_Assistant_API_PromptsBulkActionSkipReason: - enum: - - PROMPT_FIELD_NOT_MODIFIED - type: string - Security_AI_Assistant_API_PromptsBulkActionSkipResult: - type: object - properties: - id: - type: string - name: - type: string - skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason - required: - - id - - skip_reason - Security_AI_Assistant_API_PromptsBulkCrudActionResponse: - type: object - properties: - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError - type: array - results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults - summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary - required: - - results - - summary - message: - type: string - prompts_count: - type: integer - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_AI_Assistant_API_PromptsBulkCrudActionResults: - type: object - properties: - created: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - deleted: - items: - type: string - type: array - skipped: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult - type: array - updated: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - required: - - updated - - created - - deleted - - skipped - Security_AI_Assistant_API_PromptType: - description: Prompt type - enum: - - system - - quick - type: string - Security_AI_Assistant_API_PromptUpdateProps: - type: object - properties: - categories: - items: - type: string - type: array - color: - type: string - consumer: - type: string - content: - type: string - id: - type: string - isDefault: - type: boolean - isNewConversationDefault: - type: boolean - required: - - id - Security_AI_Assistant_API_Provider: - description: Provider - enum: - - OpenAI - - Azure OpenAI - - Other - type: string - Security_AI_Assistant_API_Reader: - additionalProperties: true - type: object - Security_AI_Assistant_API_Replacements: - additionalProperties: - type: string - description: Replacements object used to anonymize/deanomymize messsages - type: object - Security_AI_Assistant_API_SortOrder: - enum: - - asc - - desc - type: string - Security_AI_Assistant_API_TraceData: - description: trace Data - type: object - properties: - traceId: - description: Could be any string, not necessarily a UUID - type: string - transactionId: - description: Could be any string, not necessarily a UUID - type: string - Security_AI_Assistant_API_User: - description: Could be any string, not necessarily a UUID - type: object - properties: - id: - description: User id - type: string - name: - description: User name - type: string - Security_Detections_API_AlertAssignees: - type: object - properties: - add: - description: A list of users ids to assign. - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - remove: - description: A list of users ids to unassign. - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - required: - - add - - remove - Security_Detections_API_AlertIds: - description: A list of alerts ids. - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - minItems: 1 - type: array - Security_Detections_API_AlertsIndex: - deprecated: true - description: (deprecated) Has no effect. - type: string - Security_Detections_API_AlertsIndexMigrationError: - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - type: string - required: - - message - - status_code - index: - type: string - required: - - index - - error - Security_Detections_API_AlertsIndexMigrationSuccess: - type: object - properties: - index: - type: string - migration_id: - type: string - migration_index: - type: string - required: - - index - - migration_id - - migration_index - Security_Detections_API_AlertsIndexNamespace: - description: Has no effect. - type: string - Security_Detections_API_AlertsReindexOptions: - type: object - properties: - requests_per_second: - minimum: 1 - type: integer - size: - minimum: 1 - type: integer - slices: - minimum: 1 - type: integer - Security_Detections_API_AlertsSort: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - - items: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsSortCombinations - type: array - Security_Detections_API_AlertsSortCombinations: - anyOf: - - type: string - - additionalProperties: true - type: object - Security_Detections_API_AlertStatus: - enum: - - open - - closed - - acknowledged - - in-progress - type: string - Security_Detections_API_AlertSuppression: - type: object - properties: - duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration - group_by: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' - missing_fields_strategy: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy - required: - - group_by - Security_Detections_API_AlertSuppressionDuration: - type: object - properties: - unit: - enum: - - s - - m - - h - type: string - value: - minimum: 1 - type: integer - required: - - value - - unit - Security_Detections_API_AlertSuppressionGroupBy: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Detections_API_AlertSuppressionMissingFieldsStrategy: - description: >- - Describes how alerts will be generated for documents with missing - suppress by fields: - - doNotSuppress - per each document a separate alert will be created - - suppress - only alert will be created per suppress by bucket - enum: - - doNotSuppress - - suppress - type: string - Security_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - Security_Detections_API_AlertTags: - items: - $ref: '#/components/schemas/Security_Detections_API_AlertTag' - type: array - Security_Detections_API_AlertVersion: - type: object - properties: - count: - type: integer - version: - type: integer - required: - - version - - count - Security_Detections_API_AnomalyThreshold: - description: Anomaly threshold - minimum: 0 - type: integer - Security_Detections_API_BuildingBlockType: - description: >- - Determines if the rule acts as a building block. By default, - building-block alerts are not displayed in the UI. These rules are used - as a foundation for other rules that do generate alerts. Its value must - be default. - type: string - Security_Detections_API_BulkActionEditPayload: - anyOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule - Security_Detections_API_BulkActionEditPayloadIndexPatterns: - type: object - properties: - overwrite_data_views: - type: boolean - type: - enum: - - add_index_patterns - - delete_index_patterns - - set_index_patterns - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadInvestigationFields: - type: object - properties: - type: - enum: - - add_investigation_fields - - delete_investigation_fields - - set_investigation_fields - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadRuleActions: - type: object - properties: - type: - enum: - - add_rule_actions - - set_rule_actions - type: string - value: - type: object - properties: - actions: - items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleAction - type: array - throttle: - $ref: >- - #/components/schemas/Security_Detections_API_ThrottleForBulkActions - required: - - actions - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadSchedule: - type: object - properties: - type: - enum: - - set_schedule - type: string - value: - type: object - properties: - interval: - description: >- - Interval in which the rule runs. For example, `"1h"` means the - rule runs every hour. - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - lookback: - description: Lookback time for the rule - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - required: - - interval - - lookback - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadTags: - type: object - properties: - type: - enum: - - add_tags - - delete_tags - - set_tags - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - required: - - type - - value - Security_Detections_API_BulkActionEditPayloadTimeline: - type: object - properties: - type: - enum: - - set_timeline - type: string - value: - type: object - properties: - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - required: - - timeline_id - - timeline_title - required: - - type - - value - Security_Detections_API_BulkActionsDryRunErrCode: - enum: - - IMMUTABLE - - MACHINE_LEARNING_AUTH - - MACHINE_LEARNING_INDEX_PATTERN - - ESQL_INDEX_PATTERN - - MANUAL_RULE_RUN_FEATURE - - MANUAL_RULE_RUN_DISABLED_RULE - type: string - Security_Detections_API_BulkActionSkipResult: - type: object - properties: - id: - type: string - name: - type: string - skip_reason: - $ref: '#/components/schemas/Security_Detections_API_BulkEditSkipReason' - required: - - id - - skip_reason - Security_Detections_API_BulkCrudRulesResponse: - items: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - Security_Detections_API_BulkDeleteRules: - type: object - properties: - action: - enum: - - delete - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkDisableRules: - type: object - properties: - action: - enum: - - disable - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkDuplicateRules: - type: object - properties: - action: - enum: - - duplicate - type: string - duplicate: - type: object - properties: - include_exceptions: - description: Whether to copy exceptions from the original rule - type: boolean - include_expired_exceptions: - description: Whether to copy expired exceptions from the original rule - type: boolean - required: - - include_exceptions - - include_expired_exceptions - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkEditActionResponse: - type: object - properties: - attributes: - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleError - type: array - results: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResults - summary: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionSummary - required: - - results - - summary - message: - type: string - rules_count: - type: integer - status_code: - type: integer - success: - type: boolean - required: - - attributes - Security_Detections_API_BulkEditActionResults: - type: object - properties: - created: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - deleted: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - skipped: - items: - $ref: '#/components/schemas/Security_Detections_API_BulkActionSkipResult' - type: array - updated: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - required: - - updated - - created - - deleted - - skipped - Security_Detections_API_BulkEditActionSummary: - type: object - properties: - failed: - type: integer - skipped: - type: integer - succeeded: - type: integer - total: - type: integer - required: - - failed - - skipped - - succeeded - - total - Security_Detections_API_BulkEditRules: - type: object - properties: - action: - enum: - - edit - type: string - edit: - description: Array of objects containing the edit operations - items: - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload' - minItems: 1 - type: array - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - - edit - Security_Detections_API_BulkEditSkipReason: - enum: - - RULE_NOT_MODIFIED - type: string - Security_Detections_API_BulkEnableRules: - type: object - properties: - action: - enum: - - enable - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkExportActionResponse: - type: string - Security_Detections_API_BulkExportRules: - type: object - properties: - action: - enum: - - export - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - required: - - action - Security_Detections_API_BulkManualRuleRun: - type: object - properties: - action: - enum: - - run - type: string - ids: - description: Array of rule IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter rules - type: string - run: - type: object - properties: - end_date: - description: End date of the manual rule run - type: string - start_date: - description: Start date of the manual rule run - type: string - required: - - start_date - required: - - action - - run - Security_Detections_API_ConcurrentSearches: - minimum: 1 - type: integer - Security_Detections_API_DataViewId: - type: string - Security_Detections_API_DefaultParams: - type: object - properties: - command: - enum: - - isolate - type: string - comment: - type: string - required: - - command - Security_Detections_API_EcsMapping: - additionalProperties: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array - type: object - Security_Detections_API_EndpointResponseAction: - type: object - properties: - action_type_id: - enum: - - .endpoint - type: string - params: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_DefaultParams' - - $ref: '#/components/schemas/Security_Detections_API_ProcessesParams' - required: - - action_type_id - - params - Security_Detections_API_EqlOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - event_category_override: - $ref: '#/components/schemas/Security_Detections_API_EventCategoryOverride' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - tiebreaker_field: - $ref: '#/components/schemas/Security_Detections_API_TiebreakerField' - timestamp_field: - $ref: '#/components/schemas/Security_Detections_API_TimestampField' - Security_Detections_API_EqlQueryLanguage: - enum: - - eql - type: string - Security_Detections_API_EqlRequiredFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' - description: Query language to use - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type - enum: - - eql - type: string - required: - - type - - query - - language - Security_Detections_API_EqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' - Security_Detections_API_EqlRuleCreateFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' - Security_Detections_API_EqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' - Security_Detections_API_EqlRulePatchFields: - allOf: - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' - description: Query language to use - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: EQL query to execute - type: - description: Rule type - enum: - - eql - type: string - - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' - Security_Detections_API_EqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' - Security_Detections_API_EqlRuleResponseFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' - Security_Detections_API_EqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' - Security_Detections_API_ErrorSchema: - additionalProperties: false - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message - id: - type: string - item_id: - minLength: 1 - type: string - list_id: - minLength: 1 - type: string - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - required: - - error - Security_Detections_API_EsqlQueryLanguage: - enum: - - esql - type: string - Security_Detections_API_EsqlRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' - Security_Detections_API_EsqlRuleCreateFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' - Security_Detections_API_EsqlRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' - Security_Detections_API_EsqlRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - Security_Detections_API_EsqlRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - language: - $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: ESQL query to execute - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - type: - description: Rule type - enum: - - esql - type: string - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' - Security_Detections_API_EsqlRuleRequiredFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - description: ESQL query to execute - type: - description: Rule type - enum: - - esql - type: string - required: - - type - - language - - query - Security_Detections_API_EsqlRuleResponseFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' - Security_Detections_API_EsqlRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' - Security_Detections_API_EventCategoryOverride: - type: string - Security_Detections_API_ExceptionListType: - description: The exception type - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Detections_API_ExternalRuleSource: - description: >- - Type of rule source for externally sourced rules, i.e. rules that have - an external source, such as the Elastic Prebuilt rules repo. - type: object - properties: - is_customized: - $ref: >- - #/components/schemas/Security_Detections_API_IsExternalRuleCustomized - type: - enum: - - external - type: string - required: - - type - - is_customized - Security_Detections_API_FindRulesSortField: - enum: - - created_at - - createdAt - - enabled - - execution_summary.last_execution.date - - execution_summary.last_execution.metrics.execution_gap_duration_s - - execution_summary.last_execution.metrics.total_indexing_duration_ms - - execution_summary.last_execution.metrics.total_search_duration_ms - - execution_summary.last_execution.status - - name - - risk_score - - riskScore - - severity - - updated_at - - updatedAt - type: string - Security_Detections_API_HistoryWindowStart: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - Security_Detections_API_IndexMigrationStatus: - type: object - properties: - index: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - is_outdated: - type: boolean - migrations: - items: - $ref: '#/components/schemas/Security_Detections_API_MigrationStatus' - type: array - signal_versions: - items: - $ref: '#/components/schemas/Security_Detections_API_AlertVersion' - type: array - version: - type: integer - required: - - index - - version - - signal_versions - - migrations - - is_outdated - Security_Detections_API_IndexPatternArray: - items: - type: string - type: array - Security_Detections_API_InternalRuleSource: - description: >- - Type of rule source for internally sourced rules, i.e. created within - the Kibana apps. - type: object - properties: - type: - enum: - - internal - type: string - required: - - type - Security_Detections_API_InvestigationFields: - description: > - Schema for fields relating to investigation fields. These are user - defined fields we use to highlight - - in various features in the UI such as alert details flyout and - exceptions auto-population from alert. - - Added in PR #163235 - - Right now we only have a single field but anticipate adding more related - fields to store various - - configuration states such as `override` - where a user might say if they - want only these fields to - - display, or if they want these fields + the fields we select. When - expanding this field, it may look - - something like: - - ```typescript - - const investigationFields = z.object({ - field_names: NonEmptyArray(NonEmptyString), - override: z.boolean().optional(), - }); - - ``` - type: object - properties: - field_names: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - minItems: 1 - type: array - required: - - field_names - Security_Detections_API_InvestigationGuide: - description: Notes to help investigate alerts produced by the rule. - type: string - Security_Detections_API_IsExternalRuleCustomized: - description: >- - Determines whether an external/prebuilt rule has been customized by the - user (i.e. any of its fields have been modified and diverged from the - base value). - type: boolean - Security_Detections_API_IsRuleEnabled: - description: Determines whether the rule is enabled. - type: boolean - Security_Detections_API_IsRuleImmutable: - deprecated: true - description: >- - This field determines whether the rule is a prebuilt Elastic rule. It - will be replaced with the `rule_source` field. - type: boolean - Security_Detections_API_ItemsPerSearch: - minimum: 1 - type: integer - Security_Detections_API_KqlQueryLanguage: - enum: - - kuery - - lucene - type: string - Security_Detections_API_MachineLearningJobId: - description: Machine learning job ID - oneOf: - - type: string - - items: - type: string - minItems: 1 - type: array - Security_Detections_API_MachineLearningRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields - Security_Detections_API_MachineLearningRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields - Security_Detections_API_MachineLearningRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields - Security_Detections_API_MachineLearningRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - Security_Detections_API_MachineLearningRulePatchFields: - allOf: - - type: object - properties: - anomaly_threshold: - $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' - machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningJobId - type: - description: Rule type - enum: - - machine_learning - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields - Security_Detections_API_MachineLearningRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields - Security_Detections_API_MachineLearningRuleRequiredFields: - type: object - properties: - anomaly_threshold: - $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' - machine_learning_job_id: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' - type: - description: Rule type - enum: - - machine_learning - type: string - required: - - type - - machine_learning_job_id - - anomaly_threshold - Security_Detections_API_MachineLearningRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields - Security_Detections_API_MachineLearningRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields - Security_Detections_API_MaxSignals: - minimum: 1 - type: integer - Security_Detections_API_MigrationCleanupResult: - type: object - properties: - destinationIndex: - type: string - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - message - - status_code - id: - type: string - sourceIndex: - type: string - status: - enum: - - success - - failure - - pending - type: string - updated: - format: date-time - type: string - version: - type: string - required: - - id - - destinationIndex - - status - - sourceIndex - - version - - updated - Security_Detections_API_MigrationFinalizationResult: - type: object - properties: - completed: - type: boolean - destinationIndex: - type: string - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - message - - status_code - id: - type: string - sourceIndex: - type: string - status: - enum: - - success - - failure - - pending - type: string - updated: - format: date-time - type: string - version: - type: string - required: - - id - - completed - - destinationIndex - - status - - sourceIndex - - version - - updated - Security_Detections_API_MigrationStatus: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - status: - enum: - - success - - failure - - pending - type: string - updated: - format: date-time - type: string - version: - type: integer - required: - - id - - status - - version - - updated - Security_Detections_API_NewTermsFields: - items: - type: string - maxItems: 3 - minItems: 1 - type: array - Security_Detections_API_NewTermsRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields - Security_Detections_API_NewTermsRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields - Security_Detections_API_NewTermsRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields - Security_Detections_API_NewTermsRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_NewTermsRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - Security_Detections_API_NewTermsRulePatchFields: - allOf: - - type: object - properties: - history_window_start: - $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' - new_terms_fields: - $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields - Security_Detections_API_NewTermsRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' - Security_Detections_API_NewTermsRuleRequiredFields: - type: object - properties: - history_window_start: - $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' - new_terms_fields: - $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string - required: - - type - - query - - new_terms_fields - - history_window_start - Security_Detections_API_NewTermsRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_NewTermsRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields - Security_Detections_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Detections_API_NormalizedRuleAction: - additionalProperties: false - type: object - properties: - alerts_filter: - $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' - frequency: - $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' - group: - $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleActionId' - params: - $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' - required: - - id - - params - Security_Detections_API_NormalizedRuleError: - type: object - properties: - err_code: - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode - message: - type: string - rules: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleDetailsInError' - type: array - status_code: - type: integer - required: - - message - - status_code - - rules - Security_Detections_API_OsqueryParams: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Detections_API_EcsMapping' - pack_id: - type: string - queries: - items: - $ref: '#/components/schemas/Security_Detections_API_OsqueryQuery' - type: array - query: - type: string - saved_query_id: - type: string - timeout: - type: number - Security_Detections_API_OsqueryQuery: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Detections_API_EcsMapping' - id: - description: Query ID - type: string - platform: - type: string - query: - description: Query to run - type: string - removed: - type: boolean - snapshot: - type: boolean - version: - description: Query version - type: string - required: - - id - - query - Security_Detections_API_OsqueryResponseAction: - type: object - properties: - action_type_id: - enum: - - .osquery - type: string - params: - $ref: '#/components/schemas/Security_Detections_API_OsqueryParams' - required: - - action_type_id - - params - Security_Detections_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Detections_API_ProcessesParams: - type: object - properties: - command: - enum: - - kill-process - - suspend-process - type: string - comment: - type: string - config: - type: object - properties: - field: - description: Field to use instead of process.pid - type: string - overwrite: - default: true - description: Whether to overwrite field with process.pid - type: boolean - required: - - field - required: - - command - - config - Security_Detections_API_QueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' - Security_Detections_API_QueryRuleCreateFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields - Security_Detections_API_QueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' - Security_Detections_API_QueryRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - Security_Detections_API_QueryRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - Security_Detections_API_QueryRulePatchFields: - allOf: - - type: object - properties: - type: - description: Rule type - enum: - - query - type: string - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields - Security_Detections_API_QueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' - Security_Detections_API_QueryRuleRequiredFields: - type: object - properties: - type: - description: Rule type - enum: - - query - type: string - required: - - type - Security_Detections_API_QueryRuleResponseFields: - allOf: - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - required: - - query - - language - Security_Detections_API_QueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' - Security_Detections_API_RelatedIntegration: - description: > - Related integration is a potential dependency of a rule. It's assumed - that if the user installs - - one of the related integrations of a rule, the rule might start to work - properly because it will - - have source events (generated by this integration) potentially matching - the rule's query. - - - NOTE: Proper work is not guaranteed, because a related integration, if - installed, can be - - configured differently or generate data that is not necessarily relevant - for this rule. - - - Related integration is a combination of a Fleet package and (optionally) - one of the - - package's "integrations" that this package contains. It is represented - by 3 properties: - - - - `package`: name of the package (required, unique id) - - - `version`: version of the package (required, semver-compatible) - - - `integration`: name of the integration of this package (optional, id - within the package) - - - There are Fleet packages like `windows` that contain only one - integration; in this case, - - `integration` should be unspecified. There are also packages like `aws` - and `azure` that contain - - several integrations; in this case, `integration` should be specified. - - - @example - - const x: RelatedIntegration = { - package: 'windows', - version: '1.5.x', - }; - - - @example - - const x: RelatedIntegration = { - package: 'azure', - version: '~1.1.6', - integration: 'activitylogs', - }; - type: object - properties: - integration: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - package: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - version: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - package - - version - Security_Detections_API_RelatedIntegrationArray: - items: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' - type: array - Security_Detections_API_RequiredField: - description: > - Describes an Elasticsearch field that is needed for the rule to - function. - - - Almost all types of Security rules check source event documents for a - match to some kind of - - query or filter. If a document has certain field with certain values, - then it's a match and - - the rule will generate an alert. - - - Required field is an event field that must be present in the source - indices of a given rule. - - - @example - - const standardEcsField: RequiredField = { - name: 'event.action', - type: 'keyword', - ecs: true, - }; - - - @example - - const nonEcsField: RequiredField = { - name: 'winlog.event_data.AttributeLDAPDisplayName', - type: 'keyword', - ecs: false, - }; - type: object - properties: - ecs: - description: Whether the field is an ECS field - type: boolean - name: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Type of the Elasticsearch field - required: - - name - - type - - ecs - Security_Detections_API_RequiredFieldArray: - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredField' - type: array - Security_Detections_API_RequiredFieldInput: - description: >- - Input parameters to create a RequiredField. Does not include the `ecs` - field, because `ecs` is calculated on the backend based on the field - name and type. - type: object - properties: - name: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Name of an Elasticsearch field - type: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: Type of an Elasticsearch field - required: - - name - - type - Security_Detections_API_ResponseAction: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_OsqueryResponseAction' - - $ref: '#/components/schemas/Security_Detections_API_EndpointResponseAction' - Security_Detections_API_ResponseFields: - type: object - properties: - created_at: - format: date-time - type: string - created_by: - type: string - execution_summary: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - immutable: - $ref: '#/components/schemas/Security_Detections_API_IsRuleImmutable' - required_fields: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldArray' - revision: - minimum: 0 - type: integer - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_source: - $ref: '#/components/schemas/Security_Detections_API_RuleSource' - updated_at: - format: date-time - type: string - updated_by: - type: string - required: - - id - - rule_id - - immutable - - rule_source - - updated_at - - updated_by - - created_at - - created_by - - revision - - related_integrations - - required_fields - Security_Detections_API_RiskScore: - description: Risk score (0 to 100) - maximum: 100 - minimum: 0 - type: integer - Security_Detections_API_RiskScoreMapping: - description: >- - Overrides generated alerts' risk_score with a value from the source - event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - value: - type: string - required: - - field - - operator - - value - type: array - Security_Detections_API_RuleAction: - type: object - properties: - action_type_id: - description: The action type used for sending notifications. - type: string - alerts_filter: - $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' - frequency: - $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' - group: - $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleActionId' - params: - $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' - uuid: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - action_type_id - - id - - params - Security_Detections_API_RuleActionAlertsFilter: - additionalProperties: true - type: object - Security_Detections_API_RuleActionFrequency: - description: >- - The action frequency defines when the action runs (for example, only on - rule execution or at specific time intervals). - type: object - properties: - notifyWhen: - $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' - summary: - description: >- - Action summary indicates whether we will send a summary notification - about all the generate alerts or notification per individual alert - type: boolean - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - nullable: true - required: - - summary - - notifyWhen - - throttle - Security_Detections_API_RuleActionGroup: - description: >- - Optionally groups actions by use cases. Use `default` for alert - notifications. - type: string - Security_Detections_API_RuleActionId: - description: The connector ID. - type: string - Security_Detections_API_RuleActionNotifyWhen: - description: >- - The condition for throttling the notification: `onActionGroupChange`, - `onActiveAlert`, or `onThrottleInterval` - enum: - - onActiveAlert - - onThrottleInterval - - onActionGroupChange - type: string - Security_Detections_API_RuleActionParams: - additionalProperties: true - description: >- - Object containing the allowed connector fields, which varies according - to the connector type. - type: object - Security_Detections_API_RuleActionThrottle: - description: Defines how often rule actions are taken. - oneOf: - - enum: - - no_actions - - rule - type: string - - description: Time interval in seconds, minutes, hours, or days. - example: 1h - pattern: ^[1-9]\d*[smhd]$ - type: string - Security_Detections_API_RuleAuthorArray: - items: - type: string - type: array - Security_Detections_API_RuleCreateProps: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' - discriminator: - propertyName: type - Security_Detections_API_RuleDescription: - minLength: 1 - type: string - Security_Detections_API_RuleDetailsInError: - type: object - properties: - id: - type: string - name: - type: string - required: - - id - Security_Detections_API_RuleExceptionList: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: ID of the exception container - list_id: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - description: List ID of the exception container - namespace_type: - description: Determines the exceptions validity in rule's Kibana space - enum: - - agnostic - - single - type: string - type: - $ref: '#/components/schemas/Security_Detections_API_ExceptionListType' - required: - - id - - list_id - - type - - namespace_type - Security_Detections_API_RuleExecutionMetrics: - type: object - properties: - execution_gap_duration_s: - description: Duration in seconds of execution gap - minimum: 0 - type: integer - total_enrichment_duration_ms: - description: >- - Total time spent enriching documents during current rule execution - cycle - minimum: 0 - type: integer - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during current rule execution - cycle - minimum: 0 - type: integer - total_search_duration_ms: - description: >- - Total time spent performing ES searches as measured by Kibana; - includes network latency and time spent serializing/deserializing - request/response - minimum: 0 - type: integer - Security_Detections_API_RuleExecutionStatus: - description: >- - Custom execution status of Security rules that is different from the - status used in the Alerting Framework. We merge our custom status with - the Framework's status to determine the resulting status of a rule. - - - going to run - @deprecated Replaced by the 'running' status but left - for backwards compatibility with rule execution events already written - to Event Log in the prior versions of Kibana. Don't use when writing - rule status changes. - - - running - Rule execution started but not reached any intermediate or - final status. - - - partial failure - Rule can partially fail for various reasons either - in the middle of an execution (in this case we update its status right - away) or in the end of it. So currently this status can be both - intermediate and final at the same time. A typical reason for a partial - failure: not all the indices that the rule searches over actually exist. - - - failed - Rule failed to execute due to unhandled exception or a reason - defined in the business logic of its executor function. - - - succeeded - Rule executed successfully without any issues. Note: this - status is just an indication of a rule's "health". The rule might or - might not generate any alerts despite of it. - enum: - - going to run - - running - - partial failure - - failed - - succeeded - type: string - Security_Detections_API_RuleExecutionStatusOrder: - type: integer - Security_Detections_API_RuleExecutionSummary: - type: object - properties: - last_execution: - type: object - properties: - date: - description: Date of the last execution - format: date-time - type: string - message: - type: string - metrics: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionMetrics - status: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' - description: Status of the last execution - status_order: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder - required: - - date - - status - - status_order - - message - - metrics - required: - - last_execution - Security_Detections_API_RuleFalsePositiveArray: - items: - type: string - type: array - Security_Detections_API_RuleFilterArray: - items: {} - type: array - Security_Detections_API_RuleInterval: - description: >- - Frequency of rule execution, using a date math range. For example, "1h" - means the rule runs every hour. Defaults to 5m (5 minutes). - type: string - Security_Detections_API_RuleIntervalFrom: - description: >- - Time from which data is analyzed each time the rule runs, using a date - math range. For example, now-4200s means the rule analyzes data from 70 - minutes before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). - format: date-math - type: string - Security_Detections_API_RuleIntervalTo: - type: string - Security_Detections_API_RuleLicense: - description: The rule's license. - type: string - Security_Detections_API_RuleMetadata: - additionalProperties: true - type: object - Security_Detections_API_RuleName: - minLength: 1 - type: string - Security_Detections_API_RuleNameOverride: - description: Sets the source field for the alert's signal.rule.name value - type: string - Security_Detections_API_RuleObjectId: - $ref: '#/components/schemas/Security_Detections_API_UUID' - Security_Detections_API_RulePatchProps: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' - - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps - - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' - Security_Detections_API_RulePreviewLoggedRequest: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - duration: - type: integer - request: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - request - Security_Detections_API_RulePreviewLogs: - type: object - properties: - duration: - description: Execution duration in milliseconds - type: integer - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - requests: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest - type: array - startedAt: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - warnings: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: array - required: - - errors - - warnings - - duration - Security_Detections_API_RulePreviewParams: - type: object - properties: - invocationCount: - type: integer - timeframeEnd: - format: date-time - type: string - required: - - invocationCount - - timeframeEnd - Security_Detections_API_RuleQuery: - type: string - Security_Detections_API_RuleReferenceArray: - items: - type: string - type: array - Security_Detections_API_RuleResponse: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRule' - - $ref: '#/components/schemas/Security_Detections_API_QueryRule' - - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule' - - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule' - - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule' - - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule' - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRule' - discriminator: - propertyName: type - Security_Detections_API_RuleSignatureId: - description: Could be any string, not necessarily a UUID - type: string - Security_Detections_API_RuleSource: - description: >- - Discriminated union that determines whether the rule is internally - sourced (created within the Kibana app) or has an external source, such - as the Elastic Prebuilt rules repo. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' - - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' - Security_Detections_API_RuleTagArray: - description: >- - String array containing words and phrases to help categorize, filter, - and search rules. Defaults to an empty array. - items: - type: string - type: array - Security_Detections_API_RuleUpdateProps: - anyOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' - discriminator: - propertyName: type - Security_Detections_API_RuleVersion: - description: The rule's version number. - minimum: 1 - type: integer - Security_Detections_API_SavedObjectResolveAliasPurpose: - enum: - - savedObjectConversion - - savedObjectImport - type: string - Security_Detections_API_SavedObjectResolveAliasTargetId: - type: string - Security_Detections_API_SavedObjectResolveOutcome: - enum: - - exactMatch - - aliasMatch - - conflict - type: string - Security_Detections_API_SavedQueryId: - type: string - Security_Detections_API_SavedQueryRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields - Security_Detections_API_SavedQueryRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields - Security_Detections_API_SavedQueryRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields - Security_Detections_API_SavedQueryRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_SavedQueryRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - Security_Detections_API_SavedQueryRulePatchFields: - allOf: - - type: object - properties: - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - type: - description: Rule type - enum: - - saved_query - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields - Security_Detections_API_SavedQueryRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields - Security_Detections_API_SavedQueryRuleRequiredFields: - type: object - properties: - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - type: - description: Rule type - enum: - - saved_query - type: string - required: - - type - - saved_id - Security_Detections_API_SavedQueryRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_SavedQueryRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields - Security_Detections_API_SetAlertsStatusByIds: - type: object - properties: - signal_ids: - items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - minItems: 1 - type: array - status: - $ref: '#/components/schemas/Security_Detections_API_AlertStatus' - required: - - signal_ids - - status - Security_Detections_API_SetAlertsStatusByQuery: - type: object - properties: - conflicts: - default: abort - enum: - - abort - - proceed - type: string - query: - additionalProperties: true - type: object - status: - $ref: '#/components/schemas/Security_Detections_API_AlertStatus' - required: - - query - - status - Security_Detections_API_SetAlertTags: - type: object - properties: - tags_to_add: - $ref: '#/components/schemas/Security_Detections_API_AlertTags' - tags_to_remove: - $ref: '#/components/schemas/Security_Detections_API_AlertTags' - required: - - tags_to_add - - tags_to_remove - Security_Detections_API_SetupGuide: - type: string - Security_Detections_API_Severity: - description: Severity of the rule - enum: - - low - - medium - - high - - critical - type: string - Security_Detections_API_SeverityMapping: - description: Overrides generated alerts' severity with values from the source event - items: - type: object - properties: - field: - type: string - operator: - enum: - - equals - type: string - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - value: - type: string - required: - - field - - operator - - severity - - value - type: array - Security_Detections_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Detections_API_SkippedAlertsIndexMigration: - type: object - properties: - index: - type: string - required: - - index - Security_Detections_API_SortOrder: - enum: - - asc - - desc - type: string - Security_Detections_API_Threat: - type: object - properties: - framework: - description: Relevant attack framework - type: string - tactic: - $ref: '#/components/schemas/Security_Detections_API_ThreatTactic' - technique: - description: Array containing information on the attack techniques (optional) - items: - $ref: '#/components/schemas/Security_Detections_API_ThreatTechnique' - type: array - required: - - framework - - tactic - Security_Detections_API_ThreatArray: - items: - $ref: '#/components/schemas/Security_Detections_API_Threat' - type: array - Security_Detections_API_ThreatFilters: - items: - description: >- - Query and filter context array used to filter documents from the - Elasticsearch index containing the threat values - type: array - Security_Detections_API_ThreatIndex: - items: - type: string - type: array - Security_Detections_API_ThreatIndicatorPath: - description: >- - Defines the path to the threat indicator in the indicator documents - (optional) - type: string - Security_Detections_API_ThreatMapping: - items: - type: object - properties: - entries: - items: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - type: - enum: - - mapping - type: string - value: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - field - - type - - value - type: array - required: - - entries - minItems: 1 - type: array - Security_Detections_API_ThreatMatchRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields - Security_Detections_API_ThreatMatchRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields - Security_Detections_API_ThreatMatchRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields - Security_Detections_API_ThreatMatchRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_ThreatMatchRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' - concurrent_searches: - $ref: '#/components/schemas/Security_Detections_API_ConcurrentSearches' - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - items_per_search: - $ref: '#/components/schemas/Security_Detections_API_ItemsPerSearch' - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - threat_filters: - $ref: '#/components/schemas/Security_Detections_API_ThreatFilters' - threat_indicator_path: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndicatorPath' - threat_language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_ThreatMatchRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' - type: - description: Rule type - enum: - - threat_match - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields - Security_Detections_API_ThreatMatchRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields - Security_Detections_API_ThreatMatchRuleRequiredFields: - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' - type: - description: Rule type - enum: - - threat_match - type: string - required: - - type - - query - - threat_query - - threat_mapping - - threat_index - Security_Detections_API_ThreatMatchRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_ThreatMatchRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields - Security_Detections_API_ThreatQuery: - description: Query to run - type: string - Security_Detections_API_ThreatSubtechnique: - type: object - properties: - id: - description: Subtechnique ID - type: string - name: - description: Subtechnique name - type: string - reference: - description: Subtechnique reference - type: string - required: - - id - - name - - reference - Security_Detections_API_ThreatTactic: - type: object - properties: - id: - description: Tactic ID - type: string - name: - description: Tactic name - type: string - reference: - description: Tactic reference - type: string - required: - - id - - name - - reference - Security_Detections_API_ThreatTechnique: - type: object - properties: - id: - description: Technique ID - type: string - name: - description: Technique name - type: string - reference: - description: Technique reference - type: string - subtechnique: - description: Array containing more specific information on the attack technique - items: - $ref: '#/components/schemas/Security_Detections_API_ThreatSubtechnique' - type: array - required: - - id - - name - - reference - Security_Detections_API_Threshold: - type: object - properties: - cardinality: - $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality' - field: - $ref: '#/components/schemas/Security_Detections_API_ThresholdField' - value: - $ref: '#/components/schemas/Security_Detections_API_ThresholdValue' - required: - - field - - value - Security_Detections_API_ThresholdAlertSuppression: - type: object - properties: - duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration - required: - - duration - Security_Detections_API_ThresholdCardinality: - items: - type: object - properties: - field: - type: string - value: - minimum: 0 - type: integer - required: - - field - - value - type: array - Security_Detections_API_ThresholdField: - description: Field to aggregate on - oneOf: - - type: string - - items: - type: string - type: array - Security_Detections_API_ThresholdRule: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields - - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields - Security_Detections_API_ThresholdRuleCreateFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields - Security_Detections_API_ThresholdRuleCreateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields - Security_Detections_API_ThresholdRuleDefaultableFields: - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - Security_Detections_API_ThresholdRuleOptionalFields: - type: object - properties: - alert_suppression: - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdAlertSuppression - data_view_id: - $ref: '#/components/schemas/Security_Detections_API_DataViewId' - filters: - $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' - index: - $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - Security_Detections_API_ThresholdRulePatchFields: - allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields - Security_Detections_API_ThresholdRulePatchProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRulePatchFields - Security_Detections_API_ThresholdRuleRequiredFields: - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string - required: - - type - - query - - threshold - Security_Detections_API_ThresholdRuleResponseFields: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language - Security_Detections_API_ThresholdRuleUpdateProps: - allOf: - - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose - alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray - required_fields: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields - Security_Detections_API_ThresholdValue: - description: Threshold value - minimum: 1 - type: integer - Security_Detections_API_ThrottleForBulkActions: - description: >- - The condition for throttling the notification: 'rule', 'no_actions', or - time duration - enum: - - rule - - 1h - - 1d - - 7d - type: string - Security_Detections_API_TiebreakerField: - description: Sets a secondary field for sorting events - type: string - Security_Detections_API_TimelineTemplateId: - description: Timeline template ID - type: string - Security_Detections_API_TimelineTemplateTitle: - description: Timeline template title - type: string - Security_Detections_API_TimestampField: - description: Contains the event timestamp used for sorting a sequence of events - type: string - Security_Detections_API_TimestampOverride: - description: Sets the time field used to query indices - type: string - Security_Detections_API_TimestampOverrideFallbackDisabled: - description: Disables the fallback to the event's @timestamp field - type: boolean - Security_Detections_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Detections_API_WarningSchema: - type: object - properties: - actionPath: - type: string - buttonLabel: - type: string - message: - type: string - type: - type: string - required: - - type - - message - - actionPath - Security_Endpoint_Exceptions_API_EndpointList: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' - - additionalProperties: false - type: object - Security_Endpoint_Exceptions_API_EndpointListItem: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' - Security_Endpoint_Exceptions_API_ExceptionList: - type: object - properties: - _version: - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId - immutable: - type: boolean - list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType - updated_at: - format: date-time - type: string - updated_by: - type: string - version: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion - required: - - id - - list_id - - type - - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Endpoint_Exceptions_API_ExceptionListDescription: - type: string - Security_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` - Security_Endpoint_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItem: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - tie_breaker_id: - type: string - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - updated_at: - format: date-time - type: string - updated_by: - type: string - required: - - id - - item_id - - list_id - - type - - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Endpoint_Exceptions_API_ExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - created_at: - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - updated_at: - format: date-time - type: string - updated_by: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - required: - - id - - comment - - created_at - - created_by - Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Endpoint_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - exists - type: string - required: - - type - - field - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryList: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - list - type: string - required: - - type - - field - - list - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match - type: string - value: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any - type: string - value: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - minItems: 1 - type: array - required: - - type - - field - - value - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard - type: string - value: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested: - type: object - properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - type: - enum: - - nested - type: string - required: - - type - - field - - entries - Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemTags: - items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - type: array - Security_Endpoint_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Endpoint_Exceptions_API_ExceptionListMeta: - additionalProperties: true - type: object - Security_Endpoint_Exceptions_API_ExceptionListName: - type: string - Security_Endpoint_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType - type: array - Security_Endpoint_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Endpoint_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Endpoint_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Endpoint_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - Security_Endpoint_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Endpoint_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Endpoint_Exceptions_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Endpoint_Exceptions_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Endpoint_Management_API_ActionLogRequestQuery: - type: object - properties: - end_date: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - page_size: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' - start_date: - $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' - Security_Endpoint_Management_API_ActionStateSuccessResponse: - type: object - properties: - body: - type: object - properties: - data: - type: object - properties: - canEncrypt: - type: boolean - required: - - data - required: - - body - Security_Endpoint_Management_API_ActionStatusSuccessResponse: - type: object - properties: - body: - type: object - properties: - data: - type: object - properties: - agent_id: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AgentId - pending_actions: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema - required: - - agent_id - - pending_actions - required: - - data - required: - - body - Security_Endpoint_Management_API_AgentId: - description: Agent ID - type: string - Security_Endpoint_Management_API_AgentIds: - minLength: 1 - oneOf: - - items: - minLength: 1 - type: string - maxItems: 50 - minItems: 1 - type: array - - minLength: 1 - type: string - Security_Endpoint_Management_API_AgentTypes: - enum: - - endpoint - - sentinel_one - - crowdstrike - type: string - Security_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' - minItems: 1 - type: array - Security_Endpoint_Management_API_CaseIds: - description: Case IDs to be updated (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Endpoint_Management_API_Command: - description: The command to be executed (cannot be an empty string) - enum: - - isolate - - unisolate - - kill-process - - suspend-process - - running-processes - - get-file - - execute - - upload - - scan - minLength: 1 - type: string - Security_Endpoint_Management_API_Commands: - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' - type: array - Security_Endpoint_Management_API_Comment: - description: Optional comment - type: string - Security_Endpoint_Management_API_EndDate: - description: End date - type: string - Security_Endpoint_Management_API_EndpointIds: - description: List of endpoint IDs (cannot contain empty strings) - items: - minLength: 1 - type: string - minItems: 1 - type: array - Security_Endpoint_Management_API_EntityId: - type: object - properties: - entity_id: - minLength: 1 - type: string - Security_Endpoint_Management_API_ExecuteRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - command: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Command - timeout: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Timeout - required: - - command - required: - - parameters - Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: - type: object - properties: - agentIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' - agentTypes: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - commands: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' - endDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' - types: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' - userIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' - withOutputs: - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' - Security_Endpoint_Management_API_GetFileRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Endpoint_Management_API_GetProcessesRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema - Security_Endpoint_Management_API_IsolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema - Security_Endpoint_Management_API_KillProcessRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId - - type: object - properties: - process_name: - description: Valid for SentinelOne agent type only - minLength: 1 - type: string - required: - - parameters - Security_Endpoint_Management_API_ListRequestQuery: - type: object - properties: - hostStatuses: - items: - enum: - - healthy - - offline - - updating - - inactive - - unenrolled - type: string - type: array - kuery: - nullable: true - type: string - page: - default: 0 - description: Page number - minimum: 0 - type: integer - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - sortDirection: - enum: - - asc - - desc - nullable: true - type: string - sortField: - enum: - - enrolled_at - - metadata.host.hostname - - host_status - - metadata.Endpoint.policy.applied.name - - metadata.Endpoint.policy.applied.status - - metadata.host.os.name - - metadata.host.ip - - metadata.agent.version - - last_checkin - type: string - required: - - hostStatuses - Security_Endpoint_Management_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Endpoint_Management_API_NoParametersRequestSchema: - type: object - properties: - body: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - required: - - body - Security_Endpoint_Management_API_Page: - default: 1 - description: Page number - minimum: 1 - type: integer - Security_Endpoint_Management_API_PageSize: - default: 10 - description: Number of items per page - maximum: 100 - minimum: 1 - type: integer - Security_Endpoint_Management_API_Parameters: - description: Optional parameters object - type: object - Security_Endpoint_Management_API_PendingActionDataType: - type: integer - Security_Endpoint_Management_API_PendingActionsSchema: - oneOf: - - type: object - properties: - execute: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - get-file: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - isolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - kill-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - running-processes: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - scan: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - suspend-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - unisolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - upload: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - - additionalProperties: true - type: object - Security_Endpoint_Management_API_Pid: - type: object - properties: - pid: - minimum: 1 - type: integer - Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: - type: object - properties: - note: - type: string - Security_Endpoint_Management_API_ScanRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters - Security_Endpoint_Management_API_StartDate: - description: Start date - type: string - Security_Endpoint_Management_API_SuccessResponse: - type: object - properties: {} - Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId - required: - - parameters - Security_Endpoint_Management_API_Timeout: - description: The maximum timeout value in milliseconds (optional) - minimum: 1 - type: integer - Security_Endpoint_Management_API_Type: - description: Type of response action - enum: - - automated - - manual - type: string - Security_Endpoint_Management_API_Types: - description: List of types of response actions - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' - maxLength: 2 - minLength: 1 - type: array - Security_Endpoint_Management_API_UnisolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema - Security_Endpoint_Management_API_UploadRouteRequestBody: - allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - file: - format: binary - type: string - parameters: - type: object - properties: - overwrite: - default: false - type: boolean - required: - - parameters - - file - Security_Endpoint_Management_API_UserIds: - description: User IDs - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string - Security_Endpoint_Management_API_WithOutputs: - description: Shows detailed outputs for an action response - oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string - Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: - type: object - properties: - index: - type: integer - message: - type: string - required: - - message - - index - Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats: - type: object - properties: - failed: - type: integer - successful: - type: integer - total: - type: integer - required: - - successful - - failed - - total - Security_Entity_Analytics_API_AssetCriticalityLevel: - description: The criticality level of the asset. - enum: - - low_impact - - medium_impact - - high_impact - - extreme_impact - type: string - Security_Entity_Analytics_API_AssetCriticalityRecord: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts - - type: object - properties: - '@timestamp': - description: The time the record was created or updated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - required: - - '@timestamp' - Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - asset - host: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - name: - type: string - required: - - name - user: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - name: - type: string - required: - - name - required: - - asset - Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: - type: object - properties: - id_field: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - description: The field representing the ID. - example: host.name - id_value: - description: The ID value of the asset. - type: string - required: - - id_value - - id_field - Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse: - type: object - properties: - cleanup_successful: - example: false - type: boolean - errors: - items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error - type: array - required: - - cleanup_successful - - errors - Security_Entity_Analytics_API_CreateAssetCriticalityRecord: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts - - type: object - properties: - criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality_level - Security_Entity_Analytics_API_EngineDataviewUpdateResult: - type: object - properties: - changes: - type: object - properties: - indexPatterns: - items: - type: string - type: array - type: - type: string - required: - - type - Security_Entity_Analytics_API_EngineDescriptor: - type: object - properties: - fieldHistoryLength: - type: integer - filter: - type: string - indexPattern: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' - status: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' - type: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - required: - - type - - indexPattern - - status - - fieldHistoryLength - Security_Entity_Analytics_API_EngineStatus: - enum: - - installing - - started - - stopped - - updating - - error - type: string - Security_Entity_Analytics_API_Entity: - oneOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity' - - $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity' - Security_Entity_Analytics_API_EntityRiskLevels: - enum: - - Unknown - - Low - - Moderate - - High - - Critical - type: string - Security_Entity_Analytics_API_EntityRiskScoreRecord: - type: object - properties: - '@timestamp': - description: The time at which the risk score was calculated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - calculated_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' - description: Lexical description of the entity's risk. - example: Critical - calculated_score: - description: The raw numeric value of the given entity's risk score. - format: double - type: number - calculated_score_norm: - description: >- - The normalized numeric value of the given entity's risk score. - Useful for comparing with other entities. - format: double - maximum: 100 - minimum: 0 - type: number - category_1_count: - description: >- - The number of risk input documents that contributed to the Category - 1 score (`category_1_score`). - format: integer - type: number - category_1_score: - description: >- - The contribution of Category 1 to the overall risk score - (`calculated_score`). Category 1 contains Detection Engine Alerts. - format: double - type: number - category_2_count: - format: integer - type: number - category_2_score: - format: double - type: number - criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - criticality_modifier: - format: double - type: number - id_field: - description: >- - The identifier field defining this risk score. Coupled with - `id_value`, uniquely identifies the entity being scored. - example: host.name - type: string - id_value: - description: >- - The identifier value defining this risk score. Coupled with - `id_field`, uniquely identifies the entity being scored. - example: example.host - type: string - inputs: - description: >- - A list of the highest-risk documents contributing to this risk - score. Useful for investigative purposes. - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput' - type: array - notes: - items: - type: string - type: array - required: - - '@timestamp' - - id_field - - id_value - - calculated_level - - calculated_score - - calculated_score_norm - - category_1_score - - category_1_count - - inputs - - notes - Security_Entity_Analytics_API_EntityType: - enum: - - user - - host - type: string - Security_Entity_Analytics_API_HostEntity: - type: object - properties: - '@timestamp': - format: date-time - type: string - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - entity: - type: object - properties: - name: - type: string - source: - type: string - required: - - name - - source - host: - type: object - properties: - architecture: - items: - type: string - type: array - domain: - items: - type: string - type: array - hostname: - items: - type: string - type: array - id: - items: - type: string - type: array - ip: - items: - type: string - type: array - mac: - items: - type: string - type: array - name: - type: string - risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord - type: - items: - type: string - type: array - required: - - name - required: - - '@timestamp' - - host - - entity - Security_Entity_Analytics_API_IdField: - enum: - - host.name - - user.name - type: string - Security_Entity_Analytics_API_IndexPattern: - type: string - Security_Entity_Analytics_API_InspectQuery: - type: object - properties: - dsl: - items: - type: string - type: array - response: - items: - type: string - type: array - required: - - dsl - - response - Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: - type: object - properties: - full_error: - type: string - message: - type: string - required: - - message - - full_error - Security_Entity_Analytics_API_RiskEngineScheduleNowResponse: - type: object - properties: - success: - type: boolean - Security_Entity_Analytics_API_RiskScoreInput: - description: A generic representation of a document contributing to a Risk Score. - type: object - properties: - category: - description: The risk category of the risk input document. - example: category_1 - type: string - contribution_score: - format: double - type: number - description: - description: A human-readable description of the risk input document. - example: 'Generated from Detection Engine Rule: Malware Prevention Alert' - type: string - id: - description: The unique identifier (`_id`) of the original source document - example: 91a93376a507e86cfbf282166275b89f9dbdb1f0be6c8103c6ff2909ca8e1a1c - type: string - index: - description: The unique index (`_index`) of the original source document - example: .internal.alerts-security.alerts-default-000001 - type: string - risk_score: - description: The weighted risk score of the risk input document. - format: double - maximum: 100 - minimum: 0 - type: number - timestamp: - description: The @timestamp of the risk input document. - example: '2017-07-21T17:32:28Z' - type: string - required: - - id - - index - - description - - category - Security_Entity_Analytics_API_TaskManagerUnavailableResponse: - description: Task manager is unavailable - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message - Security_Entity_Analytics_API_UserEntity: - type: object - properties: - '@timestamp': - format: date-time - type: string - asset: - type: object - properties: - criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel - required: - - criticality - entity: - type: object - properties: - name: - type: string - source: - type: string - required: - - name - - source - user: - type: object - properties: - domain: - items: - type: string - type: array - email: - items: - type: string - type: array - full_name: - items: - type: string - type: array - hash: - items: - type: string - type: array - id: - items: - type: string - type: array - name: - type: string - risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord - roles: - items: - type: string - type: array - required: - - name - required: - - '@timestamp' - - user - - entity - Security_Exceptions_API_CreateExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - comment - Security_Exceptions_API_CreateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment - type: array - Security_Exceptions_API_CreateRuleExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - comment - Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment - type: array - Security_Exceptions_API_CreateRuleExceptionListItemProps: - type: object - properties: - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - default: [] - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' - required: - - type - - name - - description - - entries - Security_Exceptions_API_ExceptionList: - type: object - properties: - _version: - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - immutable: - type: boolean - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' - updated_at: - format: date-time - type: string - updated_by: - type: string - version: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' - required: - - id - - list_id - - type - - name - - description - - immutable - - namespace_type - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Exceptions_API_ExceptionListDescription: - type: string - Security_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` - Security_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItem: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time - type: string - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' - updated_at: - format: date-time - type: string - updated_by: - type: string - required: - - id - - item_id - - list_id - - type - - name - - description - - entries - - namespace_type - - comments - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Exceptions_API_ExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - created_at: - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - updated_at: - format: date-time - type: string - updated_by: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - id - - comment - - created_at - - created_by - Security_Exceptions_API_ExceptionListItemCommentArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' - type: array - Security_Exceptions_API_ExceptionListItemDescription: - type: string - Security_Exceptions_API_ExceptionListItemEntry: - anyOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard - discriminator: - propertyName: type - Security_Exceptions_API_ExceptionListItemEntryArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntry' - type: array - Security_Exceptions_API_ExceptionListItemEntryExists: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - exists - type: string - required: - - type - - field - - operator - Security_Exceptions_API_ExceptionListItemEntryList: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Exceptions_API_ListType' - required: - - id - - type - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - list - type: string - required: - - type - - field - - list - - operator - Security_Exceptions_API_ExceptionListItemEntryMatch: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match - type: string - value: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Exceptions_API_ExceptionListItemEntryMatchAny: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - match_any - type: string - value: - items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - minItems: 1 - type: array - required: - - type - - field - - value - - operator - Security_Exceptions_API_ExceptionListItemEntryMatchWildcard: - type: object - properties: - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator - type: - enum: - - wildcard - type: string - value: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - type - - field - - value - - operator - Security_Exceptions_API_ExceptionListItemEntryNested: - type: object - properties: - entries: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem - minItems: 1 - type: array - field: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - type: - enum: - - nested - type: string - required: - - type - - field - - entries - Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - Security_Exceptions_API_ExceptionListItemEntryOperator: - enum: - - excluded - - included - type: string - Security_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItemMeta: - additionalProperties: true - type: object - Security_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ExceptionListItemOsTypeArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' - type: array - Security_Exceptions_API_ExceptionListItemTags: - items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - type: array - Security_Exceptions_API_ExceptionListItemType: - enum: - - simple - type: string - Security_Exceptions_API_ExceptionListMeta: - additionalProperties: true - type: object - Security_Exceptions_API_ExceptionListName: - type: string - Security_Exceptions_API_ExceptionListOsType: - enum: - - linux - - macos - - windows - type: string - Security_Exceptions_API_ExceptionListOsTypeArray: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' - type: array - Security_Exceptions_API_ExceptionListsImportBulkError: - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - required: - - error - Security_Exceptions_API_ExceptionListsImportBulkErrorArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError - type: array - Security_Exceptions_API_ExceptionListTags: - items: - type: string - type: array - Security_Exceptions_API_ExceptionListType: - enum: - - detection - - rule_default - - endpoint - - endpoint_trusted_apps - - endpoint_events - - endpoint_host_isolation_exceptions - - endpoint_blocklists - type: string - Security_Exceptions_API_ExceptionListVersion: - minimum: 1 - type: integer - Security_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - - in which it is created, where: - - - - `single`: Only available in the Kibana space in which it is created. - - - `agnostic`: Available in all Kibana spaces. - enum: - - agnostic - - single - type: string - Security_Exceptions_API_FindExceptionListItemsFilter: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_FindExceptionListsFilter: - type: string - Security_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - Security_Exceptions_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Exceptions_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Exceptions_API_RuleId: - $ref: '#/components/schemas/Security_Exceptions_API_UUID' - Security_Exceptions_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Exceptions_API_UpdateExceptionListItemComment: - type: object - properties: - comment: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - id: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - required: - - comment - Security_Exceptions_API_UpdateExceptionListItemCommentArray: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment - type: array - Security_Exceptions_API_UUID: - description: A universally unique identifier - format: uuid - type: string - Security_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_FindListItemsFilter: - type: string - Security_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_FindListsFilter: - type: string - Security_Lists_API_List: - type: object - properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - immutable: - type: boolean - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - updated_at: - format: date-time - type: string - updated_by: - type: string - version: - minimum: 1 - type: integer - required: - - id - - type - - name - - description - - immutable - - version - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListItem: - type: object - properties: - _version: - type: string - '@timestamp': - format: date-time - type: string - created_at: - format: date-time - type: string - created_by: - type: string - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - serializer: - type: string - tie_breaker_id: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - updated_at: - format: date-time - type: string - updated_by: - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - type - - list_id - - value - - tie_breaker_id - - created_at - - created_by - - updated_at - - updated_by - Security_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListItemMetadata: - additionalProperties: true - type: object - Security_Lists_API_ListItemPrivileges: - type: object - properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean - type: object - has_all_requested: - type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - username: - type: string - required: - - username - - has_all_requested - - cluster - - index - - application - Security_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListMetadata: - additionalProperties: true - type: object - Security_Lists_API_ListName: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - Security_Lists_API_ListPrivileges: - type: object - properties: - application: - additionalProperties: - type: boolean - type: object - cluster: - additionalProperties: - type: boolean - type: object - has_all_requested: - type: boolean - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - username: - type: string - required: - - username - - has_all_requested - - cluster - - index - - application - Security_Lists_API_ListType: - enum: - - binary - - boolean - - byte - - date - - date_nanos - - date_range - - double - - double_range - - float - - float_range - - geo_point - - geo_shape - - half_float - - integer - - integer_range - - ip - - ip_range - - keyword - - long - - long_range - - shape - - short - - text - type: string - Security_Lists_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ - type: string - Security_Lists_API_PlatformErrorResponse: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: integer - required: - - statusCode - - error - - message - Security_Lists_API_SiemErrorResponse: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message - Security_Osquery_API_ArrayQueries: - items: - $ref: '#/components/schemas/Security_Osquery_API_ArrayQueriesItem' - type: array - Security_Osquery_API_ArrayQueriesItem: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_Id' - platform: - $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_Query' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_CreateLiveQueryRequestBody: - type: object - properties: - agent_all: - type: boolean - agent_ids: - items: - type: string - type: array - agent_platforms: - items: - type: string - type: array - agent_policy_ids: - items: - type: string - type: array - alert_ids: - items: - type: string - type: array - case_ids: - items: - type: string - type: array - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - event_ids: - items: - type: string - type: array - metadata: - nullable: true - type: object - pack_id: - $ref: '#/components/schemas/Security_Osquery_API_PackIdOrUndefined' - queries: - $ref: '#/components/schemas/Security_Osquery_API_ArrayQueries' - query: - $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' - saved_query_id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' - Security_Osquery_API_CreatePacksRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - enabled: - $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' - name: - $ref: '#/components/schemas/Security_Osquery_API_PackName' - policy_ids: - $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' - queries: - $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Osquery_API_Shards' - Security_Osquery_API_CreateSavedQueryRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - interval: - $ref: '#/components/schemas/Security_Osquery_API_Interval' - platform: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_DefaultSuccessResponse: - type: object - properties: {} - Security_Osquery_API_Description: - type: string - Security_Osquery_API_DescriptionOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Description' - nullable: true - Security_Osquery_API_ECSMapping: - additionalProperties: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem' - type: object - Security_Osquery_API_ECSMappingItem: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array - Security_Osquery_API_ECSMappingOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' - nullable: true - Security_Osquery_API_Enabled: - type: boolean - Security_Osquery_API_EnabledOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Enabled' - nullable: true - Security_Osquery_API_FindLiveQueryRequestQuery: - type: object - properties: - kuery: - $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_FindPacksRequestQuery: - type: object - properties: - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_FindSavedQueryRequestQuery: - type: object - properties: - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_GetLiveQueryResultsRequestQuery: - type: object - properties: - kuery: - $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' - page: - $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' - pageSize: - $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' - sort: - $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' - sortOrder: - $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' - Security_Osquery_API_Id: - type: string - Security_Osquery_API_Interval: - type: string - Security_Osquery_API_IntervalOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Interval' - nullable: true - Security_Osquery_API_KueryOrUndefined: - nullable: true - type: string - Security_Osquery_API_ObjectQueries: - additionalProperties: - $ref: '#/components/schemas/Security_Osquery_API_ObjectQueriesItem' - type: object - Security_Osquery_API_ObjectQueriesItem: - type: object - properties: - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_Id' - platform: - $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_Query' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - saved_query_id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_PackId: - type: string - Security_Osquery_API_PackIdOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - nullable: true - Security_Osquery_API_PackName: - type: string - Security_Osquery_API_PageOrUndefined: - nullable: true - type: integer - Security_Osquery_API_PageSizeOrUndefined: - nullable: true - type: integer - Security_Osquery_API_Platform: - type: string - Security_Osquery_API_PlatformOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Platform' - nullable: true - Security_Osquery_API_PolicyIds: - items: - type: string - type: array - Security_Osquery_API_PolicyIdsOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_PolicyIds' - nullable: true - Security_Osquery_API_Query: - type: string - Security_Osquery_API_QueryOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Query' - nullable: true - Security_Osquery_API_Removed: - type: boolean - Security_Osquery_API_RemovedOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Removed' - nullable: true - Security_Osquery_API_SavedQueryId: - type: string - Security_Osquery_API_SavedQueryIdOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - nullable: true - Security_Osquery_API_Shards: - additionalProperties: - type: number - type: object - Security_Osquery_API_Snapshot: - type: boolean - Security_Osquery_API_SnapshotOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Snapshot' - nullable: true - Security_Osquery_API_SortOrderOrUndefined: - oneOf: - - nullable: true - type: string - - enum: - - asc - - desc - Security_Osquery_API_SortOrUndefined: - nullable: true - type: string - Security_Osquery_API_UpdatePacksRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - enabled: - $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - policy_ids: - $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' - queries: - $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' - shards: - $ref: '#/components/schemas/Security_Osquery_API_Shards' - Security_Osquery_API_UpdateSavedQueryRequestBody: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - ecs_mapping: - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' - id: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - interval: - $ref: '#/components/schemas/Security_Osquery_API_IntervalOrUndefined' - platform: - $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' - query: - $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' - removed: - $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' - snapshot: - $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' - version: - $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' - Security_Osquery_API_Version: - type: string - Security_Osquery_API_VersionOrUndefined: - $ref: '#/components/schemas/Security_Osquery_API_Version' - nullable: true - Security_Timeline_API_AssociatedFilterType: - description: Filter notes based on their association with a document or saved object. - enum: - - all - - document_only - - saved_object_only - - document_and_saved_object - - orphan - type: string - Security_Timeline_API_BareNote: - type: object - properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - nullable: true - type: string - note: - nullable: true - type: string - timelineId: - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - required: - - timelineId - Security_Timeline_API_BarePinnedEvent: - type: object - properties: - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - eventId: - type: string - timelineId: - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - required: - - eventId - - timelineId - Security_Timeline_API_ColumnHeaderResult: - type: object - properties: - aggregatable: - nullable: true - type: boolean - category: - nullable: true - type: string - columnHeaderType: - nullable: true - type: string - description: - nullable: true - type: string - example: - nullable: true - type: string - id: - nullable: true - type: string - indexes: - items: - type: string - nullable: true - type: array - name: - nullable: true - type: string - placeholder: - nullable: true - type: string - searchable: - nullable: true - type: boolean - type: - nullable: true - type: string - Security_Timeline_API_DataProviderQueryMatch: - type: object - properties: - enabled: - nullable: true - type: boolean - excluded: - nullable: true - type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' - nullable: true - type: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' - nullable: true - Security_Timeline_API_DataProviderResult: - type: object - properties: - and: - items: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderQueryMatch' - nullable: true - type: array - enabled: - nullable: true - type: boolean - excluded: - nullable: true - type: boolean - id: - nullable: true - type: string - kqlQuery: - nullable: true - type: string - name: - nullable: true - type: string - queryMatch: - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' - nullable: true - type: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' - nullable: true - Security_Timeline_API_DataProviderType: - description: >- - The type of data provider to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string - Security_Timeline_API_DocumentIds: - oneOf: - - items: - type: string - type: array - - type: string - Security_Timeline_API_FavoriteTimelineResponse: - type: object - properties: - code: - nullable: true - type: number - favorite: - items: - $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' - type: array - message: - nullable: true - type: string - savedObjectId: - type: string - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - version: - type: string - required: - - savedObjectId - - version - Security_Timeline_API_FavoriteTimelineResult: - type: object - properties: - favoriteDate: - nullable: true - type: number - fullName: - nullable: true - type: string - userName: - nullable: true - type: string - Security_Timeline_API_FilterTimelineResult: - type: object - properties: - exists: - nullable: true - type: string - match_all: - nullable: true - type: string - meta: - nullable: true - type: object - properties: - alias: - nullable: true - type: string - controlledBy: - nullable: true - type: string - disabled: - nullable: true - type: boolean - field: - nullable: true - type: string - formattedValue: - nullable: true - type: string - index: - nullable: true - type: string - key: - nullable: true - type: string - negate: - nullable: true - type: boolean - params: - nullable: true - type: string - type: - nullable: true - type: string - value: - nullable: true - type: string - missing: - nullable: true - type: string - query: - nullable: true - type: string - range: - nullable: true - type: string - script: - nullable: true - type: string - Security_Timeline_API_GetNotesResult: - type: object - properties: - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - type: array - totalCount: - type: number - required: - - totalCount - - notes - Security_Timeline_API_ImportTimelineResult: - type: object - properties: - errors: - items: - type: object - properties: - error: - type: object - properties: - message: - type: string - status_code: - type: number - id: - type: string - type: array - success: - type: boolean - success_count: - type: number - timelines_installed: - type: number - timelines_updated: - type: number - Security_Timeline_API_ImportTimelines: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - globalNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - savedObjectId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - savedObjectId - - version - - pinnedEventIds - - eventNotes - - globalNotes - Security_Timeline_API_Note: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - - type: object - properties: - noteId: - type: string - version: - type: string - required: - - noteId - - version - Security_Timeline_API_PersistPinnedEventResponse: - oneOf: - - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - $ref: >- - #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody - - nullable: true - type: object - Security_Timeline_API_PersistTimelineResponse: - type: object - properties: - data: - type: object - properties: - persistTimeline: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' - required: - - timeline - required: - - persistTimeline - required: - - data - Security_Timeline_API_PinnedEvent: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' - - type: object - properties: - pinnedEventId: - type: string - version: - type: string - required: - - pinnedEventId - - version - Security_Timeline_API_PinnedEventBaseResponseBody: - type: object - properties: - code: - type: number - message: - type: string - required: - - code - Security_Timeline_API_QueryMatchResult: - type: object - properties: - displayField: - nullable: true - type: string - displayValue: - nullable: true - type: string - field: - nullable: true - type: string - operator: - nullable: true - type: string - value: - oneOf: - - nullable: true - type: string - - items: - type: string - nullable: true - type: array - Security_Timeline_API_ResolvedTimeline: - type: object - properties: - alias_purpose: - $ref: >- - #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose - alias_target_id: - type: string - outcome: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome' - timeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject - required: - - timeline - - outcome - Security_Timeline_API_ResponseNote: - type: object - properties: - code: - type: number - message: - type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_Note' - required: - - code - - message - - note - Security_Timeline_API_RowRendererId: - enum: - - alert - - alerts - - auditd - - auditd_file - - library - - netflow - - plain - - registry - - suricata - - system - - system_dns - - system_endgame_process - - system_file - - system_fim - - system_security_event - - system_socket - - threat_match - - zeek - type: string - Security_Timeline_API_SavedObjectIds: - oneOf: - - items: - type: string - type: array - - type: string - Security_Timeline_API_SavedObjectResolveAliasPurpose: - enum: - - savedObjectConversion - - savedObjectImport - type: string - Security_Timeline_API_SavedObjectResolveOutcome: - enum: - - exactMatch - - aliasMatch - - conflict - type: string - Security_Timeline_API_SavedTimeline: - type: object - properties: - columns: - items: - $ref: '#/components/schemas/Security_Timeline_API_ColumnHeaderResult' - nullable: true - type: array - created: - nullable: true - type: number - createdBy: - nullable: true - type: string - dataProviders: - items: - $ref: '#/components/schemas/Security_Timeline_API_DataProviderResult' - nullable: true - type: array - dataViewId: - nullable: true - type: string - dateRange: - nullable: true - type: object - properties: - end: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - start: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - description: - nullable: true - type: string - eqlOptions: - nullable: true - type: object - properties: - eventCategoryField: - nullable: true - type: string - query: - nullable: true - type: string - size: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - tiebreakerField: - nullable: true - type: string - timestampField: - nullable: true - type: string - eventType: - nullable: true - type: string - excludedRowRendererIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_RowRendererId' - nullable: true - type: array - favorite: - items: - $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' - nullable: true - type: array - filters: - items: - $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult' - nullable: true - type: array - indexNames: - items: - type: string - nullable: true - type: array - kqlMode: - nullable: true - type: string - kqlQuery: - $ref: >- - #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult - nullable: true - savedQueryId: - nullable: true - type: string - savedSearchId: - nullable: true - type: string - sort: - $ref: '#/components/schemas/Security_Timeline_API_Sort' - nullable: true - status: - enum: - - active - - draft - - immutable - nullable: true - type: string - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - title: - nullable: true - type: string - updated: - nullable: true - type: number - updatedBy: - nullable: true - type: string - Security_Timeline_API_SavedTimelineWithSavedObjectId: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version - Security_Timeline_API_SerializedFilterQueryResult: - type: object - properties: - filterQuery: - nullable: true - type: object - properties: - kuery: - nullable: true - type: object - properties: - expression: - nullable: true - type: string - kind: - nullable: true - type: string - serializedQuery: - nullable: true - type: string - Security_Timeline_API_Sort: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - - items: - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - type: array - Security_Timeline_API_SortFieldTimeline: - description: The field to sort the timelines by. - enum: - - title - - description - - updated - - created - type: string - Security_Timeline_API_SortObject: - type: object - properties: - columnId: - nullable: true - type: string - columnType: - nullable: true - type: string - sortDirection: - nullable: true - type: string - Security_Timeline_API_TimelineResponse: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - $ref: >- - #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - items: - type: string - nullable: true - type: array - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array - Security_Timeline_API_TimelineSavedToReturnObject: - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - items: - type: string - nullable: true - type: array - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version - Security_Timeline_API_TimelineStatus: - description: >- - The status of the timeline. Valid values are `active`, `draft`, and - `immutable`. - enum: - - active - - draft - - immutable - type: string - Security_Timeline_API_TimelineType: - description: >- - The type of timeline to create. Valid values are `default` and - `template`. - enum: - - default - - template - type: string - SLOs_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: - example: 'Invalid value ''foo'' supplied to: [...]' - type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - SLOs_401_response: - title: Unauthorized - type: object - properties: - error: - example: Unauthorized - type: string - message: - example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" - type: string - statusCode: - example: 401 - type: number - required: - - statusCode - - error - - message - SLOs_403_response: - title: Unauthorized - type: object - properties: - error: - example: Unauthorized - type: string - message: - example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" - type: string - statusCode: - example: 403 - type: number - required: - - statusCode - - error - - message - SLOs_404_response: - title: Not found - type: object - properties: - error: - example: Not Found - type: string - message: - example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found - type: string - statusCode: - example: 404 - type: number - required: - - statusCode - - error - - message - SLOs_409_response: - title: Conflict - type: object - properties: - error: - example: Conflict - type: string - message: - example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists - type: string - statusCode: - example: 409 - type: number - required: - - statusCode - - error - - message - SLOs_budgeting_method: - description: The budgeting method to use when computing the rollup data. - enum: - - occurrences - - timeslices - example: occurrences - title: Budgeting method - type: string - SLOs_create_slo_request: - description: > - The create SLO API request body varies depending on the type of - indicator, time window and budgeting method. - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - description: - description: A description for the SLO. - type: string - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - id: - description: >- - A optional and unique identifier for the SLO. Must be between 8 and - 36 chars - example: my-super-slo-id - type: string - indicator: - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - name: - description: A name for the SLO. - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - required: - - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - title: Create SLO request - type: object - SLOs_create_slo_response: - title: Create SLO response - type: object - properties: - id: - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - required: - - id - SLOs_delete_slo_instances_request: - description: > - The delete SLO instances request takes a list of SLO id and instance id, - then delete the rollup and summary data. This API can be used to remove - the staled data of an instance SLO that no longer get updated. - properties: - list: - description: An array of slo id and instance id - items: - type: object - properties: - instanceId: - description: The SLO instance identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - sloId: - description: The SLO unique identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - required: - - sloId - - instanceId - type: array - required: - - list - title: Delete SLO instances request - type: object - SLOs_error_budget: - title: Error budget - type: object - properties: - consumed: - description: The error budget consummed, as a percentage of the initial value. - example: 0.8 - type: number - initial: - description: The initial error budget, as 1 - objective - example: 0.02 - type: number - isEstimated: - description: >- - Only for SLO defined with occurrences budgeting method and calendar - aligned time window. - example: true - type: boolean - remaining: - description: The error budget remaining, as a percentage of the initial value. - example: 0.2 - type: number - required: - - initial - - consumed - - remaining - - isEstimated - SLOs_filter: - description: Defines properties for a filter - properties: - meta: - $ref: '#/components/schemas/SLOs_filter_meta' - query: - type: object - title: Filter - type: object - SLOs_filter_meta: - description: Defines properties for a filter - properties: - alias: - nullable: true - type: string - controlledBy: - type: string - disabled: - type: boolean - field: - type: string - group: - type: string - index: - type: string - isMultiIndex: - type: boolean - key: - type: string - negate: - type: boolean - params: - type: object - type: - type: string - value: - type: string - title: FilterMeta - type: object - SLOs_find_slo_response: - description: | - A paginated response of SLOs matching the query. - properties: - page: - example: 1 - type: number - perPage: - example: 25 - type: number - results: - items: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - type: array - total: - example: 34 - type: number - title: Find SLO response - type: object - SLOs_group_by: - description: >- - optional group by field or fields to use to generate an SLO per distinct - value - example: - - - service.name - - service.name - - - service.name - - service.environment - oneOf: - - type: string - - items: - type: string - type: array - title: Group by - SLOs_indicator_properties_apm_availability: - description: Defines properties for the APM availability indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index - type: - description: The type of indicator. - example: sli.apm.transactionDuration - type: string - required: - - type - - params - title: APM availability - SLOs_indicator_properties_apm_latency: - description: Defines properties for the APM latency indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - threshold: - description: The latency threshold in milliseconds - example: 250 - type: number - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index - - threshold - type: - description: The type of indicator. - example: sli.apm.transactionDuration - type: string - required: - - type - - params - title: APM latency - SLOs_indicator_properties_custom_kql: - description: Defines properties for a custom query indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - $ref: '#/components/schemas/SLOs_kql_with_filters' - good: - $ref: '#/components/schemas/SLOs_kql_with_filters_good' - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - $ref: '#/components/schemas/SLOs_kql_with_filters_total' - required: - - index - - timestampField - - good - - total - type: - description: The type of indicator. - example: sli.kql.custom - type: string - required: - - type - - params - title: Custom Query - SLOs_indicator_properties_custom_metric: - description: Defines properties for a custom metric indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "good" metric. - example: A - type: string - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - items: - type: object - properties: - aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - type: array - required: - - metrics - - equation - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "total" metric. - example: A - type: string - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - items: - type: object - properties: - aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - type: array - required: - - metrics - - equation - required: - - index - - timestampField - - good - - total - type: - description: The type of indicator. - example: sli.metric.custom - type: string - required: - - type - - params - title: Custom metric - SLOs_indicator_properties_histogram: - description: Defines properties for a histogram indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for good events. - example: 'processor.outcome: "success"' - type: string - from: - description: >- - The starting value of the range. Only required for "range" - aggregations. - example: 0 - type: number - to: - description: >- - The ending value of the range. Only required for "range" - aggregations. - example: 100 - type: number - required: - - aggregation - - field - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for total events. - example: 'processor.outcome : *' - type: string - from: - description: >- - The starting value of the range. Only required for "range" - aggregations. - example: 0 - type: number - to: - description: >- - The ending value of the range. Only required for "range" - aggregations. - example: 100 - type: number - required: - - aggregation - - field - required: - - index - - timestampField - - good - - total - type: - description: The type of indicator. - example: sli.histogram.custom - type: string - required: - - type - - params - title: Histogram indicator - SLOs_indicator_properties_timeslice_metric: - description: Defines properties for a timeslice metric indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - index: - description: The index or index pattern to use - example: my-service-* - type: string - metric: - description: > - An object defining the metrics, equation, and threshold to - determine if it's a good slice or not - type: object - properties: - comparator: - description: >- - The comparator to use to compare the equation to the - threshold. - enum: - - GT - - GTE - - LT - - LTE - example: GT - type: string - equation: - description: The equation to calculate the metric. - example: A - type: string - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - items: - anyOf: - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_percentile_metric - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_doc_count_metric - type: array - threshold: - description: >- - The threshold used to determine if the metric is a good - slice or not. - example: 100 - type: number - required: - - metrics - - equation - - comparator - - threshold - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - required: - - index - - timestampField - - metric - type: - description: The type of indicator. - example: sli.metric.timeslice - type: string - required: - - type - - params - title: Timeslice metric - SLOs_kql_with_filters: - description: Defines properties for a filter - oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string - title: KQL with filters - SLOs_kql_with_filters_good: - description: The KQL query used to define the good events. - oneOf: - - description: the KQL query to filter the documents with. - example: 'request.latency <= 150 and request.status_code : "2xx"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string - title: KQL query for good events - SLOs_kql_with_filters_total: - description: The KQL query used to define all events. - oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string - title: KQL query for all events - SLOs_objective: - description: Defines properties for the SLO objective - type: object - properties: - target: - description: the target objective between 0 and 1 excluded - example: 0.99 - exclusiveMaximum: true - exclusiveMinimum: true - maximum: 100 - minimum: 0 - type: number - timesliceTarget: - description: >- - the target objective for each slice when using a timeslices - budgeting method - example: 0.995 - maximum: 100 - minimum: 0 - type: number - timesliceWindow: - description: >- - the duration of each slice when using a timeslices budgeting method, - as {duraton}{unit} - example: 5m - type: string - required: - - target - title: Objective - SLOs_settings: - description: Defines properties for SLO settings. - properties: - frequency: - default: 1m - description: Configure how often the transform runs, default 1m - example: 5m - type: string - preventInitialBackfill: - default: false - description: Prevents the transform from backfilling data when it starts. - example: true - type: boolean - syncDelay: - default: 1m - description: The synch delay to apply to the transform. Default 1m - example: 5m - type: string - title: Settings - type: object - SLOs_slo_definition_response: - title: SLO definition response - type: object - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - createdAt: - description: The creation date - example: '2023-01-12T10:03:19.000Z' - type: string - description: - description: The description of the SLO. - example: My SLO description - type: string - enabled: - description: Indicate if the SLO is enabled - example: true - type: boolean - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - id: - description: The identifier of the SLO. - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - indicator: - discriminator: - mapping: - sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' - sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' - sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' - sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' - sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' - sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - propertyName: type - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - name: - description: The name of the SLO. - example: My Service SLO - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - revision: - description: The SLO revision - example: 2 - type: number - settings: - $ref: '#/components/schemas/SLOs_settings' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - updatedAt: - description: The last update date - example: '2023-01-12T10:03:19.000Z' - type: string - version: - description: The internal SLO version - example: 2 - type: number - required: - - id - - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - - settings - - revision - - enabled - - groupBy - - tags - - createdAt - - updatedAt - - version - SLOs_slo_with_summary_response: - title: SLO response - type: object - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - createdAt: - description: The creation date - example: '2023-01-12T10:03:19.000Z' - type: string - description: - description: The description of the SLO. - example: My SLO description - type: string - enabled: - description: Indicate if the SLO is enabled - example: true - type: boolean - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - id: - description: The identifier of the SLO. - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - indicator: - discriminator: - mapping: - sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' - sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' - sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' - sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' - sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' - sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - propertyName: type - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - instanceId: - description: the value derived from the groupBy field, if present, otherwise '*' - example: host-abcde - type: string - name: - description: The name of the SLO. - example: My Service SLO - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - revision: - description: The SLO revision - example: 2 - type: number - settings: - $ref: '#/components/schemas/SLOs_settings' - summary: - $ref: '#/components/schemas/SLOs_summary' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - updatedAt: - description: The last update date - example: '2023-01-12T10:03:19.000Z' - type: string - version: - description: The internal SLO version - example: 2 - type: number - required: - - id - - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - - settings - - revision - - summary - - enabled - - groupBy - - instanceId - - tags - - createdAt - - updatedAt - - version - SLOs_summary: - description: The SLO computed data - properties: - errorBudget: - $ref: '#/components/schemas/SLOs_error_budget' - sliValue: - example: 0.9836 - type: number - status: - $ref: '#/components/schemas/SLOs_summary_status' - required: - - status - - sliValue - - errorBudget - title: Summary - type: object - SLOs_summary_status: - enum: - - NO_DATA - - HEALTHY - - DEGRADING - - VIOLATED - example: HEALTHY - title: summary status - type: string - SLOs_time_window: - description: Defines properties for the SLO time window - type: object - properties: - duration: - description: >- - the duration formatted as {duration}{unit}. Accepted values for - rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w - (weekly) or 1M (monthly) - example: 30d - type: string - type: - description: >- - Indicates weither the time window is a rolling or a calendar aligned - time window. - enum: - - rolling - - calendarAligned - example: rolling - type: string - required: - - duration - - type - title: Time window - SLOs_timeslice_metric_basic_metric_with_field: - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - sum - - avg - - min - - max - - std_deviation - - last_value - - cardinality - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - title: Timeslice Metric Basic Metric with Field - SLOs_timeslice_metric_doc_count_metric: - type: object - properties: - aggregation: - description: The aggregation type of the metric. Only valid option is "doc_count" - enum: - - doc_count - example: doc_count - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - title: Timeslice Metric Doc Count Metric - SLOs_timeslice_metric_percentile_metric: - type: object - properties: - aggregation: - description: >- - The aggregation type of the metric. Only valid option is - "percentile" - enum: - - percentile - example: percentile - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: "success"' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - percentile: - description: The percentile value. - example: 95 - type: number - required: - - name - - aggregation - - field - - percentile - title: Timeslice Metric Percentile Metric - SLOs_update_slo_request: - description: > - The update SLO API request body varies depending on the type of - indicator, time window and budgeting method. Partial update is handled. - properties: - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - description: - description: A description for the SLO. - type: string - groupBy: - $ref: '#/components/schemas/SLOs_group_by' - indicator: - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - name: - description: A name for the SLO. - type: string - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - tags: - description: List of tags - items: - type: string - type: array - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - title: Update SLO request - type: object - securitySchemes: - apiKeyAuth: - description: > - These APIs use key-based authentication. You must create an API key and - use the encoded value in the request header. For example: - `Authorization: ApiKey base64AccessApiKey` - in: header - name: Authorization - type: apiKey - basicAuth: - scheme: basic - type: http -security: - - apiKeyAuth: [] - - basicAuth: [] -tags: - - name: alerting - - description: > - Configure APM agent keys to authorize requests from APM agents to the APM - Server. - name: APM agent keys - - description: > - Annotate visualizations in the APM app with significant events. - Annotations enable you to easily see how events are impacting the - performance of your applications. - name: APM annotations - - description: Case APIs enable you to open and track issues. - name: cases - - name: connectors - - name: Data streams - - description: >- - Data view APIs enable you to manage data views, formerly known as Kibana - index patterns. - name: data views - - name: Elastic Agent actions - - name: Elastic Agent binary download sources - - name: Elastic Agent policies - - name: Elastic Agent status - - name: Elastic Agents - - name: Elastic Package Manager (EPM) - - name: Fleet enrollment API keys - - name: Fleet internals - - name: Fleet outputs - - name: Fleet package policies - - name: Fleet proxies - - name: Fleet Server hosts - - name: Fleet service tokens - - name: Fleet uninstall tokens - - name: Message Signing Service - - description: Machine learning - name: ml - - name: roles - - description: > - Export sets of saved objects that you want to import into {kib}, resolve - import errors, and rotate an encryption key for encrypted saved objects - with the saved objects APIs. - - - To manage a specific type of saved object, use the corresponding APIs. - - For example, use: - - - * [Data views](../group/endpoint-data-views) - - * [Spaces](https://www.elastic.co/guide/en/kibana/current/spaces-api.html) - - * [Short - URLs](https://www.elastic.co/guide/en/kibana/current/short-urls-api.html) - - - Warning: Do not write documents directly to the `.kibana` index. When you - write directly to the `.kibana` index, the data becomes corrupted and - permanently breaks future Kibana versions. - name: saved objects - x-displayName: Saved objects - - description: Manage and interact with Security Assistant resources. - name: Security AI Assistant API - x-displayName: Security AI assistant - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. - name: Security Detections API - x-displayName: Security detections - - description: >- - Endpoint Exceptions API allows you to manage detection rule endpoint - exceptions to prevent a rule from generating an alert from incoming events - even when the rule's other criteria are met. - name: Security Endpoint Exceptions API - x-displayName: Security endpoint exceptions - - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Endpoint Management API - x-displayName: Security endpoint management - - description: '' - name: Security Entity Analytics API - x-displayName: Security entity analytics - - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. - name: Security Exceptions API - x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. - name: Security Lists API - x-displayName: Security lists - - description: Run live queries, manage packs and saved queries. - name: Security Osquery API - x-displayName: Security Osquery - - description: >- - You can create Timelines and Timeline templates via the API, as well as - import new Timelines from an ndjson file. - name: Security Timeline API - x-displayName: Security timeline - - description: SLO APIs enable you to define, manage and track service-level objectives - name: slo - - name: spaces - - name: system diff --git a/oas_docs/scripts/merge_ess_oas_staging.js b/oas_docs/scripts/merge_ess_oas_staging.js deleted file mode 100644 index e7c5eb719c9f6..0000000000000 --- a/oas_docs/scripts/merge_ess_oas_staging.js +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -require('../../src/setup_node_env'); -const { merge } = require('@kbn/openapi-bundler'); -const { REPO_ROOT } = require('@kbn/repo-info'); - -(async () => { - await merge({ - sourceGlobs: [ - `${REPO_ROOT}/oas_docs/bundle.json`, - `${REPO_ROOT}/x-pack/plugins/alerting/docs/openapi/bundled.yaml`, - `${REPO_ROOT}/x-pack/plugins/cases/docs/openapi/bundled.yaml`, - `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, - `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis.yaml`, - `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled.yaml`, - - // Observability Solution - `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, - `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, - - // Security solution - `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/*.schema.yaml`, - `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/ess/*.schema.yaml`, - ], - outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.staging.yaml`, - options: { - prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.yaml`, - }, - }); -})(); diff --git a/oas_docs/scripts/merge_serverless_oas_staging.js b/oas_docs/scripts/merge_serverless_oas_staging.js deleted file mode 100644 index b918c7900196e..0000000000000 --- a/oas_docs/scripts/merge_serverless_oas_staging.js +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -require('../../src/setup_node_env'); -const { merge } = require('@kbn/openapi-bundler'); -const { REPO_ROOT } = require('@kbn/repo-info'); - -(async () => { - await merge({ - sourceGlobs: [ - `${REPO_ROOT}/oas_docs/bundle.serverless.json`, - `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, - `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml`, - `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled_serverless.yaml`, - - // Observability Solution - `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, - `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, - - // Security solution - `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/*.schema.yaml`, - `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/serverless/*.schema.yaml`, - ], - outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.serverless.staging.yaml`, - options: { - prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.serverless.yaml`, - }, - }); -})(); From f3c29f82d6bb2fa2c823ae44ad980f4242da65ec Mon Sep 17 00:00:00 2001 From: Tomasz Ciecierski Date: Thu, 24 Oct 2024 17:10:19 +0200 Subject: [PATCH 50/99] [EDR Workflows] Download multiple agent versions (#197469) --- .../endpoint/agent_downloader_cli/agent_downloader.ts | 5 +---- .../scripts/endpoint/common/agent_downloads_service.ts | 10 ++++++++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/agent_downloader_cli/agent_downloader.ts b/x-pack/plugins/security_solution/scripts/endpoint/agent_downloader_cli/agent_downloader.ts index 8366c77575e70..a3e250a464b9c 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/agent_downloader_cli/agent_downloader.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/agent_downloader_cli/agent_downloader.ts @@ -45,7 +45,7 @@ const downloadAndStoreElasticAgent = async ( ): Promise => { const versionsToDownload = getVersionsToDownload(version); - // Although we have a list of versions to try downloading, we only need to download one, and will return as soon as it succeeds. + // Download all the versions in the list for (const versionToDownload of versionsToDownload) { try { const { url } = await getAgentDownloadUrl(versionToDownload, closestMatch, log); @@ -53,13 +53,10 @@ const downloadAndStoreElasticAgent = async ( await downloadAndStoreAgent(url, fileName); log.info(`Successfully downloaded and stored version ${versionToDownload}`); - return; // Exit once successful } catch (error) { log.error(`Failed to download or store version ${versionToDownload}: ${error.message}`); } } - - log.error(`Failed to download agent for any available version: ${versionsToDownload.join(', ')}`); }; export const agentDownloaderRunner: RunFn = async (cliContext) => { diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/agent_downloads_service.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/agent_downloads_service.ts index 4c963332ad0c2..10d5eaf543241 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/agent_downloads_service.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/agent_downloads_service.ts @@ -113,8 +113,14 @@ class AgentDownloadStorage extends SettingsStorage await handleProcessInterruptions( async () => { - const { body } = await nodeFetch(agentDownloadUrl); - await finished(body.pipe(outputStream)); + try { + const { body } = await nodeFetch(agentDownloadUrl); + await finished(body.pipe(outputStream)); + } catch (error) { + this.log.error(`Error during download attempt ${attempt}: ${error.message}`); + // Ensure any errors here propagate and trigger retry + throw error; + } }, () => fs.unlinkSync(newDownloadInfo.fullFilePath) // Clean up on interruption ); From 86e6c74f7c39a512eaa43cc025434dc6a53d55f6 Mon Sep 17 00:00:00 2001 From: Gloria Hornero Date: Thu, 24 Oct 2024 17:26:33 +0200 Subject: [PATCH 51/99] [Security Solution] Removing cypress folder (#197273) ## Summary Deleting the Cypress folder that was added in `test_serverless` as a POC. Currently is not used and this can create misunderstandings regarding ownership of it. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .../ftr_security_serverless_configs.yml | 6 +- .../security_solution/defend_workflows.yml | 14 +- .../security_serverless_defend_workflows.sh | 12 - .github/CODEOWNERS | 1 - .../osquery/cypress/cypress_base.config.ts | 2 +- x-pack/plugins/osquery/cypress/support/e2e.ts | 11 + .../support/setup_data_loader_tasks.ts | 17 +- .../serverless_config.base.ts} | 2 +- .../serverless_config.ts | 4 +- .../osquery_cypress/serverless_cli_config.ts | 4 +- .../osquery_cypress/serverless_config.base.ts | 35 +++ .../security/cypress/.eslintrc.json | 13 -- .../test_suites/security/cypress/.gitignore | 3 - .../test_suites/security/cypress/README.md | 65 ------ .../security/cypress/cypress.config.ts | 40 ---- .../test_suites/security/cypress/cypress.d.ts | 207 ------------------ .../security/cypress/e2e/serverless.cy.ts | 22 -- .../test_suites/security/cypress/package.json | 13 -- .../security/cypress/reporter_config.json | 10 - .../test_suites/security/cypress/runner.ts | 24 -- .../security/cypress/screens/index.ts | 8 - .../security/cypress/screens/landing_page.ts | 8 - .../security/cypress/security_config.ts | 31 --- .../security/cypress/support/commands.js | 32 --- .../security/cypress/support/e2e.js | 29 --- .../security/cypress/support/index.d.ts | 52 ----- .../index_endpoint_hosts.ts | 35 --- .../security/cypress/tasks/login.ts | 87 -------- .../security/cypress/tasks/navigation.ts | 10 - x-pack/test_serverless/tsconfig.json | 1 - 30 files changed, 61 insertions(+), 737 deletions(-) delete mode 100644 .buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh rename x-pack/{test_serverless/functional/test_suites/security => plugins/osquery}/cypress/support/setup_data_loader_tasks.ts (77%) rename x-pack/{test_serverless/functional/test_suites/security/cypress/security_config.base.ts => test/defend_workflows_cypress/serverless_config.base.ts} (93%) create mode 100644 x-pack/test/osquery_cypress/serverless_config.base.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/.eslintrc.json delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/.gitignore delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/README.md delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/cypress.d.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/e2e/serverless.cy.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/package.json delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/reporter_config.json delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/runner.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/screens/index.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/screens/landing_page.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/security_config.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/support/commands.js delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/support/e2e.js delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/support/index.d.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/tasks/endpoint_management/index_endpoint_hosts.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/tasks/login.ts delete mode 100644 x-pack/test_serverless/functional/test_suites/security/cypress/tasks/navigation.ts diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index eb2b8e3a06873..22d1391034822 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -1,17 +1,17 @@ disabled: # Base config files, only necessary to inform config finding script - - x-pack/test_serverless/functional/test_suites/security/cypress/security_config.base.ts - - x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts - x-pack/test/security_solution_api_integration/config/serverless/config.base.ts - x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts - x-pack/test/security_solution_api_integration/config/serverless/config.base.edr_workflows.ts + - x-pack/test/defend_workflows_cypress/serverless_config.base.ts + - x-pack/test/osquery_cypress/serverless_config.base.ts # Cypress configs, for now these are still run manually - x-pack/test/defend_workflows_cypress/serverless_config.ts - x-pack/test/osquery_cypress/serverless_cli_config.ts - - x-pack/test_serverless/functional/test_suites/security/cypress/security_config.ts - x-pack/test/security_solution_cypress/serverless_config.ts + # Playwright - x-pack/test/security_solution_playwright/serverless_config.ts diff --git a/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml b/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml index 47f0e672a8d5a..fc5e601adad61 100644 --- a/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml +++ b/.buildkite/pipelines/pull_request/security_solution/defend_workflows.yml @@ -31,16 +31,4 @@ steps: retry: automatic: - exit_status: '-1' - limit: 1 -# status_exception: Native role management is not enabled in this Elasticsearch instance -# - command: .buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh -# label: 'Serverless Security Defend Workflows Cypress Tests' -# agents: -# machineType: n2-standard-4 -# preemptible: true -# depends_on: build -# timeout_in_minutes: 60 -# retry: -# automatic: -# - exit_status: '-1' -# limit: 1 + limit: 1 \ No newline at end of file diff --git a/.buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh b/.buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh deleted file mode 100644 index 7b16afa214fed..0000000000000 --- a/.buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -source .buildkite/scripts/steps/functional/common.sh - -export JOB=kibana-serverless-security-cypress -export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION} - -echo "--- Security Defend Workflows Serverless Cypress" - -yarn --cwd x-pack/test_serverless/functional/test_suites/security/cypress cypress:run diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 161650cfa67b0..e9ee699925a08 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1601,7 +1601,6 @@ x-pack/test/api_integration/apis/management/index_management/inference_endpoints /x-pack/test_serverless/functional/page_objects/svl_management_page.ts @elastic/security-solution /x-pack/test_serverless/api_integration/test_suites/security @elastic/security-solution -/x-pack/test_serverless/functional/test_suites/security/cypress @elastic/security-solution /x-pack/test_serverless/functional/test_suites/security/index.feature_flags.ts @elastic/security-solution /x-pack/test_serverless/functional/test_suites/security/index.ts @elastic/security-solution #CC# /x-pack/plugins/security_solution/ @elastic/security-solution diff --git a/x-pack/plugins/osquery/cypress/cypress_base.config.ts b/x-pack/plugins/osquery/cypress/cypress_base.config.ts index 75109dc423ff3..cea74dcd9ee60 100644 --- a/x-pack/plugins/osquery/cypress/cypress_base.config.ts +++ b/x-pack/plugins/osquery/cypress/cypress_base.config.ts @@ -10,8 +10,8 @@ import path from 'path'; import { load as loadYaml } from 'js-yaml'; import { readFileSync } from 'fs'; import type { YamlRoleDefinitions } from '@kbn/test-suites-serverless/shared/lib'; -import { setupUserDataLoader } from '@kbn/test-suites-serverless/functional/test_suites/security/cypress/support/setup_data_loader_tasks'; import { samlAuthentication } from '@kbn/security-solution-plugin/public/management/cypress/support/saml_authentication'; +import { setupUserDataLoader } from './support/setup_data_loader_tasks'; import { getFailedSpecVideos } from './support/filter_videos'; const ROLES_YAML_FILE_PATH = path.join( diff --git a/x-pack/plugins/osquery/cypress/support/e2e.ts b/x-pack/plugins/osquery/cypress/support/e2e.ts index 3a989aa235575..7426498cd2832 100644 --- a/x-pack/plugins/osquery/cypress/support/e2e.ts +++ b/x-pack/plugins/osquery/cypress/support/e2e.ts @@ -34,11 +34,16 @@ registerCypressGrep(); import type { SecuritySolutionDescribeBlockFtrConfig } from '@kbn/security-solution-plugin/scripts/run_cypress/utils'; import { login } from '@kbn/security-solution-plugin/public/management/cypress/tasks/login'; +import type { LoadedRoleAndUser } from '@kbn/test-suites-serverless/shared/lib'; import type { ServerlessRoleName } from './roles'; import { waitUntil } from '../tasks/wait_until'; import { isCloudServerless, isServerless } from '../tasks/serverless'; +export interface LoadUserAndRoleCyTaskOptions { + name: ServerlessRoleName; +} + declare global { // eslint-disable-next-line @typescript-eslint/no-namespace namespace Cypress { @@ -49,6 +54,12 @@ declare global { } interface Chainable { + task( + name: 'loadUserAndRole', + arg: LoadUserAndRoleCyTaskOptions, + options?: Partial + ): Chainable; + getBySel(...args: Parameters): Chainable>; getBySelContains( diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/support/setup_data_loader_tasks.ts b/x-pack/plugins/osquery/cypress/support/setup_data_loader_tasks.ts similarity index 77% rename from x-pack/test_serverless/functional/test_suites/security/cypress/support/setup_data_loader_tasks.ts rename to x-pack/plugins/osquery/cypress/support/setup_data_loader_tasks.ts index 65cbcf5aac212..938fa67585f88 100644 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/support/setup_data_loader_tasks.ts +++ b/x-pack/plugins/osquery/cypress/support/setup_data_loader_tasks.ts @@ -6,12 +6,12 @@ */ import { createRuntimeServices } from '@kbn/security-solution-plugin/scripts/endpoint/common/stack_services'; -import { LoadUserAndRoleCyTaskOptions } from '../cypress'; -import { +import { SecurityRoleAndUserLoader } from '@kbn/test-suites-serverless/shared/lib'; +import type { LoadedRoleAndUser, - SecurityRoleAndUserLoader, YamlRoleDefinitions, -} from '../../../../../shared/lib'; +} from '@kbn/test-suites-serverless/shared/lib'; +import type { LoadUserAndRoleCyTaskOptions } from './e2e'; interface AdditionalDefinitions { roleDefinitions?: YamlRoleDefinitions; @@ -33,9 +33,7 @@ export const setupUserDataLoader = ( }); const roleAndUserLoaderPromise: Promise = stackServicesPromise.then( - ({ kbnClient, log }) => { - return new SecurityRoleAndUserLoader(kbnClient, log, roleDefinitions); - } + ({ kbnClient, log }) => new SecurityRoleAndUserLoader(kbnClient, log, roleDefinitions) ); on('task', { @@ -43,8 +41,7 @@ export const setupUserDataLoader = ( * Loads a user/role into Kibana. Used from `login()` task. * @param name */ - loadUserAndRole: async ({ name }: LoadUserAndRoleCyTaskOptions): Promise => { - return (await roleAndUserLoaderPromise).load(name, additionalRoleName); - }, + loadUserAndRole: async ({ name }: LoadUserAndRoleCyTaskOptions): Promise => + (await roleAndUserLoaderPromise).load(name, additionalRoleName), }); }; diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/security_config.base.ts b/x-pack/test/defend_workflows_cypress/serverless_config.base.ts similarity index 93% rename from x-pack/test_serverless/functional/test_suites/security/cypress/security_config.base.ts rename to x-pack/test/defend_workflows_cypress/serverless_config.base.ts index 515ea0c52efee..07d514687e954 100644 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/security_config.base.ts +++ b/x-pack/test/defend_workflows_cypress/serverless_config.base.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const svlSharedConfig = await readConfigFile( - require.resolve('../../../../shared/config.base.ts') + require.resolve('@kbn/test-suites-serverless/shared/config.base') ); return { diff --git a/x-pack/test/defend_workflows_cypress/serverless_config.ts b/x-pack/test/defend_workflows_cypress/serverless_config.ts index 38c9c5040e8d3..c8dde0ebcff5d 100644 --- a/x-pack/test/defend_workflows_cypress/serverless_config.ts +++ b/x-pack/test/defend_workflows_cypress/serverless_config.ts @@ -14,9 +14,7 @@ import { DefendWorkflowsCypressCliTestRunner } from './runner'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const defendWorkflowsCypressConfig = await readConfigFile( - require.resolve( - '@kbn/test-suites-serverless/functional/test_suites/security/cypress/security_config.base' - ) + require.resolve('./serverless_config.base.ts') ); const config = defendWorkflowsCypressConfig.getAll(); const hostIp = getLocalhostRealIp(); diff --git a/x-pack/test/osquery_cypress/serverless_cli_config.ts b/x-pack/test/osquery_cypress/serverless_cli_config.ts index 0ed1be5e332d3..67df33aa34a68 100644 --- a/x-pack/test/osquery_cypress/serverless_cli_config.ts +++ b/x-pack/test/osquery_cypress/serverless_cli_config.ts @@ -12,9 +12,7 @@ import { startOsqueryCypress } from './runner'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const securitySolutionCypressConfig = await readConfigFile( - require.resolve( - '@kbn/test-suites-serverless/functional/test_suites/security/cypress/security_config.base' - ) + require.resolve('./serverless_config.base.ts') ); return { diff --git a/x-pack/test/osquery_cypress/serverless_config.base.ts b/x-pack/test/osquery_cypress/serverless_config.base.ts new file mode 100644 index 0000000000000..07d514687e954 --- /dev/null +++ b/x-pack/test/osquery_cypress/serverless_config.base.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const svlSharedConfig = await readConfigFile( + require.resolve('@kbn/test-suites-serverless/shared/config.base') + ); + + return { + ...svlSharedConfig.getAll(), + esTestCluster: { + ...svlSharedConfig.get('esTestCluster'), + serverArgs: [ + ...svlSharedConfig.get('esTestCluster.serverArgs'), + // define custom es server here + // API Keys is enabled at the top level + ], + }, + kbnTestServer: { + ...svlSharedConfig.get('kbnTestServer'), + serverArgs: [ + ...svlSharedConfig.get('kbnTestServer.serverArgs'), + '--csp.strict=false', + '--csp.warnLegacyBrowsers=false', + '--serverless=security', + ], + }, + }; +} diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/.eslintrc.json b/x-pack/test_serverless/functional/test_suites/security/cypress/.eslintrc.json deleted file mode 100644 index 22a4d052afdc5..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/.eslintrc.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "plugins": ["cypress"], - "extends": [ - "plugin:cypress/recommended" - ], - "env": { - "cypress/globals": true - }, - "rules": { - "cypress/no-force": "warn", - "import/no-extraneous-dependencies": "off" - } -} diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/.gitignore b/x-pack/test_serverless/functional/test_suites/security/cypress/.gitignore deleted file mode 100644 index c23080c54def2..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -videos -screenshots -downloads \ No newline at end of file diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/README.md b/x-pack/test_serverless/functional/test_suites/security/cypress/README.md deleted file mode 100644 index da13d4e99ce85..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Security Serverless Tests - -Before considering adding a new Cypress tests, please make sure you have added unit and API tests first and the behaviour can only be exercised with Cypress. - -Note that, the aim of Cypress is to test that the user interface operates as expected, hence, you should not be using this tool to test REST API or data contracts. - -## Folder Structure - -Below you can find the folder structure used on our Cypress tests. - -### e2e/ - -Cypress convention starting version 10 (previously known as integration). Contains the specs that are going to be executed. - -### fixtures/ - -Cypress convention. Fixtures are used as external pieces of static data when we stub responses. - -### screens/ - -Contains the elements we want to interact with in our tests. - -Each file inside the screens folder represents a screen in our application. When the screens are complex, e.g. Hosts with its multiple tabs, the page is represented by a folder and the different important parts are represented by files. - -Example: - -- screens -- hosts -- all_hosts.ts -- authentications.ts -- events.ts -- main.ts -- uncommon_processes.ts - -### tasks/ - -_Tasks_ are functions that may be reused across tests. - -Each file inside the tasks folder represents a screen of our application. When the screens are complex, e.g. Hosts with its multiple tabs, the page is represented by a folder and the different important parts are represented by files. - -Example: -- tasks -- hosts -- all_hosts.ts -- authentications.ts -- events.ts -- main.ts -- uncommon_processes.ts - -## Run tests - -Currently serverless tests are not included in any pipeline, so the execution for now should be done in our local machines. - -### Visual mode - -- Navigate to `x-pack/test_serverless/functional/test_suites/security/cypress` -- Execute `yarn cypress:serverless:open` -- Select `E2E testing` -- Click on `Start E2E testing in chrome` -- Click on the test - -### Headless mode - -- Navigate to `x-pack/test_serverless/functional/test_suites/security/cypress` -- Execute `yarn cypress:serverless:run` diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts deleted file mode 100644 index 1db2cc6e0119f..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { defineCypressConfig } from '@kbn/cypress-config'; -import { dataLoaders as setupEndpointDataLoaders } from '@kbn/security-solution-plugin/public/management/cypress/support/data_loaders'; -import { setupUserDataLoader } from './support/setup_data_loader_tasks'; - -export default defineCypressConfig({ - defaultCommandTimeout: 60000, - execTimeout: 60000, - pageLoadTimeout: 60000, - responseTimeout: 60000, - screenshotsFolder: '../../../../../../target/kibana-security-solution/cypress/screenshots', - trashAssetsBeforeRuns: false, - video: false, - viewportHeight: 946, - viewportWidth: 1680, - numTestsKeptInMemory: 10, - env: { - KIBANA_USERNAME: 'system_indices_superuser', - KIBANA_PASSWORD: 'changeme', - ELASTICSEARCH_USERNAME: 'system_indices_superuser', - ELASTICSEARCH_PASSWORD: 'changeme', - }, - e2e: { - experimentalRunAllSpecs: true, - experimentalMemoryManagement: true, - supportFile: './support/e2e.js', - specPattern: './e2e/**/*.cy.ts', - setupNodeEvents: (on, config) => { - // Reuse data loaders from endpoint management cypress setup - setupEndpointDataLoaders(on, config); - setupUserDataLoader(on, config, {}); - }, - }, -}); diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/cypress.d.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/cypress.d.ts deleted file mode 100644 index a3e6066621aa1..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/cypress.d.ts +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -// / - -import { SecuritySolutionDescribeBlockFtrConfig } from '@kbn/security-solution-plugin/scripts/run_cypress/utils'; -import { - DeleteIndexedFleetEndpointPoliciesResponse, - IndexedFleetEndpointPolicyResponse, -} from '@kbn/security-solution-plugin/common/endpoint/data_loaders/index_fleet_endpoint_policy'; -import { CasePostRequest } from '@kbn/cases-plugin/common/api'; -import { - DeletedIndexedCase, - IndexedCase, -} from '@kbn/security-solution-plugin/common/endpoint/data_loaders/index_case'; -import { - HostActionResponse, - IndexEndpointHostsCyTaskOptions, -} from '@kbn/security-solution-plugin/public/management/cypress/types'; -import { IndexedHostsAndAlertsResponse } from '@kbn/security-solution-plugin/common/endpoint/index_data'; -import { DeleteIndexedEndpointHostsResponse } from '@kbn/security-solution-plugin/common/endpoint/data_loaders/index_endpoint_hosts'; -import { - DeletedIndexedEndpointRuleAlerts, - IndexedEndpointRuleAlerts, -} from '@kbn/security-solution-plugin/common/endpoint/data_loaders/index_endpoint_rule_alerts'; -import { - HostPolicyResponse, - LogsEndpointActionResponse, -} from '@kbn/security-solution-plugin/common/endpoint/types'; -import { IndexedEndpointPolicyResponse } from '@kbn/security-solution-plugin/common/endpoint/data_loaders/index_endpoint_policy_response'; -import { DeleteAllEndpointDataResponse } from '@kbn/security-solution-plugin/scripts/endpoint/common/delete_all_endpoint_data'; -import { LoadedRoleAndUser, ServerlessRoleName } from '../../../../shared/lib'; - -export interface LoadUserAndRoleCyTaskOptions { - name: ServerlessRoleName; -} - -declare global { - namespace Cypress { - interface SuiteConfigOverrides { - env?: { - ftrConfig: SecuritySolutionDescribeBlockFtrConfig; - }; - } - - interface Chainable { - /** - * Get Elements by `data-test-subj`. Note that his is a parent query and can only be used - * from `cy` - * - * @param args - * - * @example - * // Correct: - * cy.getByTestSubj('some-subject); - * - * // Incorrect: - * cy.get('someElement').getByTestSubj('some-subject); - */ - getByTestSubj( - ...args: Parameters['get']> - ): Chainable>; - - /** - * Finds elements by `data-test-subj` from within another. Can not be used directly from `cy`. - * - * @example - * // Correct: - * cy.get('someElement').findByTestSubj('some-subject); - * - * // Incorrect: - * cy.findByTestSubj('some-subject); - */ - findByTestSubj( - ...args: Parameters['find']> - ): Chainable>; - - /** - * Continuously call provided callback function until it either return `true` - * or fail if `timeout` is reached. - * @param fn - * @param options - */ - waitUntil( - fn: (subject?: any) => boolean | Promise | Chainable, - options?: Partial<{ - interval: number; - timeout: number; - }> - ): Chainable; - - // ---------------------------------------------------- - // - // TASKS - // - // ---------------------------------------------------- - task( - name: 'loadUserAndRole', - arg: LoadUserAndRoleCyTaskOptions, - options?: Partial - ): Chainable; - - task( - name: 'indexFleetEndpointPolicy', - arg: { - policyName: string; - endpointPackageVersion: string; - }, - options?: Partial - ): Chainable; - - task( - name: 'deleteIndexedFleetEndpointPolicies', - arg: IndexedFleetEndpointPolicyResponse, - options?: Partial - ): Chainable; - - task( - name: 'indexCase', - arg?: Partial, - options?: Partial - ): Chainable; - - task( - name: 'deleteIndexedCase', - arg: IndexedCase['data'], - options?: Partial - ): Chainable; - - task( - name: 'indexEndpointHosts', - arg?: IndexEndpointHostsCyTaskOptions, - options?: Partial - ): Chainable; - - task( - name: 'deleteIndexedEndpointHosts', - arg: IndexedHostsAndAlertsResponse, - options?: Partial - ): Chainable; - - task( - name: 'indexEndpointRuleAlerts', - arg?: { endpointAgentId: string; count?: number }, - options?: Partial - ): Chainable; - - task( - name: 'deleteIndexedEndpointRuleAlerts', - arg: IndexedEndpointRuleAlerts['alerts'], - options?: Partial - ): Chainable; - - task( - name: 'indexEndpointPolicyResponse', - arg: HostPolicyResponse, - options?: Partial - ): Chainable; - - task( - name: 'deleteIndexedEndpointPolicyResponse', - arg: IndexedEndpointPolicyResponse, - options?: Partial - ): Chainable; - - task( - name: 'sendHostActionResponse', - arg: HostActionResponse, - options?: Partial - ): Chainable; - - task( - name: 'deleteAllEndpointData', - arg: { endpointAgentIds: string[] }, - options?: Partial - ): Chainable; - - task( - name: 'createFileOnEndpoint', - arg: { hostname: string; path: string; content: string }, - options?: Partial - ): Chainable; - - task( - name: 'uploadFileToEndpoint', - arg: { hostname: string; srcPath: string; destPath: string }, - options?: Partial - ): Chainable; - - task( - name: 'installPackagesOnEndpoint', - arg: { hostname: string; packages: string[] }, - options?: Partial - ): Chainable; - - task( - name: 'readZippedFileContentOnEndpoint', - arg: { hostname: string; path: string; password?: string }, - options?: Partial - ): Chainable; - } - } -} diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/e2e/serverless.cy.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/e2e/serverless.cy.ts deleted file mode 100644 index 7000fe8ecca16..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/e2e/serverless.cy.ts +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { LEFT_NAVIGATION } from '../screens/landing_page'; -import { navigatesToLandingPage } from '../tasks/navigation'; - -describe('Serverless', () => { - it('Should navigate to the landing page', () => { - cy.visit('/', { - auth: { - username: 'elastic_serverless', - password: 'changeme', - }, - }); - navigatesToLandingPage(); - cy.get(LEFT_NAVIGATION).should('exist'); - }); -}); diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/package.json b/x-pack/test_serverless/functional/test_suites/security/cypress/package.json deleted file mode 100644 index ef8534585d4d0..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/package.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "author": "Elastic", - "name": "@kbn/security-solution-serverless", - "version": "1.0.0", - "private": true, - "license": "Elastic License 2.0", - "scripts": { - "cypress": "NODE_OPTIONS=--openssl-legacy-provider node ../../../../../../node_modules/.bin/cypress", - "cypress:open": "NODE_OPTIONS=--openssl-legacy-provider node ../../../../../plugins/security_solution/scripts/start_cypress_parallel open --config-file ../../../x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts --ftr-config-file ../../../../../../x-pack/test_serverless/functional/test_suites/security/cypress/security_config", - "cypress:run": "NODE_OPTIONS=--openssl-legacy-provider node ../../../../../plugins/security_solution/scripts/start_cypress_parallel run --browser chrome --config-file ../../../x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts --ftr-config-file ../../../../../../x-pack/test_serverless/functional/test_suites/security/cypress/security_config --reporter ../../../../../../node_modules/cypress-multi-reporters --reporter-options configFile=./reporter_config.json; status=$?; yarn junit:merge && exit $status", - "junit:merge": "../../../../../../node_modules/.bin/mochawesome-merge ../../../../../../target/kibana-security-serverless/cypress/results/mochawesome*.json > ../../../../../../target/kibana-security-serverless/cypress/results/output.json && ../../../../../../node_modules/.bin/marge ../../../../../../target/kibana-security-serverless/cypress/results/output.json --reportDir ../../../../../../target/kibana-security-serverless/cypress/results && mkdir -p ../../../../../../target/junit && cp ../../../../../../target/kibana-security-serverless/cypress/results/*.xml ../../../../../../target/junit/" - } -} \ No newline at end of file diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/reporter_config.json b/x-pack/test_serverless/functional/test_suites/security/cypress/reporter_config.json deleted file mode 100644 index 616e2382a8516..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/reporter_config.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "reporterEnabled": "mochawesome, mocha-junit-reporter", - "reporterOptions": { - "html": false, - "json": true, - "mochaFile": "../../../../../../target/kibana-security-serverless/cypress/results/TEST-security-solution-cypress-[hash].xml", - "overwrite": false, - "reportDir": "../../../../../../target/kibana-security-serverless/cypress/results" - } -} diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/runner.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/runner.ts deleted file mode 100644 index a83d8afbaefdc..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/runner.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../ftr_provider_context'; - -export type { FtrProviderContext } from '../../../ftr_provider_context'; - -export async function SecuritySolutionCypressTestRunner( - { getService }: FtrProviderContext, - envVars?: Record -) { - const config = getService('config'); - - return { - FORCE_COLOR: '1', - ELASTICSEARCH_USERNAME: config.get('servers.elasticsearch.username'), - ELASTICSEARCH_PASSWORD: config.get('servers.elasticsearch.password'), - ...envVars, - }; -} diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/screens/index.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/screens/index.ts deleted file mode 100644 index 194bf6301191a..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/screens/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export * from './landing_page'; diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/screens/landing_page.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/screens/landing_page.ts deleted file mode 100644 index 5b7450bd0492d..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/screens/landing_page.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const LEFT_NAVIGATION = '[data-test-subj="securitySolutionNavHeading"]'; diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/security_config.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/security_config.ts deleted file mode 100644 index e9b8a16c0b9c7..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/security_config.ts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -import { ES_RESOURCES } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/serverless'; -import type { FtrProviderContext } from './runner'; -import { SecuritySolutionCypressTestRunner } from './runner'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const securitySolutionCypressConfig = await readConfigFile( - require.resolve('./security_config.base.ts') - ); - - return { - ...securitySolutionCypressConfig.getAll(), - - esServerlessOptions: { - ...(securitySolutionCypressConfig.has('esServerlessOptions') - ? securitySolutionCypressConfig.get('esServerlessOptions') ?? {} - : {}), - resources: Object.values(ES_RESOURCES), - }, - - testRunner: (context: FtrProviderContext) => SecuritySolutionCypressTestRunner(context), - }; -} diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/support/commands.js b/x-pack/test_serverless/functional/test_suites/security/cypress/support/commands.js deleted file mode 100644 index 73895fbbec589..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/support/commands.js +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -// *********************************************** -// This example commands.js shows you how to -// create various custom commands and overwrite -// existing commands. -// -// For more comprehensive examples of custom -// commands please read more here: -// https://on.cypress.io/custom-commands -// *********************************************** -// -// -// -- This is a parent command -- -// Cypress.Commands.add("login", (email, password) => { ... }) -// -// -// -- This is a child command -- -// Cypress.Commands.add("drag", { prevSubject: 'element'}, (subject, options) => { ... }) -// -// -// -- This is a dual command -- -// Cypress.Commands.add("dismiss", { prevSubject: 'optional'}, (subject, options) => { ... }) -// -// -// -- This is will overwrite an existing command -- -// Cypress.Commands.overwrite("visit", (originalFn, url, options) => { ... }) diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/support/e2e.js b/x-pack/test_serverless/functional/test_suites/security/cypress/support/e2e.js deleted file mode 100644 index 6095b2ada6c81..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/support/e2e.js +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -// *********************************************************** -// This example support/index.js is processed and -// loaded automatically before your test files. -// -// This is a great place to put global configuration and -// behavior that modifies Cypress. -// -// You can change the location of this file or turn off -// automatically serving support files with the -// 'supportFile' configuration option. -// -// You can read more here: -// https://on.cypress.io/configuration -// *********************************************************** - -import './commands'; -import 'cypress-real-events/support'; -import '@kbn/security-solution-plugin/public/management/cypress/support/e2e'; - -Cypress.on('uncaught:exception', () => { - return false; -}); diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/support/index.d.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/support/index.d.ts deleted file mode 100644 index 6928ba89a56f0..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/support/index.d.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -declare namespace Cypress { - interface Chainable { - promisify(): Promise; - attachFile(fileName: string, fileType?: string): Chainable; - waitUntil( - fn: (subject: Subject) => boolean | Chainable, - options?: { - interval: number; - timeout: number; - } - ): Chainable; - } -} - -declare namespace Mocha { - interface SuiteFunction { - (title: string, ftrConfig: Record, fn: (this: Suite) => void): Suite; - ( - title: string, - ftrConfig?: Record, - config: Cypress.TestConfigOverrides, - fn: (this: Suite) => void - ): Suite; - } - - interface ExclusiveSuiteFunction { - (title: string, ftrConfig: Record, fn: (this: Suite) => void): Suite; - ( - title: string, - ftrConfig?: Record, - config: Cypress.TestConfigOverrides, - fn: (this: Suite) => void - ): Suite; - } - - interface PendingSuiteFunction { - (title: string, ftrConfig: Record, fn: (this: Suite) => void): Suite; - ( - title: string, - ftrConfig?: Record, - config: Cypress.TestConfigOverrides, - fn: (this: Suite) => void - ): Suite | void; - } -} diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/endpoint_management/index_endpoint_hosts.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/endpoint_management/index_endpoint_hosts.ts deleted file mode 100644 index 81ea6d009814d..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/endpoint_management/index_endpoint_hosts.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - DeleteIndexedHostsAndAlertsResponse, - IndexedHostsAndAlertsResponse, -} from '@kbn/security-solution-plugin/common/endpoint/index_data'; -import { IndexEndpointHostsCyTaskOptions } from '@kbn/security-solution-plugin/public/management/cypress/types'; - -export interface CyIndexEndpointHosts { - data: IndexedHostsAndAlertsResponse; - cleanup: () => Cypress.Chainable; -} - -export const indexEndpointHosts = ( - options: IndexEndpointHostsCyTaskOptions = {} -): Cypress.Chainable => { - return cy.task('indexEndpointHosts', options, { timeout: 240000 }).then((indexHosts) => { - return { - data: indexHosts, - cleanup: () => { - cy.log( - 'Deleting Endpoint Host data', - indexHosts.hosts.map((host) => `${host.host.name} (${host.host.id})`) - ); - - return cy.task('deleteIndexedEndpointHosts', indexHosts); - }, - }; - }); -}; diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/login.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/login.ts deleted file mode 100644 index 7ff366ea2cd14..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/login.ts +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { request } from '@kbn/security-solution-plugin/public/management/cypress/tasks/common'; -import { LoginState } from '@kbn/security-plugin/common/login_state'; -import type { ServerlessRoleName } from '../../../../../shared/lib'; -import { ServerlessRoleName as RoleName } from '../../../../../shared/lib/security/types'; -import { STANDARD_HTTP_HEADERS } from '../../../../../shared/lib/security/default_http_headers'; - -/** - * Send login via API - * @param username - * @param password - * - * @private - */ -const sendApiLoginRequest = ( - username: string, - password: string -): Cypress.Chainable<{ username: string; password: string }> => { - const baseUrl = Cypress.config().baseUrl; - - cy.log(`Authenticating [${username}] via ${baseUrl}`); - - const headers = { ...STANDARD_HTTP_HEADERS }; - return request({ headers, url: `${baseUrl}/internal/security/login_state` }) - .then((loginState) => { - const basicProvider = loginState.body.selector.providers.find( - (provider) => provider.type === 'basic' - ); - return request({ - url: `${baseUrl}/internal/security/login`, - method: 'POST', - headers, - body: { - providerType: basicProvider?.type, - providerName: basicProvider?.name, - currentURL: '/', - params: { username, password }, - }, - }); - }) - .then(() => ({ username, password })); -}; - -interface CyLoginTask { - (user?: ServerlessRoleName | 'elastic'): ReturnType; - - /** - * Login using any username/password - * @param username - * @param password - */ - with(username: string, password: string): ReturnType; -} - -/** - * Login to Kibana using API (not login page). By default, user will be logged in using - * the username and password defined via `KIBANA_USERNAME` and `KIBANA_PASSWORD` cypress env - * variables. - * @param user Defaults to `soc_manager` - */ -export const login: CyLoginTask = ( - user: ServerlessRoleName | 'elastic' = RoleName.SOC_MANAGER -): ReturnType => { - let username = Cypress.env('KIBANA_USERNAME'); - let password = Cypress.env('KIBANA_PASSWORD'); - - if (user && user !== 'elastic') { - return cy.task('loadUserAndRole', { name: user }).then((loadedUser) => { - username = loadedUser.username; - password = loadedUser.password; - - return sendApiLoginRequest(username, password); - }); - } else { - return sendApiLoginRequest(username, password); - } -}; - -login.with = (username: string, password: string): ReturnType => { - return sendApiLoginRequest(username, password); -}; diff --git a/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/navigation.ts b/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/navigation.ts deleted file mode 100644 index af00f418747c5..0000000000000 --- a/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/navigation.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const navigatesToLandingPage = () => { - cy.visit('/app/security/get_started'); -}; diff --git a/x-pack/test_serverless/tsconfig.json b/x-pack/test_serverless/tsconfig.json index 92048160cb622..388a4732fdd9e 100644 --- a/x-pack/test_serverless/tsconfig.json +++ b/x-pack/test_serverless/tsconfig.json @@ -40,7 +40,6 @@ "@kbn/server-route-repository", "@kbn/core-chrome-browser", "@kbn/security-plugin", - "@kbn/security-solution-plugin", "@kbn/security-solution-plugin/public/management/cypress", "@kbn/tooling-log", "@kbn/cases-plugin", From d03018ce6c855814731693cbf39e98d7eccb4339 Mon Sep 17 00:00:00 2001 From: Tomasz Ciecierski Date: Thu, 24 Oct 2024 17:29:32 +0200 Subject: [PATCH 52/99] [EDR Workflows] Rename Osquery Serverless tests job name (#197588) --- .buildkite/pipelines/chrome_forward_testing.yml | 2 +- .../pipelines/es_serverless/verify_es_serverless_image.yml | 2 +- .buildkite/pipelines/on_merge.yml | 2 +- .buildkite/pipelines/pointer_compression.yml | 2 +- .../pull_request/security_solution/osquery_cypress.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.buildkite/pipelines/chrome_forward_testing.yml b/.buildkite/pipelines/chrome_forward_testing.yml index 6dafddd8b2c5c..daf928cf2c162 100644 --- a/.buildkite/pipelines/chrome_forward_testing.yml +++ b/.buildkite/pipelines/chrome_forward_testing.yml @@ -300,7 +300,7 @@ steps: limit: 1 - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh - label: 'Serverless Osquery Cypress Tests' + label: 'Osquery Cypress Tests on Serverless' agents: machineType: n2-standard-4 preemptible: true diff --git a/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml b/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml index ae50082726289..6b72b5af240d2 100644 --- a/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml +++ b/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml @@ -218,7 +218,7 @@ steps: limit: 1 - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh - label: "Serverless Osquery Cypress Tests" + label: "Osquery Cypress Tests on Serverless" if: "build.env('SKIP_CYPRESS') != '1' && build.env('SKIP_CYPRESS') != 'true'" agents: image: family/kibana-ubuntu-2004 diff --git a/.buildkite/pipelines/on_merge.yml b/.buildkite/pipelines/on_merge.yml index 0e87d401c196e..64067ec52a4d3 100644 --- a/.buildkite/pipelines/on_merge.yml +++ b/.buildkite/pipelines/on_merge.yml @@ -405,7 +405,7 @@ steps: limit: 1 - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh - label: 'Serverless Osquery Cypress Tests' + label: 'Osquery Cypress Tests on Serverless' agents: image: family/kibana-ubuntu-2004 imageProject: elastic-images-prod diff --git a/.buildkite/pipelines/pointer_compression.yml b/.buildkite/pipelines/pointer_compression.yml index b36871d6d9634..41598b3faed1f 100644 --- a/.buildkite/pipelines/pointer_compression.yml +++ b/.buildkite/pipelines/pointer_compression.yml @@ -339,7 +339,7 @@ steps: limit: 1 - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh - label: 'Serverless Osquery Cypress Tests' + label: 'Osquery Cypress Tests on Serverless' agents: image: family/kibana-ubuntu-2004 imageProject: elastic-images-prod diff --git a/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml b/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml index 26faa344371c9..5fa8fe359ada6 100644 --- a/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml +++ b/.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml @@ -15,7 +15,7 @@ steps: limit: 1 - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh - label: 'Serverless Osquery Cypress Tests' + label: 'Osquery Cypress Tests on Serverless' agents: machineType: n2-standard-4 preemptible: true From 66b2447fe7879dec1ede5c5cd3aea9b34ae1fad9 Mon Sep 17 00:00:00 2001 From: James Gowdy Date: Thu, 24 Oct 2024 16:33:36 +0100 Subject: [PATCH 53/99] [ML] File upload: enabling check for model allocations (#197395) Enables the previously commented out check for `num_allocations` when listing the inference endpoints. The adaptive allocation count can drop to 0, but it is still valid for use. Uploading a file will cause it to be re-deployed. Related to es PRs https://github.com/elastic/elasticsearch/pull/115233 and https://github.com/elastic/elasticsearch/pull/115095 Follow on from https://github.com/elastic/kibana/pull/196577 --- x-pack/plugins/data_visualizer/server/routes.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/data_visualizer/server/routes.ts b/x-pack/plugins/data_visualizer/server/routes.ts index e04ba7521bfa4..2b2a347034b87 100644 --- a/x-pack/plugins/data_visualizer/server/routes.ts +++ b/x-pack/plugins/data_visualizer/server/routes.ts @@ -96,9 +96,9 @@ export function routes(coreSetup: CoreSetup, logger: Logger) const filteredInferenceEndpoints = endpoints.filter((endpoint) => { return ( - endpoint.task_type === 'sparse_embedding' || endpoint.task_type === 'text_embedding' - // TODO: add this back in when the fix has made it into es in 8.16 - // && endpoint.service_settings.num_allocations > 0 + (endpoint.task_type === 'sparse_embedding' || + endpoint.task_type === 'text_embedding') && + endpoint.service_settings.num_allocations >= 0 ); }); From 9c92b528fdd13e67185e1f668919f039f25167d0 Mon Sep 17 00:00:00 2001 From: Elena Stoeva <59341489+ElenaStoeva@users.noreply.github.com> Date: Thu, 24 Oct 2024 16:39:13 +0100 Subject: [PATCH 54/99] [Ingest pipelines] Use human-readable database names in IP location processor form (#197413) Fixes https://github.com/elastic/kibana/issues/196768 ## Summary This PR adds human-readable labels in the Database field in the IP location processor form. https://github.com/user-attachments/assets/94fb5e22-ccae-4bff-b6fb-92ae0cf9449c --- .../plugins/ingest_pipelines/common/types.ts | 5 ++ .../processor_form/processors/ip_location.tsx | 20 ++++++- .../sections/manage_processors/constants.ts | 6 +- .../sections/manage_processors/geoip_list.tsx | 7 +-- .../sections/manage_processors/utils.test.ts | 60 +++++++++++++++++++ .../sections/manage_processors/utils.ts | 44 ++++++++++++++ 6 files changed, 132 insertions(+), 10 deletions(-) create mode 100644 x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.test.ts create mode 100644 x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.ts diff --git a/x-pack/plugins/ingest_pipelines/common/types.ts b/x-pack/plugins/ingest_pipelines/common/types.ts index 4c68b443fb8fb..793d54b085be2 100644 --- a/x-pack/plugins/ingest_pipelines/common/types.ts +++ b/x-pack/plugins/ingest_pipelines/common/types.ts @@ -35,6 +35,11 @@ export enum FieldCopyAction { export type DatabaseType = 'maxmind' | 'ipinfo' | 'web' | 'local' | 'unknown'; +export interface DatabaseNameOption { + value: string; + text: string; +} + export interface GeoipDatabase { name: string; id: string; diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/ip_location.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/ip_location.tsx index 765c482f1c86b..83ee9f7ef0085 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/ip_location.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/ip_location.tsx @@ -25,6 +25,7 @@ import { FieldsConfig, from, to } from './shared'; import { TargetField } from './common_fields/target_field'; import { PropertiesField } from './common_fields/properties_field'; import type { GeoipDatabase } from '../../../../../../../common/types'; +import { getDatabaseText, getDatabaseValue } from '../../../../../sections/manage_processors/utils'; import { getTypeLabel } from '../../../../../sections/manage_processors/constants'; const extension = '.mmdb'; @@ -33,8 +34,20 @@ const fieldsConfig: FieldsConfig = { /* Optional field config */ database_file: { type: FIELD_TYPES.COMBO_BOX, - deserializer: (v: unknown) => to.arrayOfStrings(v).map((str) => str?.split(extension)[0]), - serializer: (v: string[]) => (v.length ? `${v[0]}${extension}` : undefined), + deserializer: (v: unknown) => + to.arrayOfStrings(v).map((str) => { + const databaseName = str?.split(extension)[0]; + // Use the translated text for this database, if it exists + return getDatabaseText(databaseName) ?? databaseName; + }), + serializer: (v: any[]) => { + if (v.length) { + const databaseName = v[0]; + const databaseValue = getDatabaseValue(databaseName); + return databaseValue ? `${databaseValue}${extension}` : `${databaseName}${extension}`; + } + return undefined; + }, label: i18n.translate('xpack.ingestPipelines.pipelineEditor.ipLocationForm.databaseFileLabel', { defaultMessage: 'Database file (optional)', }), @@ -77,7 +90,8 @@ export const IpLocation: FunctionComponent = () => { const dataAsOptions = (data || []).map((item) => ({ id: item.id, type: item.type, - label: item.name, + // Use the translated text for this database, if it exists + label: getDatabaseText(item.name) ?? item.name, })); const optionsByGroup = groupBy(dataAsOptions, 'type'); const groupedOptions = map(optionsByGroup, (items, groupName) => ({ diff --git a/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/constants.ts b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/constants.ts index 63b201936d859..bc71e6ac59cad 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/constants.ts +++ b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/constants.ts @@ -6,7 +6,7 @@ */ import { i18n } from '@kbn/i18n'; -import type { GeoipDatabase } from '../../../../common/types'; +import type { GeoipDatabase, DatabaseNameOption } from '../../../../common/types'; export const ADD_DATABASE_MODAL_TITLE_ID = 'manageProcessorsAddGeoipDatabase'; export const ADD_DATABASE_MODAL_FORM_ID = 'manageProcessorsAddGeoipDatabaseForm'; @@ -24,7 +24,7 @@ export const DATABASE_TYPE_OPTIONS = [ }), }, ]; -export const GEOIP_NAME_OPTIONS = [ +export const GEOIP_NAME_OPTIONS: DatabaseNameOption[] = [ { value: 'GeoIP2-Anonymous-IP', text: i18n.translate('xpack.ingestPipelines.manageProcessors.geoip.anonymousIPDatabaseName', { @@ -71,7 +71,7 @@ export const GEOIP_NAME_OPTIONS = [ }), }, ]; -export const IPINFO_NAME_OPTIONS = [ +export const IPINFO_NAME_OPTIONS: DatabaseNameOption[] = [ { value: 'asn', text: i18n.translate('xpack.ingestPipelines.manageProcessors.ipinfo.freeAsnDatabaseName', { diff --git a/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/geoip_list.tsx b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/geoip_list.tsx index 0acb66ba7dd25..a6512c1442ede 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/geoip_list.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/geoip_list.tsx @@ -23,7 +23,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { css } from '@emotion/react'; -import { IPINFO_NAME_OPTIONS } from './constants'; +import { getDatabaseText } from './utils'; import type { GeoipDatabase } from '../../../../common/types'; import { SectionLoading, useKibana } from '../../../shared_imports'; import { getTypeLabel } from './constants'; @@ -71,9 +71,8 @@ export const GeoipList: React.FunctionComponent = () => { sortable: true, render: (name: string, row) => { if (row.type === 'ipinfo') { - // find the name in the options to get the translated value - const option = IPINFO_NAME_OPTIONS.find((opt) => opt.value === name); - return option?.text ?? name; + // Use the translated text for this database, if it exists + return getDatabaseText(name, 'ipinfo') ?? name; } return name; diff --git a/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.test.ts b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.test.ts new file mode 100644 index 0000000000000..c5b12a95bc539 --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.test.ts @@ -0,0 +1,60 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getDatabaseValue, getDatabaseText } from './utils'; + +describe('getDatabaseValue', () => { + it('should return the value for a given database text for maxmind', () => { + const databaseText = 'GeoIP2 City'; + const result = getDatabaseValue(databaseText, 'maxmind'); + expect(result).toBe('GeoIP2-City'); + }); + + it('should return the value for a given database text for ipinfo', () => { + const databaseText = 'Free IP to ASN'; + const result = getDatabaseValue(databaseText, 'ipinfo'); + expect(result).toBe('asn'); + }); + + it('should return undefined if the database text is not found', () => { + const databaseText = 'Unknown Database'; + const result = getDatabaseValue(databaseText); + expect(result).toBeUndefined(); + }); + + it('should return the value when no type is provided and the database text is found in any option', () => { + const databaseText = 'ASN'; + const result = getDatabaseValue(databaseText); + expect(result).toBe('standard_asn'); + }); +}); + +describe('getDatabaseText', () => { + it('should return the human-readable name for a given database value for maxmind', () => { + const databaseValue = 'GeoIP2-City'; + const result = getDatabaseText(databaseValue, 'maxmind'); + expect(result).toBe('GeoIP2 City'); + }); + + it('should return the human-readable name for a given database value for ipinfo', () => { + const databaseValue = 'asn'; + const result = getDatabaseText(databaseValue, 'ipinfo'); + expect(result).toBe('Free IP to ASN'); + }); + + it('should return undefined if the database value is not found', () => { + const databaseValue = 'unknown-value'; + const result = getDatabaseText(databaseValue); + expect(result).toBeUndefined(); + }); + + it('should return the human-readable name when no type is provided and the value is found in any option', () => { + const databaseValue = 'standard_location'; + const result = getDatabaseText(databaseValue); + expect(result).toBe('IP Geolocation'); + }); +}); diff --git a/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.ts b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.ts new file mode 100644 index 0000000000000..83a6557cf4fd1 --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/sections/manage_processors/utils.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { DatabaseType, DatabaseNameOption } from '../../../../common/types'; +import { GEOIP_NAME_OPTIONS, IPINFO_NAME_OPTIONS } from './constants'; + +const getDatabaseNameOptions = (type?: DatabaseType): DatabaseNameOption[] => { + switch (type) { + case 'maxmind': + return GEOIP_NAME_OPTIONS; + case 'ipinfo': + return IPINFO_NAME_OPTIONS; + case undefined: + return [...GEOIP_NAME_OPTIONS, ...IPINFO_NAME_OPTIONS]; + default: + return []; + } +}; + +/** + * Returns the value/id of the database, if it exists. + * + * @param databaseText The human-readable name of the database + * @param type If specified, searches only in the database name options for this type + */ +export const getDatabaseValue = (databaseText: string, type?: DatabaseType): string | undefined => { + const options = getDatabaseNameOptions(type); + return options.find((opt) => opt.text === databaseText)?.value; +}; + +/** + * Returns the human-readable name of the database, if it exists. + * + * @param databaseText The id/value of the database + * @param type If specified, searches only in the database name options for this type + */ +export const getDatabaseText = (databaseValue: string, type?: DatabaseType): string | undefined => { + const options = getDatabaseNameOptions(type); + return options.find((opt) => opt.value === databaseValue)?.text; +}; From d885bbebe896fd04c88fb556635fd69938614074 Mon Sep 17 00:00:00 2001 From: Melissa Alvarez Date: Thu, 24 Oct 2024 09:44:56 -0600 Subject: [PATCH 55/99] [ML] Anomaly Detection: add never expire option to forecast creation modal (#195151) ## Summary This PR adds an option in the forecast creation modal to prevent a forecast from expiring. Related issue: https://github.com/elastic/kibana/issues/160741 ![image](https://github.com/user-attachments/assets/2fb2a73b-5d64-4018-809a-7c610ef44ee3) ![image](https://github.com/user-attachments/assets/1df768ff-98ce-441b-ad4f-b5b31cc62432) ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Elastic Machine --- .../forecasts_table/forecasts_table.js | 9 ++- .../application/services/forecast_service.ts | 3 +- .../services/ml_api_service/index.ts | 11 +++- .../forecasting_modal/forecasting_modal.js | 11 +++- .../forecasting_modal/run_controls.js | 56 +++++++++++++++---- .../ml/server/routes/anomaly_detectors.ts | 3 +- .../schemas/anomaly_detectors_schema.ts | 5 +- .../forecasts.ts | 1 + .../test/functional/services/ml/forecast.ts | 5 ++ 9 files changed, 85 insertions(+), 19 deletions(-) diff --git a/x-pack/plugins/ml/public/application/jobs/jobs_list/components/job_details/forecasts_table/forecasts_table.js b/x-pack/plugins/ml/public/application/jobs/jobs_list/components/job_details/forecasts_table/forecasts_table.js index bfed613b9ad5d..4c14715ddf425 100644 --- a/x-pack/plugins/ml/public/application/jobs/jobs_list/components/job_details/forecasts_table/forecasts_table.js +++ b/x-pack/plugins/ml/public/application/jobs/jobs_list/components/job_details/forecasts_table/forecasts_table.js @@ -350,7 +350,14 @@ export class ForecastsTable extends Component { name: i18n.translate('xpack.ml.jobsList.jobDetails.forecastsTable.expiresLabel', { defaultMessage: 'Expires', }), - render: timeFormatter, + render: (value) => { + if (value === undefined) { + return i18n.translate('xpack.ml.jobsList.jobDetails.forecastsTable.neverExpiresLabel', { + defaultMessage: 'Never expires', + }); + } + return timeFormatter(value); + }, textOnly: true, sortable: true, }, diff --git a/x-pack/plugins/ml/public/application/services/forecast_service.ts b/x-pack/plugins/ml/public/application/services/forecast_service.ts index d1778dbf948f6..51ddc3ef9a926 100644 --- a/x-pack/plugins/ml/public/application/services/forecast_service.ts +++ b/x-pack/plugins/ml/public/application/services/forecast_service.ts @@ -319,7 +319,7 @@ export function forecastServiceFactory(mlApi: MlApi) { ); } // Runs a forecast - function runForecast(jobId: string, duration?: string) { + function runForecast(jobId: string, duration?: string, neverExpires?: boolean) { // eslint-disable-next-line no-console console.log('ML forecast service run forecast with duration:', duration); return new Promise((resolve, reject) => { @@ -327,6 +327,7 @@ export function forecastServiceFactory(mlApi: MlApi) { .forecast({ jobId, duration, + neverExpires, }) .then((resp) => { resolve(resp); diff --git a/x-pack/plugins/ml/public/application/services/ml_api_service/index.ts b/x-pack/plugins/ml/public/application/services/ml_api_service/index.ts index 868ca0d5baa0f..f69e60453bfd4 100644 --- a/x-pack/plugins/ml/public/application/services/ml_api_service/index.ts +++ b/x-pack/plugins/ml/public/application/services/ml_api_service/index.ts @@ -359,9 +359,18 @@ export function mlApiProvider(httpService: HttpService) { }); }, - forecast({ jobId, duration }: { jobId: string; duration?: string }) { + forecast({ + jobId, + duration, + neverExpires, + }: { + jobId: string; + duration?: string; + neverExpires?: boolean; + }) { const body = JSON.stringify({ ...(duration !== undefined ? { duration } : {}), + ...(neverExpires === true ? { expires_in: '0' } : {}), }); return httpService.http({ diff --git a/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/forecasting_modal.js b/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/forecasting_modal.js index 1bd47ff69ebc6..2bd5192fb870f 100644 --- a/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/forecasting_modal.js +++ b/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/forecasting_modal.js @@ -53,6 +53,7 @@ function getDefaultState() { newForecastDuration: '1d', isNewForecastDurationValid: true, newForecastDurationErrors: [], + neverExpires: false, messages: [], }; } @@ -109,6 +110,12 @@ export class ForecastingModal extends Component { this.closeModal(); }; + onNeverExpiresChange = (event) => { + this.setState({ + neverExpires: event.target.checked, + }); + }; + onNewForecastDurationChange = (event) => { const newForecastDurationErrors = []; let isNewForecastDurationValid = true; @@ -263,7 +270,7 @@ export class ForecastingModal extends Component { const durationInSeconds = parseInterval(this.state.newForecastDuration).asSeconds(); this.mlForecastService - .runForecast(this.props.job.job_id, `${durationInSeconds}s`) + .runForecast(this.props.job.job_id, `${durationInSeconds}s`, this.state.neverExpires) .then((resp) => { // Endpoint will return { acknowledged:true, id: } before forecast is complete. // So wait for results and then refresh the dashboard to the end of the forecast. @@ -551,6 +558,8 @@ export class ForecastingModal extends Component { runForecast={this.checkJobStateAndRunForecast} newForecastDuration={this.state.newForecastDuration} onNewForecastDurationChange={this.onNewForecastDurationChange} + onNeverExpiresChange={this.onNeverExpiresChange} + neverExpires={this.state.neverExpires} isNewForecastDurationValid={this.state.isNewForecastDurationValid} newForecastDurationErrors={this.state.newForecastDurationErrors} isForecastRequested={this.state.isForecastRequested} diff --git a/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/run_controls.js b/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/run_controls.js index 420ce2a0a7648..bc77a3d5fa38d 100644 --- a/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/run_controls.js +++ b/x-pack/plugins/ml/public/application/timeseriesexplorer/components/forecasting_modal/run_controls.js @@ -20,6 +20,7 @@ import { EuiForm, EuiFormRow, EuiSpacer, + EuiSwitch, EuiText, EuiToolTip, } from '@elastic/eui'; @@ -82,6 +83,8 @@ export function RunControls({ newForecastDuration, isNewForecastDurationValid, newForecastDurationErrors, + neverExpires, + onNeverExpiresChange, onNewForecastDurationChange, runForecast, isForecastRequested, @@ -133,8 +136,8 @@ export function RunControls({ - - + + - - - {disabledState.isDisabledToolTipText === undefined ? ( - runButton - ) : ( - - {runButton} - - )} - + + + + + + + + + + {disabledState.isDisabledToolTipText === undefined ? ( + runButton + ) : ( + + {runButton} + + )} + + + @@ -193,7 +223,9 @@ RunControls.propType = { newForecastDuration: PropTypes.string, isNewForecastDurationValid: PropTypes.bool, newForecastDurationErrors: PropTypes.array, + neverExpires: PropTypes.bool.isRequired, onNewForecastDurationChange: PropTypes.func.isRequired, + onNeverExpiresChange: PropTypes.func.isRequired, runForecast: PropTypes.func.isRequired, isForecastRequested: PropTypes.bool, forecastProgress: PropTypes.number, diff --git a/x-pack/plugins/ml/server/routes/anomaly_detectors.ts b/x-pack/plugins/ml/server/routes/anomaly_detectors.ts index 4f843620003ba..8cd9f45a4217e 100644 --- a/x-pack/plugins/ml/server/routes/anomaly_detectors.ts +++ b/x-pack/plugins/ml/server/routes/anomaly_detectors.ts @@ -439,11 +439,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) { routeGuard.fullLicenseAPIGuard(async ({ mlClient, request, response }) => { try { const jobId = request.params.jobId; - const duration = request.body.duration; const body = await mlClient.forecast({ job_id: jobId, body: { - duration, + ...request.body, }, }); return response.ok({ diff --git a/x-pack/plugins/ml/server/routes/schemas/anomaly_detectors_schema.ts b/x-pack/plugins/ml/server/routes/schemas/anomaly_detectors_schema.ts index 3b1eb0b481e46..6084097c4a843 100644 --- a/x-pack/plugins/ml/server/routes/schemas/anomaly_detectors_schema.ts +++ b/x-pack/plugins/ml/server/routes/schemas/anomaly_detectors_schema.ts @@ -211,7 +211,10 @@ export const updateModelSnapshotBodySchema = schema.object({ retain: schema.maybe(schema.boolean()), }); -export const forecastAnomalyDetector = schema.object({ duration: schema.any() }); +export const forecastAnomalyDetector = schema.object({ + duration: schema.any(), + expires_in: schema.maybe(schema.any()), +}); export const forceQuerySchema = schema.object({ force: schema.maybe(schema.boolean()), diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_result_views/forecasts.ts b/x-pack/test/functional/apps/ml/anomaly_detection_result_views/forecasts.ts index 3a60e8fca97c2..a43d9e2cb0e2f 100644 --- a/x-pack/test/functional/apps/ml/anomaly_detection_result_views/forecasts.ts +++ b/x-pack/test/functional/apps/ml/anomaly_detection_result_views/forecasts.ts @@ -87,6 +87,7 @@ export default function ({ getService }: FtrProviderContext) { await ml.forecast.assertForecastButtonExists(); await ml.forecast.assertForecastButtonEnabled(true); await ml.forecast.openForecastModal(); + await ml.forecast.assertForecastNeverExpireSwitchExists(); await ml.forecast.assertForecastModalRunButtonEnabled(true); await ml.testExecution.logTestStep('should run the forecast and close the modal'); diff --git a/x-pack/test/functional/services/ml/forecast.ts b/x-pack/test/functional/services/ml/forecast.ts index ab0664b0f077f..9bb5a2f6ed770 100644 --- a/x-pack/test/functional/services/ml/forecast.ts +++ b/x-pack/test/functional/services/ml/forecast.ts @@ -102,6 +102,11 @@ export function MachineLearningForecastProvider({ getPageObject, getService }: F }); }, + async assertForecastNeverExpireSwitchExists() { + await testSubjects.existOrFail('mlModalForecastNeverExpireSwitch'); + expect(await testSubjects.isChecked('mlModalForecastNeverExpireSwitch')).to.be(false); + }, + async assertForecastModalRunButtonEnabled(expectedValue: boolean) { await headerPage.waitUntilLoadingHasFinished(); const isEnabled = await testSubjects.isEnabled('mlModalForecast > mlModalForecastButtonRun'); From 9f3506544e6e8c9e1aad9416eb68b84ad3867f69 Mon Sep 17 00:00:00 2001 From: Marco Vettorello Date: Thu, 24 Oct 2024 18:02:42 +0200 Subject: [PATCH 56/99] Move react-is as devDependency (#197568) ## Summary `react-is` is used only in a single test. As suggested by the ops team we should move this dependency in the `devDependencies` list. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9109461115299..ee4dd1ce4f0fa 100644 --- a/package.json +++ b/package.json @@ -1216,7 +1216,6 @@ "react-grid-layout": "^1.3.4", "react-hook-form": "^7.44.2", "react-intl": "6.6.6", - "react-is": "^17.0.2", "react-markdown": "^6.0.3", "react-popper-tooltip": "^3.1.1", "react-recompose": "^0.33.0", @@ -1793,6 +1792,7 @@ "prettier": "^2.8.8", "proxy": "^2.1.1", "raw-loader": "^3.1.0", + "react-is": "^17.0.2", "react-test-renderer": "^17.0.2", "recast": "^0.23.9", "regenerate": "^1.4.0", From 855456b3bf26204c9a32008a1bc538d9c63b5190 Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Thu, 24 Oct 2024 17:05:09 +0100 Subject: [PATCH 57/99] [Entity Store] Bugfix: Double nested arrays (#197589) ## Summary Entities were appearing in the entity store with double nested arrays like below. The issue was that the arrays changed from `List` to `Set` type and the code only checked for lists. Using `Collection` has fixed this. ``` "_index": ".entities.v1.latest.security_host_default", "_id": "c03w7AZsMkm_obWF2HZEirgAAAAAAAAA", "_score": 1, "_source": { "host": { "hostname": [ [ "small-host-1.example.small.com" ] ], "domain": [ [ "example.small.com" ] ], "ip": [ [ "192.168.1.1", "192.168.1.0", "192.168.1.3", "192.168.1.2", "192.168.1.9", "192.168.1.8", "192.168.1.5", "192.168.1.4", "192.168.1.7", "192.168.1.6" ] ], ``` --------- Co-authored-by: Elastic Machine --- .../entity_analytics/entity_store/entity_store_data_client.ts | 2 +- .../entity_store/field_retention_definition/collect_values.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts index 2cb119e6d37fe..429d77482841e 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts @@ -156,7 +156,7 @@ export class EntityStoreDataClient { filter, pipelineDebugMode ).catch((error) => { - logger.error('There was an error during async setup of the Entity Store', error); + logger.error(`There was an error during async setup of the Entity Store: ${error}`); }); return descriptor; diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/field_retention_definition/collect_values.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/field_retention_definition/collect_values.ts index 3241b1dce29fa..ee26c0dbd64c8 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/field_retention_definition/collect_values.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/field_retention_definition/collect_values.ts @@ -30,7 +30,7 @@ export const collectValuesProcessor: FieldRetentionOperatorBuilder Date: Thu, 24 Oct 2024 18:09:38 +0200 Subject: [PATCH 58/99] Create a common Int Validator and use it in ingest_pipelines and Index_lifecycle_management (#196527) Closes [#110417 ](https://github.com/elastic/kibana/issues/110417) ## Summary In the Ingest Node Pipelines section, when the users created a new pipeline selecting de Community ID processor the users could set a non-integer number in this field. Then, they received a server side error when tried to create a pipeline. For fixing this, a validation must be added in the client. We didn't have a reusable validation for this case, but we did have a custom validation for integer values in the Index lifecycle management plugin. We also had the necessary translation in that plugin. So I went forward with: * I created a new integer validator in the `es_ui_shared` package as it is a fairly common validation and we could take advantage of it in the future. Also added a couple of unit test there for this validator. * I reused in the `ingest_pipelines` plugin the strings that already existed in `index_lifecycle_management`. * I added the new validation in the Community ID form in the `ingest_pipelines` plugin. Also added some test verifying that the processor doesn't create when the seeds validation fails. * Changed the method in the `index_lifecycle_management` validator so now it uses the reusable one. Now the Ingest pipeline forms shows the validation when the number is not an integer: ![Screenshot 2024-10-16 at 12 16 47](https://github.com/user-attachments/assets/1db9ad22-b144-44a5-9012-d3ebd5a19b6f) And the `index_lifecycle_management` still shows the validations as expected: Screenshot 2024-10-16 at 11 49 53 --- .../forms/helpers/field_validators/index.ts | 1 + .../field_validators/is_integer.test.ts | 47 ++++++++++++++++++ .../helpers/field_validators/is_integer.ts | 27 +++++++++++ .../forms/helpers/field_validators/types.ts | 3 +- .../sections/edit_policy/form/schema.ts | 13 +++-- .../sections/edit_policy/form/validations.ts | 6 --- .../edit_data_retention_modal.tsx | 21 ++++---- .../__jest__/processors/community_id.test.tsx | 48 +++++++++++++++++++ .../processors/community_id.tsx | 10 +++- .../translations/translations/fr-FR.json | 1 + .../translations/translations/ja-JP.json | 1 + .../translations/translations/zh-CN.json | 1 + 12 files changed, 151 insertions(+), 28 deletions(-) create mode 100644 src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.test.ts create mode 100644 src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.ts diff --git a/src/plugins/es_ui_shared/static/forms/helpers/field_validators/index.ts b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/index.ts index c3801edde7a06..32e4076d2dd9b 100644 --- a/src/plugins/es_ui_shared/static/forms/helpers/field_validators/index.ts +++ b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/index.ts @@ -20,3 +20,4 @@ export * from './lowercase_string'; export * from './is_json'; export * from './number_greater_than'; export * from './number_smaller_than'; +export * from './is_integer'; diff --git a/src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.test.ts b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.test.ts new file mode 100644 index 0000000000000..1c01a9fe14ca9 --- /dev/null +++ b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.test.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { ValidationFuncArg } from '../../hook_form_lib'; +import { isInteger } from './is_integer'; + +describe('isInteger', () => { + const message = 'test error message'; + const code = 'ERR_NOT_INT_NUMBER'; + + const validate = isInteger({ message }); + const validator = (value: unknown) => validate({ value } as ValidationFuncArg); + + test('should return undefined if value is integer number', () => { + expect(validator(5)).toBeUndefined(); + }); + + test('should return undefined if value string that can be parsed to integer', () => { + expect(validator('5')).toBeUndefined(); + }); + + test('should return Validation function if value is not integer number', () => { + expect(validator(5.3)).toMatchObject({ message, code }); + }); + + test('should return Validation function if value a string that can not be parsed to number but is not an integer', () => { + expect(validator('5.3')).toMatchObject({ message, code }); + }); + + test('should return Validation function if value a string that can not be parsed to number', () => { + expect(validator('test')).toMatchObject({ message, code }); + }); + + test('should return Validation function if value is boolean', () => { + expect(validator(false)).toMatchObject({ message, code }); + }); + + test('should return undefined if value is empty', () => { + expect(validator('')).toBeUndefined(); + }); +}); diff --git a/src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.ts b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.ts new file mode 100644 index 0000000000000..9e8c8cbfaef77 --- /dev/null +++ b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/is_integer.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { ValidationFunc } from '../../hook_form_lib'; +import { ERROR_CODE } from './types'; + +export const isInteger = + ({ message }: { message: string }) => + (...args: Parameters): ReturnType> => { + const [{ value }] = args; + + if ( + value === '' || + (typeof value === 'number' && Number.isInteger(value)) || + (typeof value === 'string' && Number.isInteger(Number(value))) + ) { + return undefined; + } + + return { message, code: 'ERR_NOT_INT_NUMBER' }; + }; diff --git a/src/plugins/es_ui_shared/static/forms/helpers/field_validators/types.ts b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/types.ts index 7a41e09b2932a..9ad3f54896990 100644 --- a/src/plugins/es_ui_shared/static/forms/helpers/field_validators/types.ts +++ b/src/plugins/es_ui_shared/static/forms/helpers/field_validators/types.ts @@ -19,4 +19,5 @@ export type ERROR_CODE = | 'ERR_LOWERCASE_STRING' | 'ERR_JSON_FORMAT' | 'ERR_SMALLER_THAN_NUMBER' - | 'ERR_GREATER_THAN_NUMBER'; + | 'ERR_GREATER_THAN_NUMBER' + | 'ERR_NOT_INT_NUMBER'; diff --git a/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/schema.ts b/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/schema.ts index a4f5f92acc086..5b8c40e729424 100644 --- a/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/schema.ts +++ b/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/schema.ts @@ -15,7 +15,6 @@ import { i18nTexts } from '../i18n_texts'; import { ifExistsNumberGreaterThanZero, ifExistsNumberNonNegative, - integerValidator, minAgeGreaterThanPreviousPhase, rolloverThresholdsValidator, downsampleIntervalMultipleOfPreviousOne, @@ -23,7 +22,7 @@ import { const rolloverFormPaths = Object.values(ROLLOVER_FORM_PATHS); -const { emptyField, numberGreaterThanField } = fieldValidators; +const { emptyField, isInteger, numberGreaterThanField } = fieldValidators; const serializers = { stringToNumber: (v: string): any => (v != null ? parseInt(v, 10) : undefined), @@ -150,7 +149,7 @@ const getMinAgeField = (phase: PhaseWithTiming, defaultValue?: string) => ({ validator: ifExistsNumberNonNegative, }, { - validator: integerValidator, + validator: isInteger({ message: i18nTexts.editPolicy.errors.integerRequired }), }, { validator: minAgeGreaterThanPreviousPhase(phase), @@ -192,7 +191,7 @@ const getDownsampleSchema = (phase: PhaseWithDownsample): FormSchema['downsample validator: ifExistsNumberGreaterThanZero, }, { - validator: integerValidator, + validator: isInteger({ message: i18nTexts.editPolicy.errors.integerRequired }), }, { validator: downsampleIntervalMultipleOfPreviousOne(phase), @@ -381,7 +380,7 @@ export const getSchema = (isCloudEnabled: boolean): FormSchema => ({ validator: ifExistsNumberGreaterThanZero, }, { - validator: integerValidator, + validator: isInteger({ message: i18nTexts.editPolicy.errors.integerRequired }), }, ], fieldsToValidateOnChange: rolloverFormPaths, @@ -396,7 +395,7 @@ export const getSchema = (isCloudEnabled: boolean): FormSchema => ({ validator: ifExistsNumberGreaterThanZero, }, { - validator: integerValidator, + validator: isInteger({ message: i18nTexts.editPolicy.errors.integerRequired }), }, ], serializer: serializers.stringToNumber, @@ -424,7 +423,7 @@ export const getSchema = (isCloudEnabled: boolean): FormSchema => ({ validator: ifExistsNumberGreaterThanZero, }, { - validator: integerValidator, + validator: isInteger({ message: i18nTexts.editPolicy.errors.integerRequired }), }, ], serializer: serializers.stringToNumber, diff --git a/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/validations.ts b/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/validations.ts index 5035071a1f2a1..3020c843b5516 100644 --- a/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/validations.ts +++ b/x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/validations.ts @@ -101,12 +101,6 @@ export const rolloverThresholdsValidator: ValidationFunc = ({ form, path }) => { } }; -export const integerValidator: ValidationFunc = (arg) => { - if (!Number.isInteger(Number(arg.value ?? ''))) { - return { message: i18nTexts.editPolicy.errors.integerRequired }; - } -}; - export const createPolicyNameValidations = ({ policies, isClonedPolicy, diff --git a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/edit_data_retention_modal/edit_data_retention_modal.tsx b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/edit_data_retention_modal/edit_data_retention_modal.tsx index f747abca19f05..f5eee4671481a 100644 --- a/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/edit_data_retention_modal/edit_data_retention_modal.tsx +++ b/x-pack/plugins/index_management/public/application/sections/home/data_stream_list/edit_data_retention_modal/edit_data_retention_modal.tsx @@ -67,19 +67,14 @@ const configurationFormSchema: FormSchema = { formatters: [fieldFormatters.toInt], validations: [ { - validator: ({ value }) => { - // TODO: Replace with validator added in https://github.com/elastic/kibana/pull/196527/ - if (!Number.isInteger(Number(value ?? ''))) { - return { - message: i18n.translate( - 'xpack.idxMgmt.dataStreamsDetailsPanel.editDataRetentionModal.dataRetentionFieldIntegerError', - { - defaultMessage: 'Only integers are allowed.', - } - ), - }; - } - }, + validator: fieldValidators.isInteger({ + message: i18n.translate( + 'xpack.idxMgmt.dataStreamsDetailsPanel.editDataRetentionModal.dataRetentionFieldIntegerError', + { + defaultMessage: 'Only integers are allowed.', + } + ), + }), }, { validator: ({ value, formData, customData }) => { diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/community_id.test.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/community_id.test.tsx index b67b198eb0afa..72a8f8ec1a1ea 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/community_id.test.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/community_id.test.tsx @@ -107,4 +107,52 @@ describe('Processor: Community id', () => { seed: 10, }); }); + + test('should not add a processor if the seedField is smaller than min_value', async () => { + const { + actions: { saveNewProcessor }, + form, + } = testBed; + + form.setInputValue('seedField.input', '-1'); + + // Save the field with new changes + await saveNewProcessor(); + + const processors = getProcessorValue(onUpdate, COMMUNITY_ID_TYPE); + + expect(processors).toHaveLength(0); + }); + + test('should not add a processor if the seedField is bigger than max_value', async () => { + const { + actions: { saveNewProcessor }, + form, + } = testBed; + + form.setInputValue('seedField.input', '65536'); + + // Save the field with new changes + await saveNewProcessor(); + + const processors = getProcessorValue(onUpdate, COMMUNITY_ID_TYPE); + + expect(processors).toHaveLength(0); + }); + + test('should not add a processor if the seedField is not an integer', async () => { + const { + actions: { saveNewProcessor }, + form, + } = testBed; + + form.setInputValue('seedField.input', '10.2'); + + // Save the field with new changes + await saveNewProcessor(); + + const processors = getProcessorValue(onUpdate, COMMUNITY_ID_TYPE); + + expect(processors).toHaveLength(0); + }); }); diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/community_id.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/community_id.tsx index 5a2aa91547c94..7a08a5c72b827 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/community_id.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/community_id.tsx @@ -44,6 +44,14 @@ const seedValidator = { values: { minValue: SEED_MIN_VALUE }, }), }), + int: fieldValidators.isInteger({ + message: i18n.translate( + 'xpack.ingestPipelines.pipelineEditor.communityId.integerRequiredError', + { + defaultMessage: 'Only integers are allowed.', + } + ), + }), }; const fieldsConfig: FieldsConfig = { @@ -183,7 +191,7 @@ const fieldsConfig: FieldsConfig = { { validator: (field) => { if (field.value) { - return seedValidator.max(field) ?? seedValidator.min(field); + return seedValidator.max(field) ?? seedValidator.min(field) ?? seedValidator.int(field); } }, }, diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index dc00787a579c6..57fdd3528a5ca 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -24094,6 +24094,7 @@ "xpack.ingestPipelines.pipelineEditor.communityId.icmpCodeLabel": "Code ICMP (facultatif)", "xpack.ingestPipelines.pipelineEditor.communityId.icmpTypeHelpText": "Champ contenant le type ICMP de la destination. La valeur par défaut est {defaultValue}.", "xpack.ingestPipelines.pipelineEditor.communityId.icmpTypeLabel": "Type ICMP (facultatif)", + "xpack.ingestPipelines.pipelineEditor.communityId.integerRequiredError": "Seuls les entiers sont autorisés.", "xpack.ingestPipelines.pipelineEditor.communityId.seedHelpText": "Valeur initiale du hachage de l'ID de communauté. La valeur par défaut est {defaultValue}.", "xpack.ingestPipelines.pipelineEditor.communityId.seedLabel": "Valeur initiale (facultatif)", "xpack.ingestPipelines.pipelineEditor.communityId.seedMaxNumberError": "Ce nombre doit être inférieur ou égal à {maxValue}.", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 8345a6b36ae8f..056297b65a4c5 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -23841,6 +23841,7 @@ "xpack.ingestPipelines.pipelineEditor.communityId.icmpCodeLabel": "ICMPコード(任意)", "xpack.ingestPipelines.pipelineEditor.communityId.icmpTypeHelpText": "デスティネーションICMPタイプを含むフィールド。デフォルトは{defaultValue}です。", "xpack.ingestPipelines.pipelineEditor.communityId.icmpTypeLabel": "ICMPタイプ(任意)", + "xpack.ingestPipelines.pipelineEditor.communityId.integerRequiredError": "整数のみを使用できます。", "xpack.ingestPipelines.pipelineEditor.communityId.seedHelpText": "コミュニティIDハッシュのシード。デフォルトは{defaultValue}です。", "xpack.ingestPipelines.pipelineEditor.communityId.seedLabel": "シード(任意)", "xpack.ingestPipelines.pipelineEditor.communityId.seedMaxNumberError": "この数は{maxValue}以下でなければなりません。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 38fa5dab8a44a..851412264d6e6 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -23875,6 +23875,7 @@ "xpack.ingestPipelines.pipelineEditor.communityId.icmpCodeLabel": "ICMP 代码(可选)", "xpack.ingestPipelines.pipelineEditor.communityId.icmpTypeHelpText": "包含目标 ICMP 类型的字段。默认为 {defaultValue}。", "xpack.ingestPipelines.pipelineEditor.communityId.icmpTypeLabel": "ICMP 类型(可选)", + "xpack.ingestPipelines.pipelineEditor.communityId.integerRequiredError": "仅允许使用整数。", "xpack.ingestPipelines.pipelineEditor.communityId.seedHelpText": "社区 ID 哈希的种子。默认为 {defaultValue}。", "xpack.ingestPipelines.pipelineEditor.communityId.seedLabel": "种子(可选)", "xpack.ingestPipelines.pipelineEditor.communityId.seedMaxNumberError": "此数字必须等于或小于 {maxValue}。", From f279b39bde0136df1efb0b9cc4e97af68be69896 Mon Sep 17 00:00:00 2001 From: Robert Jaszczurek <92210485+rbrtj@users.noreply.github.com> Date: Thu, 24 Oct 2024 18:22:53 +0200 Subject: [PATCH 59/99] [ML] Trained models: Accessibility tests (#197446) ## Summary Accessibility tests for Trained models page. --- .../components/help_icon/help_icon.tsx | 8 +-- .../test/accessibility/apps/group2/index.ts | 1 + .../apps/group2/ml_trained_models.ts | 71 +++++++++++++++++++ .../services/ml/add_trained_models_flyout.ts | 4 ++ 4 files changed, 77 insertions(+), 7 deletions(-) create mode 100644 x-pack/test/accessibility/apps/group2/ml_trained_models.ts diff --git a/x-pack/plugins/ml/public/application/components/help_icon/help_icon.tsx b/x-pack/plugins/ml/public/application/components/help_icon/help_icon.tsx index 415c00092f73f..ec80630dd18c9 100644 --- a/x-pack/plugins/ml/public/application/components/help_icon/help_icon.tsx +++ b/x-pack/plugins/ml/public/application/components/help_icon/help_icon.tsx @@ -12,13 +12,7 @@ import { EuiIcon, EuiToolTip } from '@elastic/eui'; export const HelpIcon: FC<{ content: ReactNode | string }> = ({ content }) => { return ( - + ); }; diff --git a/x-pack/test/accessibility/apps/group2/index.ts b/x-pack/test/accessibility/apps/group2/index.ts index 2c6bf4e58a08b..787494c7874b4 100644 --- a/x-pack/test/accessibility/apps/group2/index.ts +++ b/x-pack/test/accessibility/apps/group2/index.ts @@ -13,5 +13,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => { loadTestFile(require.resolve('./ml_anomaly_detection')); loadTestFile(require.resolve('./transform')); loadTestFile(require.resolve('./lens')); + loadTestFile(require.resolve('./ml_trained_models')); }); }; diff --git a/x-pack/test/accessibility/apps/group2/ml_trained_models.ts b/x-pack/test/accessibility/apps/group2/ml_trained_models.ts new file mode 100644 index 0000000000000..e9dcd18a7634f --- /dev/null +++ b/x-pack/test/accessibility/apps/group2/ml_trained_models.ts @@ -0,0 +1,71 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../ftr_provider_context'; + +export default function ({ getService }: FtrProviderContext) { + const a11y = getService('a11y'); + const ml = getService('ml'); + + const testModelId = 'lang_ident_model_1'; + + describe('machine learning trained models page Accessibility', function () { + before(async () => { + await ml.securityCommon.createMlRoles(); + await ml.securityCommon.createMlUsers(); + await ml.api.createIngestPipeline(testModelId); + await ml.securityUI.loginAsMlPowerUser(); + await ml.navigation.navigateToMl(); + await ml.navigation.navigateToTrainedModels(); + }); + + after(async () => { + await ml.api.deleteIngestPipeline(testModelId); + + await ml.securityCommon.cleanMlUsers(); + await ml.securityCommon.cleanMlRoles(); + await ml.securityUI.logout(); + }); + + it('trained models list', async () => { + await a11y.testAppSnapshot(); + }); + + it('trained model details', async () => { + await ml.trainedModelsTable.ensureRowIsExpanded(testModelId); + await a11y.testAppSnapshot(); + + await ml.testExecution.logTestStep('Assert the Details tab content'); + await ml.trainedModelsTable.assertDetailsTabContent(); + await a11y.testAppSnapshot(); + + await ml.testExecution.logTestStep('Assert the Models Map tab content'); + await ml.trainedModelsTable.assertModelsMapTabContent(); + await a11y.testAppSnapshot(); + + await ml.testExecution.logTestStep('Assert the Inference Config tab content'); + await ml.trainedModelsTable.assertInferenceConfigTabContent(); + await a11y.testAppSnapshot(); + + await ml.testExecution.logTestStep('Assert the Stats tab content'); + await ml.trainedModelsTable.assertStatsTabContent(); + await a11y.testAppSnapshot(); + + await ml.testExecution.logTestStep('Assert the Pipelines tab content'); + await ml.trainedModelsTable.assertPipelinesTabContent(); + await a11y.testAppSnapshot(); + }); + + it('add trained model flyout', async () => { + await ml.trainedModelsFlyout.open(); + await a11y.testAppSnapshot(); + + await ml.trainedModelsFlyout.changeTab('manualDownload'); + await a11y.testAppSnapshot(); + }); + }); +} diff --git a/x-pack/test/functional/services/ml/add_trained_models_flyout.ts b/x-pack/test/functional/services/ml/add_trained_models_flyout.ts index 3c3c1681a2f80..511f5e1b9437c 100644 --- a/x-pack/test/functional/services/ml/add_trained_models_flyout.ts +++ b/x-pack/test/functional/services/ml/add_trained_models_flyout.ts @@ -93,6 +93,10 @@ export function TrainedModelsFlyoutProvider({ getService }: FtrProviderContext) }); }, + async changeTab(tab: AddModelFlyoutTabId) { + await testSubjects.click(`mlAddTrainedModelFlyoutTab ${tab}`); + }, + async assertElandPythonClientCodeBlocks() { expect(await testSubjects.getVisibleText('mlElandPipInstallCodeBlock')).to.match( /python -m pip install eland/ From 18210933b9250771377293a3005a4cd0277da405 Mon Sep 17 00:00:00 2001 From: Mykola Harmash Date: Thu, 24 Oct 2024 18:29:52 +0200 Subject: [PATCH 60/99] [Observability Onboarding] Fix small UI issues (#197234) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes https://github.com/elastic/observability-dev/issues/4015 🔒 * Makes the footer's top boarder to span across the full page width * Removes the empty header action menu on the main onboarding screen when using the new solution sidenav * Replaces "Give feedback" button on the EDOT collector flow with the feedback buttons used in other flows Other things mentioned in [the issue](https://github.com/elastic/observability-dev/issues/4015) have been resolved already by previous changes. ![CleanShot 2024-10-22 at 15 13 17@2x](https://github.com/user-attachments/assets/383641cf-285e-401f-96e8-578e639d3199) To enable the new solution navigation locally: 1. Add these to `kibana.dev.yml` ``` xpack.spaces.allowSolutionVisibility: true xpack.spaces.experimental.forceSolutionVisibility: true ``` 2. Run Kibana and navigate to Spaces Management 3. Set "Observability" view for the space you're using locally (most likely "Default") --- .../public/application/app.tsx | 12 ++-- .../public/application/footer/footer.tsx | 62 ++++++++++--------- .../public/application/pages/template.tsx | 18 ++---- .../quickstart_flows/otel_logs/index.tsx | 35 +---------- .../application/shared/header_action_menu.tsx | 45 +++++++++----- .../observability_onboarding/tsconfig.json | 3 +- .../translations/translations/fr-FR.json | 2 - .../translations/translations/ja-JP.json | 2 - .../translations/translations/zh-CN.json | 2 - 9 files changed, 76 insertions(+), 105 deletions(-) diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx index 2134edf1170d8..688d4cc3ce9bb 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx @@ -12,7 +12,6 @@ import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render'; import { KibanaThemeProvider } from '@kbn/react-kibana-context-theme'; import { RedirectAppLinks } from '@kbn/shared-ux-link-redirect-app'; -import { HeaderMenuPortal } from '@kbn/observability-shared-plugin/public'; import { Router } from '@kbn/shared-ux-router'; import React from 'react'; import ReactDOM from 'react-dom'; @@ -54,8 +53,6 @@ export function ObservabilityOnboardingAppRoot({ context, }; - const renderFeedbackLinkAsPortal = !config.serverless.enabled; - core.analytics.reportEvent(OBSERVABILITY_ONBOARDING_TELEMETRY_EVENT.eventType, { uses_legacy_onboarding_page: false, }); @@ -80,11 +77,10 @@ export function ObservabilityOnboardingAppRoot({ > - {renderFeedbackLinkAsPortal && ( - - - - )} + diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/footer/footer.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/footer/footer.tsx index 5b8596a6134ce..dae5f70bf3db0 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/footer/footer.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/footer/footer.tsx @@ -109,34 +109,38 @@ export const Footer: FunctionComponent = () => { ]; return ( - - {sections.map((section, index) => ( - - - - - {section.title} - - - -

{section.description}

- - - -

- - {section.linkLabel} - -

- - - ))} - + <> + + + {sections.map((section, index) => ( + + + + + {section.title} + + + +

{section.description}

+ + + +

+ + {section.linkLabel} + +

+ + + ))} + + + ); }; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/template.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/template.tsx index 12a64588b006b..7f7e80172d212 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/template.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/pages/template.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { EuiPageTemplate, EuiPanel, EuiSpacer } from '@elastic/eui'; +import { EuiPageTemplate, EuiSpacer, useEuiTheme } from '@elastic/eui'; import { css } from '@emotion/react'; import React from 'react'; import { Footer } from '../footer/footer'; @@ -19,6 +19,8 @@ export const PageTemplate: React.FC> = ({ children, customHeader, }) => { + const { euiTheme } = useEuiTheme(); + return ( > = ({ contentProps={{ css: { paddingBlock: 0 } }} css={css` padding-inline: 0px; + border-top: ${euiTheme.border.thin}; `} > - -